# unable to remove Babylon search engine



## elenaz (Sep 27, 2010)

I have read ALL posts both here and on other forums. I have used ADD/DELETE programs to remove Babylon, I deleted the folder in PROGRAMS and I have search the entire C drive for anything having to do with Babylon. Ran registry mechanic and STILL, when I enter something in the url bar, it automatically default to the babylon search. This happens in both IE and FIREFOX. The home page is set to Bing and there is NO add-ons that deal with Babylon. In essence, I cannot find BABYLON anywhere on my computer and yet, it automatically defaults as the search engine when using the url bar at the top of my browser to search. I have TRIED everything. No utility like Spyware Doctor, System Mechanic, Spybot, Malware Bytes or any other has been able to find any issues. PLEASE HELP!!!!!!!!!!!!!!!!!!!!


----------



## kevinf80 (Mar 21, 2006)

Hiya elenaz,

Please proceed as follows :-

*Step 1*

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Make sure any open work is saved. TFC will close all open application windows.
 Double-click TFC.exe to run the program.
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

*Step 2*

Download







from any of the following links and save to your Desktop:

*Link 1*
*Link 2*
*Link 3*


 Double click on the icon to run it. Vista and Windows 7 users right click and select Run as Administrator. Make sure all other windows are closed and to let it run uninterrupted.
 In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
 Under the Custom Scan box paste this in

```
netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
```

 Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.
 When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
 Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply
Copy and paste OTL Txt and ExtrasTxt in your reply.

Kevin


----------



## elenaz (Sep 27, 2010)

OTL logfile created on: 1/31/2011 3:15:00 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Elena Zanfei\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 3500 5600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.83 Gb Total Space | 10.72 Gb Free Space | 12.21% Space Free | Partition Type: NTFS

Computer Name: ELENA | User Name: Elena Zanfei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/31 15:14:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
PRC - [2010/12/03 13:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/01/31 15:14:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (hpdj00)
SRV - File not found [Disabled | Stopped] -- -- (HP Port Resolver)
SRV - File not found [Disabled | Stopped] -- -- (FreezeScreenSaver)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/10/12 11:08:06 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/10/12 11:08:06 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/10/01 11:27:22 | 000,632,792 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/09/20 19:25:06 | 003,117,200 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Disabled | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/05/09 04:53:32 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Disabled | Stopped] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/04/04 11:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2007/04/27 08:19:29 | 000,002,560 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/09 09:50:27 | 000,895,088 | ---- | M] (PC Tools Research Pty Ltd) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\sdhelp.exe -- (SDhelper)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/05/01 08:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2006/05/01 08:20:52 | 000,114,753 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2006/05/01 08:20:26 | 000,217,164 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005/08/02 14:18:50 | 000,086,016 | ---- | M] (CACE Technologies) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

========== Driver Services (SafeList) ==========

DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/12/31 09:36:40 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2010/12/31 09:36:38 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/12/31 09:36:36 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/16 08:46:04 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/21 15:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/06/15 17:43:35 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/20 08:15:37 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/20 08:15:36 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/06 14:57:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/01/03 15:21:32 | 000,026,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/06/27 08:42:34 | 000,073,856 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
DRV - [2007/06/27 08:41:48 | 000,101,248 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/05/01 08:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/27 06:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/12/14 19:38:00 | 003,210,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/12/01 07:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 07:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 07:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/29 17:37:44 | 000,108,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005/11/29 17:37:44 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/11/29 17:37:44 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/11/29 17:37:44 | 000,036,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/11/29 04:36:56 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 16:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/08/02 14:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/07/14 23:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 22:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/13 00:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/05/31 04:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/31 04:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/31 04:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/31 04:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/31 04:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/31 04:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/31 04:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/31 04:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/31 04:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/13 09:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2005/05/13 09:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2005/04/22 02:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/04/21 01:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/02/13 16:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/05/28 18:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/09/04 18:38:44 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/customize/ymsgr/defaults/cs/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C C0 0E A8 15 BB CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.r5.attbi.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=sas.r5.attbi.com:8000;gopher=sas.r5.attbi.com:8000;http=sas.r5.attbi.com:8000;https=sas.r5.attbi.com:8000

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VE3D01&q="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300
FF - prefs.js..keyword.URL: "http://utils.babylon.com/abt/index.php?url="
FF - prefs.js..network.proxy.ftp: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.ftp_port: 8000
FF - prefs.js..network.proxy.gopher: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.gopher_port: 8000
FF - prefs.js..network.proxy.http: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.http_port: 8000
FF - prefs.js..network.proxy.no_proxies_on: "*.r5.attbi.com,*.local"
FF - prefs.js..network.proxy.ssl: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.ssl_port: 8000

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/19 17:10:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/04/14 09:15:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/01/28 20:23:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/29 20:53:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/29 20:53:18 | 000,000,000 | ---D | M]

[2010/02/02 13:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Extensions
[2011/01/31 14:02:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions
[2010/07/02 12:13:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/02 12:13:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/16 16:40:04 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\[email protected]
[2011/01/16 16:40:04 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing-zugo.xml
[2010/07/20 11:09:20 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing.xml
[2011/01/29 20:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/19 17:10:03 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/02/12 12:11:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/28 20:23:44 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX
[2007/04/14 09:15:30 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX

O1 HOSTS File: ([2010/06/09 09:11:11 | 000,393,120 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.12 HP000D9D1CF0F8
O1 - Hosts: 192.168.0.14 HP0015604A2AFA
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 13578 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll (PC Tools)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra Button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O9 - Extra 'Tools' menuitem : Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O9 - Extra Button: Safenotes - {45DB34C3-955C-11D3-ABEF-444553540002} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O9 - Extra 'Tools' menuitem : Safenotes Editor - {45DB34C3-955C-11D3-ABEF-444553540002} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: //showID('hidden_div'); ([]javascript in Trusted sites)
O15 - HKCU\..Trusted Domains: autofol.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freemarketinggraphics.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: freemkgr.hop ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: kaas.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: mrmisupercashsystem.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: terrisfp.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: timothysfineart.com ([]* in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2005_6_10_1/yregucfg.cab (RegUserCfgUI Class)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://designers-surplus.2020.net/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (Reg Error: Key error.)
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab (Bejeweled Control)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (Reg Error: Value error.)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} http://ibhost.dancik.com/download/actimage8.0915.cab (Image Builder Room Control)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://servicemagic.view22.com/app/view22RTE.cab (Reg Error: Key error.)
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} http://merillat.view22.com/release_3_9_177/View22RTEv4.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://minutesmatter.webex.com/client/T23L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://livenj02.custhelp.com/7530-b327h/rnl/java/RntX.cab (Live Collaboration)
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} https://secure.iolo.com/app/ocx/UpgradeVerify.ocx (iolo.ProductDetector)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1ad4c042-e18c-11dc-9981-001422ef63f0}\Shell - "" = AutoRun
O33 - MountPoints2\{1ad4c042-e18c-11dc-9981-001422ef63f0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1ad4c042-e18c-11dc-9981-001422ef63f0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/31 15:14:10 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
[2011/01/31 15:02:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\TFC.exe
[2011/01/30 10:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Desktop\ANTISPYWARE UTILITIES
[2011/01/30 10:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\COMCAST STUFF FROM DESKTOP SHORTCUTS
[2011/01/30 10:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\DELL shortcuts from desktop
[2011/01/30 09:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\LANDLORD FORMS
[2011/01/30 09:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\FINANCE_MAKING MONEY
[2011/01/29 20:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/01/29 18:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/29 08:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\Threat Expert
[2011/01/28 20:23:40 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/01/28 20:23:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/01/28 20:23:15 | 000,069,392 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/01/28 20:23:15 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/01/28 20:23:15 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/01/28 20:21:20 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/01/28 20:20:24 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/01/28 20:20:24 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/01/28 20:20:24 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/01/28 20:20:17 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/01/28 20:20:17 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/01/28 20:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/01/28 20:20:07 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/01/28 20:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/01/28 15:36:51 | 105,145,416 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Elena Zanfei\Desktop\en-US_TISDell_Download.exe
[2011/01/28 15:19:44 | 000,000,000 | ---D | C] -- C:\Archive
[2011/01/28 14:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Desktop\en-US_TISDell_Download
[2011/01/28 09:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/01/25 16:48:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Elena Zanfei\Recent
[2011/01/24 16:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\2COACHING
[2011/01/24 15:51:32 | 000,000,000 | ---D | C] -- C:\EDB_License
[2011/01/21 10:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\VS Revo Group
[2011/01/21 10:05:22 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011/01/21 10:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/01/21 10:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/01/16 16:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Start Menu\Programs\FoxTab Audio Converter
[2011/01/16 16:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabAudioConverter
[2011/01/16 16:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2011/01/15 14:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/01/15 14:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/01/15 14:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Application Data\Skype

========== Files - Modified Within 30 Days ==========

[2011/01/31 15:19:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{387CC01B-D7D2-4B62-AB21-5FE6F622E672}.job
[2011/01/31 15:16:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/01/31 15:14:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
[2011/01/31 15:07:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/31 15:06:55 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3968011601-653935474-224142973-1007.job
[2011/01/31 15:06:55 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/01/31 15:06:53 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/31 15:06:53 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/01/31 15:06:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/31 15:06:46 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/31 15:02:38 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\TFC.exe
[2011/01/31 15:01:16 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3968011601-653935474-224142973-1007.job
[2011/01/31 14:26:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/31 12:20:00 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (2).lnk
[2011/01/31 11:34:02 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2011/01/31 09:11:32 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Publisher 2003 (2).lnk
[2011/01/31 09:07:29 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
[2011/01/30 19:39:41 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/01/30 16:35:26 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/01/30 15:14:46 | 028,510,699 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\tony-robbins-interview-leagueMono.mp3
[2011/01/30 15:13:48 | 028,894,408 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\TonyRobbinsInterview2MONO.mp3
[2011/01/30 10:19:38 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Mechanic.lnk
[2011/01/30 10:07:47 | 000,028,366 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/01/30 10:04:10 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to TheSecret-Visualization.mov.lnk
[2011/01/30 10:03:44 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to secrettoyou.mov.lnk
[2011/01/30 09:59:19 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to FURNITURE manufacturers for web.xml.lnk
[2011/01/30 09:46:23 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TouchCopy 09.lnk
[2011/01/30 09:40:23 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Jenny.lnk
[2011/01/29 18:51:33 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/29 17:31:47 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\trend micro.pub
[2011/01/28 20:20:14 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2011/01/28 20:18:56 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\sdasetup.exe
[2011/01/28 16:00:49 | 105,145,416 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Elena Zanfei\Desktop\en-US_TISDell_Download.exe
[2011/01/28 15:10:28 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/01/28 15:10:28 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/01/28 14:53:08 | 000,750,444 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/28 14:50:54 | 003,327,000 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\WindowsXP-KB942288-v3-x86.exe
[2011/01/26 14:47:45 | 000,000,031 | ---- | M] () -- C:\WINDOWS\WebUpdateSvc4.INI
[2011/01/23 22:00:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/01/23 20:54:25 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/17 14:58:02 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
[2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/01/16 16:57:52 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\FoxTab Audio Converter.lnk
[2011/01/16 16:39:54 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\Audacity.lnk
[2011/01/15 15:10:46 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/01/15 14:58:37 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/15 14:54:52 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/12 21:30:44 | 001,174,841 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\2012 free report.pdf
[2011/01/07 14:54:18 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/01/07 14:54:16 | 001,533,904 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/01/07 14:54:14 | 002,000,848 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/01/07 14:54:04 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2011/01/06 11:54:52 | 000,002,125 | ---- | M] () -- C:\WINDOWS\UDB.zip

========== Files Created - No Company Name ==========

[2011/01/30 15:14:54 | 028,510,699 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\tony-robbins-interview-leagueMono.mp3
[2011/01/30 15:14:12 | 028,894,408 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\TonyRobbinsInterview2MONO.mp3
[2011/01/30 10:19:38 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Mechanic.lnk
[2011/01/30 10:00:40 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to TheSecret-Visualization.mov.lnk
[2011/01/30 09:59:17 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to secrettoyou.mov.lnk
[2011/01/30 09:39:18 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to FURNITURE manufacturers for web.xml.lnk
[2011/01/29 18:51:33 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/29 17:33:41 | 000,232,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/29 17:31:45 | 000,174,592 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\trend micro.pub
[2011/01/28 20:23:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/01/28 20:21:20 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/01/28 20:21:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/01/28 20:21:20 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/01/28 20:21:20 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/01/28 20:20:14 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2011/01/28 14:50:53 | 003,327,000 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\WindowsXP-KB942288-v3-x86.exe
[2011/01/28 09:46:54 | 000,750,444 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/28 09:44:45 | 000,513,032 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\sdasetup.exe
[2011/01/21 10:05:22 | 000,000,961 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/01/21 10:05:22 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/01/16 16:57:52 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\FoxTab Audio Converter.lnk
[2011/01/16 16:39:54 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
[2011/01/16 16:39:54 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\Audacity.lnk
[2011/01/15 15:10:46 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/01/15 14:58:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/15 14:54:52 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/12 21:30:44 | 001,174,841 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\2012 free report.pdf
[2010/10/29 13:01:03 | 000,000,816 | ---- | C] () -- C:\WINDOWS\System32\ker.dll
[2009/12/10 08:28:24 | 000,000,558 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/12/07 16:46:33 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/08/07 20:48:23 | 000,000,031 | ---- | C] () -- C:\WINDOWS\WebUpdateSvc4.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/27 15:15:42 | 000,001,151 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/12/13 09:24:55 | 000,974,848 | ---- | C] () -- C:\WINDOWS\vorbis.dll
[2008/12/13 09:24:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\ogg.dll
[2008/12/13 09:24:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\vorbisfile.dll
[2008/12/06 20:18:18 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/11/22 15:42:02 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/07/05 12:33:14 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003472_.tmp.dll
[2008/07/05 12:33:14 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003440_.tmp.dll
[2008/05/24 07:49:37 | 000,026,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/03/03 20:00:47 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/02/18 22:34:35 | 000,000,326 | ---- | C] () -- C:\WINDOWS\MindApp.INI
[2007/11/14 20:38:27 | 000,000,737 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/09/10 18:36:47 | 000,000,018 | ---- | C] () -- C:\WINDOWS\EPSTRYTL.ini
[2007/09/10 18:20:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/08/13 14:52:37 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\WHBMD5TYHNKER3NBHUM9S5UJX6
[2007/07/30 13:21:15 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/07/30 13:21:13 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/05/23 15:01:33 | 000,000,334 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/04/27 08:19:30 | 000,001,425 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2007/04/27 08:19:29 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2007/04/25 19:06:38 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/08 23:31:29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/22 12:45:20 | 000,038,478 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Comma Separated Values (DOS).ADR
[2007/02/18 09:31:48 | 000,000,023 | ---- | C] () -- C:\WINDOWS\DownloadStudio.INI
[2007/01/30 22:38:48 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\dm.ini
[2006/09/18 13:36:28 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/09/07 16:23:46 | 000,038,482 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Tab Separated Values (DOS).ADR
[2006/08/13 20:49:57 | 000,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll
[2006/08/13 20:40:58 | 000,000,020 | ---- | C] () -- C:\WINDOWS\squotes.ini
[2006/06/12 09:37:03 | 000,000,065 | ---- | C] () -- C:\WINDOWS\dreamm.INI
[2006/06/12 09:37:03 | 000,000,045 | ---- | C] () -- C:\WINDOWS\DMCBIDS.INI
[2006/06/12 08:51:05 | 000,000,067 | ---- | C] () -- C:\WINDOWS\dreammN.INI
[2006/06/12 08:50:57 | 000,000,260 | ---- | C] () -- C:\WINDOWS\DMCBIDSN.ini
[2006/06/12 08:50:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DreammT.ini
[2006/05/26 16:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/04/27 19:42:12 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2006/04/27 19:42:12 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2006/04/27 19:42:12 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2006/04/22 23:37:29 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/03/17 20:04:58 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ZT3WAQ7HBAUC9KGKBAC7YLPFDV
[2006/03/15 20:22:44 | 000,000,165 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/14 13:08:58 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/14 13:04:26 | 000,001,370 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/03/14 13:04:25 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/02/26 14:08:00 | 000,041,047 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2006/02/24 22:38:21 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/24 22:12:10 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\fusioncache.dat
[2006/02/17 12:26:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/17 12:20:08 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gwseh.dat
[2006/02/17 12:16:41 | 000,005,310 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/17 12:05:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/17 12:02:17 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/02/17 11:38:18 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/02/17 11:38:14 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/17 11:38:14 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/17 11:38:14 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/17 11:38:14 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/17 11:37:44 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/12 16:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 16:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/08/03 13:33:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/02 14:24:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/06/22 16:11:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/08/25 18:24:33 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\Mswrkdmk.dll
[2004/08/11 17:24:19 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/06/16 15:04:19 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\TFC2B66AGMJLD5TYN3EE7UMVHH
[2004/06/01 16:02:00 | 000,038,477 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft Excel.ADR
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/12 19:44:03 | 000,027,296 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Personal Address Book.ADR
[2003/11/25 15:17:54 | 000,038,491 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Tab Separated Values (Windows).ADR
[2003/10/08 21:32:45 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\rsUtil.dll
[2003/10/03 14:45:10 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\AgilInf.dll
[2003/06/06 13:26:24 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003/06/06 13:22:51 | 000,023,076 | ---- | C] () -- C:\WINDOWS\System32\Landdll2.dll
[2003/06/06 13:22:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2003/06/06 13:22:44 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2003/05/06 22:59:59 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2003/05/06 22:59:50 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2003/04/06 16:43:26 | 000,010,512 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ACT! 3.x, 4.0 Contact Manager for Windows.TSK
[2003/04/06 16:43:24 | 000,012,252 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ACT! 3.x, 4.0 Contact Manager for Windows.CAL
[2003/04/06 16:43:05 | 000,034,934 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ACT! 3.x, 4.0 Contact Manager for Windows.ADR
[2003/04/02 20:06:25 | 000,013,013 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Comma Separated Values (Windows).CAL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/22 16:10:42 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2002/11/22 16:10:41 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
[2002/05/12 18:32:07 | 000,354,056 | ---- | C] () -- C:\WINDOWS\System32\RIVET200.DLL
[2002/04/06 15:42:46 | 000,038,516 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Comma Separated Values (Windows).ADR
[2002/01/18 21:09:12 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2002/01/15 02:37:17 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\saverrc.dll
[2002/01/15 02:35:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2002/01/15 02:34:50 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserName.txt
[2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[2000/07/03 23:51:12 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[1998/07/12 00:13:00 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\HSZlib.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/01/30 16:35:26 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2006/08/14 19:18:21 | 000,036,837 | -H-- | M] () -- C:\cache.dmx
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/02/14 12:53:25 | 000,000,000 | ---- | M] () -- C:\debug1.txt
[2006/02/17 11:43:06 | 000,006,587 | RH-- | M] () -- C:\dell.sdr
[2010/09/22 19:37:16 | 000,000,045 | ---- | M] () -- C:\error.log
[2009/08/11 19:34:57 | 000,005,898 | ---- | M] () -- C:\EventLOG.txt
[2001/09/05 20:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2007/02/14 12:53:25 | 000,000,008 | ---- | M] () -- C:\GetFlashID.txt
[2010/12/07 11:09:41 | 000,226,623 | ---- | M] () -- C:\halloween_log.html
[2011/01/31 15:06:46 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2006/03/13 10:58:32 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2007/03/08 23:33:05 | 000,002,305 | -H-- | M] () -- C:\IPH.PH
[2009/04/07 13:08:42 | 000,014,586 | ---- | M] () -- C:\log.html
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2007/07/30 13:27:09 | 020,407,748 | ---- | M] () -- C:\MyMindMovie1.mpg.MP4
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/31 18:44:54 | 000,250,048 | ---- | M] () -- C:\ntldr
[2011/01/31 15:06:44 | 3670,016,000 | -HS- | M] () -- C:\pagefile.sys
[2009/03/27 21:18:25 | 000,000,002 | ---- | M] () -- C:\ProjectEngine.log
[2006/02/17 12:15:09 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2009/03/23 15:24:21 | 000,002,934 | ---- | M] () -- C:\virus logs.TXT
[2006/05/27 08:54:14 | 000,002,370 | ---- | M] () -- C:\_Sid.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/11 17:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 17:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 17:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-31 14:37:43

========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >


----------



## elenaz (Sep 27, 2010)

OTL Extras logfile created on: 1/31/2011 3:15:00 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Elena Zanfei\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 3500 5600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.83 Gb Total Space | 10.72 Gb Free Space | 12.21% Space Free | Partition Type: NTFS

Computer Name: ELENA | User Name: Elena Zanfei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\stickies\stickies.exe" = C:\Program Files\stickies\stickies.exe:*:Enabled:Stickies 5.1a -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"D:\setup\HPZNET01.EXE" = D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe
"C:\WINDOWS\system32\wupdmgr.exe" = C:\WINDOWS\system32\wupdmgr.exe:*:Enabled:Windows Update -- (Microsoft Corporation)
"C:\TEMP\HP_WebRelease\Setup\HPZnet01.exe" = C:\TEMP\HP_WebRelease\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in
"C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux
"D:\setup\HPZNUI01.EXE" = D:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
"D:\setup\HPONICIFS01.EXE" = D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe
"C:\Program Files\HP\digital imaging\bin\hpofxm08.exe" = C:\Program Files\HP\digital imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\digital imaging\bin\hposfx08.exe" = C:\Program Files\HP\digital imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\digital imaging\bin\hposid01.exe" = C:\Program Files\HP\digital imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\digital imaging\bin\hpqcopy.exe" = C:\Program Files\HP\digital imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\digital imaging\bin\hpfccopy.exe" = C:\Program Files\HP\digital imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\digital imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\digital imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\digital imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\digital imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\digital imaging\bin\hpoews01.exe" = C:\Program Files\HP\digital imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger
"C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe" = C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe:*:Enabled:SMPCSetup
"C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\IXP000.TMP\smwinvnc.exe" = C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\IXP000.TMP\smwinvnc.exe:*:Enabled:TightVNC Win32 Server
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\CallWave\IAM.exe" = C:\Program Files\CallWave\IAM.exe:*:Enabled:CallWave -- (CallWave, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1E697208-321A-4BD7-A8A3-41B406EB3DED}" = eBook Pro Viewer 5.5
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer (OpenSBI Edition)
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AB6F784-1163-4EE6-96EB-05BAB1B46DBA}" = TouchCopy 09
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7DCF7BBA-39A9-4e27-9154-F57BCED90CBF}" = HP Officejet J6400 Series
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
"{95F9D960-C571-11D0-90F0-00001B1EFBA8}" = QuickBooks Pro 2001
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FA93155-472F-4778-87A8-95244FD1535D}" = OLYMPUS Master 2
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE8913B7-B2C4-48BE-8A26-84390FF4F231}" = DMX Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C22B3E5E-B1D6-4C4D-AB78-2132C327A3E4}" = Product Idea Profitabilty Evaluator
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4C9170-F517-42EB-A5CB-F16DE610315A}" = Stamps.com Application Support for Microsoft Outlook 2000, 2002, 2003
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D22B50A0-DD4E-4E33-9971-891C328677C8}" = DellConnect
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Google
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E5E6E687-1033-BA7E-6000-000000000001}" = Adobe Acrobat Elements 6.0
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype 5.1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8AA728E-AB2B-4338-9B3D-680253CDCC0F}" = BrightLister
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FAD7C32D-8A42-4E35-9648-52CD980E1928}" = Minutes Matter Studio
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adaptec UDF Reader" = Adaptec UDF Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AI RoboForm" = AI RoboForm (All Users)
"Audacity_is1" = Audacity 1.2.6
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Browser Defender_is1" = Browser Defender 3.0
"CallWave" = CallWave
"Carbonite Backup" = Carbonite
"CCleaner" = CCleaner
"Cisco Connect" = Cisco Connect
"Core FTP LE 2.1" = Core FTP LE 2.1
"Creating Abundance" = Creating Abundance
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Dream-Minder N" = Dream-Minder N
"FileZilla Client" = FileZilla Client 3.3.4.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MemoriesOnWeb_is1" = MemoriesOnWeb 3.1.7
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"Quicken Legal Business Pro 2010" = Quicken Legal Business Pro 2010
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Software Update Wizard (Redistributable)" = Software Update Wizard (Redistributable) 4.5
"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0
"Stamps.com" = Stamps.com
"Stamps.com support for Microsoft Outlook 2000-2007" = Stamps.com support for Microsoft Outlook 2000-2007
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Web Page Maker_is1" = Web Page Maker V3.03
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 3.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/30/2011 6:46:27 PM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 1/31/2011 10:37:24 AM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 1/31/2011 10:37:25 AM | Computer Name = ELENA | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2416447-X86\NDP1.1sp1-KB2416447-X86-msi.0.log.

Error - 1/31/2011 10:37:27 AM | Computer Name = ELENA | Source = NativeWrapper | ID = 5000
Description =

Error - 1/31/2011 2:20:04 PM | Computer Name = ELENA | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Word.

Error - 1/31/2011 5:07:35 PM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 1/31/2011 5:07:39 PM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 1/31/2011 5:07:42 PM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 1/31/2011 5:07:43 PM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 1/31/2011 5:07:46 PM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

[ System Events ]
Error - 1/31/2011 3:44:12 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/31/2011 3:44:12 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/31/2011 3:44:12 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

< End of report >


----------



## kevinf80 (Mar 21, 2006)

You recognize these proxies :-

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.r5.attbi.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=sas.r5.attbi.com:8000;gopher=sas.r5.attbi.com:8000;http=sas.r5.attbi.co m:8000;https=sas.r5.attbi.com:8000

FF - prefs.js..network.proxy.ftp: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.ftp_port: 8000
FF - prefs.js..network.proxy.gopher: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.gopher_port: 8000
FF - prefs.js..network.proxy.http: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.http_port: 8000
FF - prefs.js..network.proxy.no_proxies_on: "*.r5.attbi.com,*.local"
FF - prefs.js..network.proxy.ssl: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.ssl_port: 8000


----------



## elenaz (Sep 27, 2010)

Kevin,
I'm not sure what this response is or if you are asking a question. I don't know or understand any of the information you included. Sorry :-(
Anything else you need from me?


----------



## kevinf80 (Mar 21, 2006)

Do you connect to the internet through a proxy server, did you or someone you know set them up?


----------



## elenaz (Sep 27, 2010)

I don't connect through a proxy server that I know of. I have comcast cable modem and connect via that. The house is on a wireless network. Not sure how proxy servers work or what they are. How are they used and why would anyone set my computer up using them? I'm not sure. My laptop was with a geek about a year or so ago - could they, would they have set that up if that is not a standard setting? what is a standard setting??


----------



## elenaz (Sep 27, 2010)

Kevin, this brings up another issue now that you mention proxy servers. My outlook hangs a lot as it's syncing folders. When I searched online for a solution, it indicated that it does that when you are set up via a proxy server. Now I'm really baffled. Any connection that you know of?


----------



## elenaz (Sep 27, 2010)

I just reviewed online what proxy servers are and their benefits. With regards to storing ip addresses in the proxy and improving response when accessing the same sites over and over, I definitely have that feature and it's useful to me because I do in fact do that. I'm wondering if the use of a proxy server is something that was set up by the internet provider (comcast) or a feature of the Internet Security programs such as TrendMicro PC Cillin (which I've had up to several weeks ago when it stopped working for me) or Spyware Doctor Internet Security which is currently running? Boy, this techy stuff


----------



## kevinf80 (Mar 21, 2006)

Check the following settings in IE and FF...

*Internet Explorer:*
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > See if a proxy is running,

*Firefox:*
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. Is a proxy set

Just tell me dont stop them yet, i`ll have to research see if I can find out what they are.....


----------



## kevinf80 (Mar 21, 2006)

Hiya elenaz,

Leave the Proxie settings the way they are for now, from what i`ve read they may very well belong to Comcast. Good or bad, we`ll have to wait and see.

Proceed as follows :-

*Step 1*

Re-Run







by double left click, Vista and Widows 7 users right click and select Run as Administrator.

Under the







box at the bottom, paste in the following


```
:OTL
SRV - File not found [Disabled | Stopped] -- -- (hpdj00)
SRV - File not found [Disabled | Stopped] -- -- (HP Port Resolver)
SRV - File not found [Disabled | Stopped] -- -- (FreezeScreenSaver)
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://utils.babylon.com/abt/index.php?url="
[2011/01/16 16:40:04 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\[email protected] o.com
[2011/01/16 16:40:04 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing-zugo.xml
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - File not found
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: //showID('hidden_div'); ([]javascript in Trusted sites)
O15 - HKCU\..Trusted Domains: autofol.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freemarketinggraphics.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: freemkgr.hop ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: kaas.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: mrmisupercashsystem.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: terrisfp.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: timothysfineart.com ([]* in Trusted sites)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found
:Services

:Reg

:Files
ipconfig /flushdns /c
C:\WINDOWS\System32\_003472_.tmp.dll
C:\WINDOWS\System32\_003440_.tmp.dll

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
```

Then click







button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log it produces in your next reply.

*Step 2*

We need to upload a file to *Jotti*

1. Click *HERE* to get to Jotti's site.

2. At the top of the Jotti window, use the *Browse* button to locate the following file on your system:

*C:\WINDOWS\wc98pp.dll*

3. Once you have located the file, click *SUBMIT* and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.

*Upload same File to Virustotal*
Please visit *Virustotal*

 Click the *Browse...* button
 Navigate to the file *C:\WINDOWS\wc98pp.dll*
 Click the *Open* button
 Click the *Send* button
 If you get a message saying File has already been analyzed: click Reanalyze file now
 Copy and paste the results back here please.

*Step 3*








Please download *Malwarebytes* Anti-Malware and save it to your desktop.
*Alernative D/L mirror*
*Alternative D/L mirror*

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

What i`d like in your reply :-


 Log from OTL Fix
 Results from Jotti
 Results from VirusTotal
 Log from Malwarebytes
 System review, improvements? issues?

Kevin


----------



## elenaz (Sep 27, 2010)

*Internet Explorer:*
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > See if a proxy is running, 
NOTHING IS CHECKED

*Firefox:*
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. Is a proxy set
YES. use system proxy setting is selected.

will move on to your other steps.


----------



## elenaz (Sep 27, 2010)

OTL logfile created on: 1/31/2011 6:58:59 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Elena Zanfei\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 3500 5600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.83 Gb Total Space | 11.25 Gb Free Space | 12.81% Space Free | Partition Type: NTFS

Computer Name: ELENA | User Name: Elena Zanfei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/31 15:14:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2011/01/07 14:54:12 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\FGuard.exe
PRC - [2010/12/03 13:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/03 13:35:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/01/31 15:14:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (hpdj00)
SRV - File not found [Disabled | Stopped] -- -- (HP Port Resolver)
SRV - File not found [Disabled | Stopped] -- -- (FreezeScreenSaver)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/10/12 11:08:06 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/10/12 11:08:06 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/10/01 11:27:22 | 000,632,792 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/09/20 19:25:06 | 003,117,200 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Disabled | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/05/09 04:53:32 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Disabled | Stopped] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/04/04 11:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2007/04/27 08:19:29 | 000,002,560 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/09 09:50:27 | 000,895,088 | ---- | M] (PC Tools Research Pty Ltd) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\sdhelp.exe -- (SDhelper)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/05/01 08:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2006/05/01 08:20:52 | 000,114,753 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2006/05/01 08:20:26 | 000,217,164 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005/08/02 14:18:50 | 000,086,016 | ---- | M] (CACE Technologies) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

========== Driver Services (SafeList) ==========

DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/12/31 09:36:40 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2010/12/31 09:36:38 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/12/31 09:36:36 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/16 08:46:04 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/21 15:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/06/15 17:43:35 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/20 08:15:37 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/20 08:15:36 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/06 14:57:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/01/03 15:21:32 | 000,026,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/06/27 08:42:34 | 000,073,856 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
DRV - [2007/06/27 08:41:48 | 000,101,248 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/05/01 08:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/27 06:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/12/14 19:38:00 | 003,210,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/12/01 07:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 07:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 07:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/29 17:37:44 | 000,108,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005/11/29 17:37:44 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/11/29 17:37:44 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/11/29 17:37:44 | 000,036,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/11/29 04:36:56 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 16:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/08/02 14:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/07/14 23:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 22:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/13 00:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/05/31 04:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/31 04:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/31 04:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/31 04:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/31 04:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/31 04:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/31 04:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/31 04:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/31 04:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/13 09:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2005/05/13 09:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2005/04/22 02:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/04/21 01:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/02/13 16:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/05/28 18:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/09/04 18:38:44 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/customize/ymsgr/defaults/cs/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C C0 0E A8 15 BB CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.r5.attbi.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=sas.r5.attbi.com:8000;gopher=sas.r5.attbi.com:8000;http=sas.r5.attbi.com:8000;https=sas.r5.attbi.com:8000

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VE3D01&q="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300
FF - prefs.js..keyword.URL: "http://utils.babylon.com/abt/index.php?url="
FF - prefs.js..network.proxy.ftp: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.ftp_port: 8000
FF - prefs.js..network.proxy.gopher: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.gopher_port: 8000
FF - prefs.js..network.proxy.http: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.http_port: 8000
FF - prefs.js..network.proxy.no_proxies_on: "*.r5.attbi.com,*.local"
FF - prefs.js..network.proxy.ssl: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.ssl_port: 8000

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/19 17:10:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/04/14 09:15:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/01/31 17:37:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/29 20:53:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/29 20:53:18 | 000,000,000 | ---D | M]

[2010/02/02 13:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Extensions
[2011/01/31 15:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions
[2010/07/02 12:13:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/02 12:13:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/16 16:40:04 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\[email protected]
[2011/01/16 16:40:04 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing-zugo.xml
[2010/07/20 11:09:20 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing.xml
[2011/01/29 20:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/19 17:10:03 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/02/12 12:11:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/31 17:37:56 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX
[2007/04/14 09:15:30 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX

O1 HOSTS File: ([2010/06/09 09:11:11 | 000,393,120 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.12 HP000D9D1CF0F8
O1 - Hosts: 192.168.0.14 HP0015604A2AFA
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 13578 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll (PC Tools)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra Button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O9 - Extra 'Tools' menuitem : Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O9 - Extra Button: Safenotes - {45DB34C3-955C-11D3-ABEF-444553540002} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O9 - Extra 'Tools' menuitem : Safenotes Editor - {45DB34C3-955C-11D3-ABEF-444553540002} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: //showID('hidden_div'); ([]javascript in Trusted sites)
O15 - HKCU\..Trusted Domains: autofol.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freemarketinggraphics.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: freemkgr.hop ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: kaas.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: mrmisupercashsystem.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: terrisfp.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: timothysfineart.com ([]* in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2005_6_10_1/yregucfg.cab (RegUserCfgUI Class)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://designers-surplus.2020.net/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (Reg Error: Key error.)
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab (Bejeweled Control)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (Reg Error: Value error.)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} http://ibhost.dancik.com/download/actimage8.0915.cab (Image Builder Room Control)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://servicemagic.view22.com/app/view22RTE.cab (Reg Error: Key error.)
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} http://merillat.view22.com/release_3_9_177/View22RTEv4.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://minutesmatter.webex.com/client/T23L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://livenj02.custhelp.com/7530-b327h/rnl/java/RntX.cab (Live Collaboration)
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} https://secure.iolo.com/app/ocx/UpgradeVerify.ocx (iolo.ProductDetector)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1ad4c042-e18c-11dc-9981-001422ef63f0}\Shell - "" = AutoRun
O33 - MountPoints2\{1ad4c042-e18c-11dc-9981-001422ef63f0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1ad4c042-e18c-11dc-9981-001422ef63f0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/31 17:40:39 | 000,069,392 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/01/31 17:40:39 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/01/31 17:40:39 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/01/31 17:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/01/31 15:14:10 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
[2011/01/31 15:02:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\TFC.exe
[2011/01/30 10:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Desktop\ANTISPYWARE UTILITIES
[2011/01/30 10:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\COMCAST STUFF FROM DESKTOP SHORTCUTS
[2011/01/30 10:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\DELL shortcuts from desktop
[2011/01/30 09:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\LANDLORD FORMS
[2011/01/30 09:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\FINANCE_MAKING MONEY
[2011/01/29 20:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/01/29 18:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/29 08:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\Threat Expert
[2011/01/28 20:23:40 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0154.old
[2011/01/28 20:23:40 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/01/28 20:23:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0154.old
[2011/01/28 20:23:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/01/28 20:21:20 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/01/28 20:20:24 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/01/28 20:20:24 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/01/28 20:20:24 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/01/28 20:20:17 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/01/28 20:20:17 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/01/28 20:20:07 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/01/28 20:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/01/28 15:36:51 | 105,145,416 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Elena Zanfei\Desktop\en-US_TISDell_Download.exe
[2011/01/28 15:19:44 | 000,000,000 | ---D | C] -- C:\Archive
[2011/01/28 14:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Desktop\en-US_TISDell_Download
[2011/01/28 09:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/01/25 16:48:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Elena Zanfei\Recent
[2011/01/24 16:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\2COACHING
[2011/01/24 15:51:32 | 000,000,000 | ---D | C] -- C:\EDB_License
[2011/01/21 10:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\VS Revo Group
[2011/01/21 10:05:22 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011/01/21 10:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/01/21 10:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/01/16 16:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Start Menu\Programs\FoxTab Audio Converter
[2011/01/16 16:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabAudioConverter
[2011/01/15 14:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/01/15 14:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/01/15 14:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Application Data\Skype

========== Files - Modified Within 30 Days ==========

[2011/01/31 19:01:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/01/31 19:00:43 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/01/31 18:59:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{387CC01B-D7D2-4B62-AB21-5FE6F622E672}.job
[2011/01/31 18:44:05 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/01/31 18:41:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/31 18:41:10 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/01/31 18:41:09 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3968011601-653935474-224142973-1007.job
[2011/01/31 18:41:08 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/31 18:41:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/01/31 18:41:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/31 18:41:01 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/31 18:26:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/31 17:37:45 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/01/31 15:43:30 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3968011601-653935474-224142973-1007.job
[2011/01/31 15:34:06 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2011/01/31 15:14:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
[2011/01/31 15:02:38 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\TFC.exe
[2011/01/31 12:20:00 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (2).lnk
[2011/01/31 09:11:32 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Publisher 2003 (2).lnk
[2011/01/31 09:07:29 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
[2011/01/30 15:14:46 | 028,510,699 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\tony-robbins-interview-leagueMono.mp3
[2011/01/30 15:13:48 | 028,894,408 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\TonyRobbinsInterview2MONO.mp3
[2011/01/30 10:19:38 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Mechanic.lnk
[2011/01/30 10:07:47 | 000,028,366 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/01/30 10:04:10 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to TheSecret-Visualization.mov.lnk
[2011/01/30 10:03:44 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to secrettoyou.mov.lnk
[2011/01/30 09:59:19 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to FURNITURE manufacturers for web.xml.lnk
[2011/01/30 09:46:23 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TouchCopy 09.lnk
[2011/01/30 09:40:23 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Jenny.lnk
[2011/01/29 18:51:33 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/29 17:31:47 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\trend micro.pub
[2011/01/28 20:18:56 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\sdasetup.exe
[2011/01/28 16:00:49 | 105,145,416 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Elena Zanfei\Desktop\en-US_TISDell_Download.exe
[2011/01/28 15:10:28 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/01/28 15:10:28 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/01/28 14:53:08 | 000,750,444 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/28 14:50:54 | 003,327,000 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\WindowsXP-KB942288-v3-x86.exe
[2011/01/26 14:47:45 | 000,000,031 | ---- | M] () -- C:\WINDOWS\WebUpdateSvc4.INI
[2011/01/23 22:00:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/01/23 20:54:25 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/17 14:58:02 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
[2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/01/16 16:57:52 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\FoxTab Audio Converter.lnk
[2011/01/15 15:10:46 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/01/15 14:58:37 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/15 14:54:52 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/12 21:30:44 | 001,174,841 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\2012 free report.pdf
[2011/01/07 14:54:18 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0154.old
[2011/01/07 14:54:18 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/01/07 14:54:16 | 001,533,904 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/01/07 14:54:14 | 002,000,848 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0154.old
[2011/01/07 14:54:14 | 002,000,848 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/01/07 14:54:04 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll0154.old
[2011/01/07 14:54:04 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2011/01/06 11:54:52 | 000,002,125 | ---- | M] () -- C:\WINDOWS\UDB.zip

========== Files Created - No Company Name ==========

[2011/01/31 17:37:45 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/01/30 15:14:54 | 028,510,699 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\tony-robbins-interview-leagueMono.mp3
[2011/01/30 15:14:12 | 028,894,408 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\TonyRobbinsInterview2MONO.mp3
[2011/01/30 10:19:38 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Mechanic.lnk
[2011/01/30 10:00:40 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to TheSecret-Visualization.mov.lnk
[2011/01/30 09:59:17 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to secrettoyou.mov.lnk
[2011/01/30 09:39:18 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to FURNITURE manufacturers for web.xml.lnk
[2011/01/29 18:51:33 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/29 17:33:41 | 000,232,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/29 17:31:45 | 000,174,592 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\trend micro.pub
[2011/01/28 20:23:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0154.old
[2011/01/28 20:23:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/01/28 20:21:20 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/01/28 20:21:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/01/28 20:21:20 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/01/28 20:21:20 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/01/28 14:50:53 | 003,327,000 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\WindowsXP-KB942288-v3-x86.exe
[2011/01/28 09:46:54 | 000,750,444 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/28 09:44:45 | 000,513,032 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\sdasetup.exe
[2011/01/21 10:05:22 | 000,000,961 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/01/21 10:05:22 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/01/16 16:57:52 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\FoxTab Audio Converter.lnk
[2011/01/15 15:10:46 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/01/15 14:58:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/15 14:54:52 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/12 21:30:44 | 001,174,841 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\2012 free report.pdf
[2010/10/29 13:01:03 | 000,000,816 | ---- | C] () -- C:\WINDOWS\System32\ker.dll
[2009/12/10 08:28:24 | 000,000,558 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/12/07 16:46:33 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/08/07 20:48:23 | 000,000,031 | ---- | C] () -- C:\WINDOWS\WebUpdateSvc4.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/27 15:15:42 | 000,001,151 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/12/13 09:24:55 | 000,974,848 | ---- | C] () -- C:\WINDOWS\vorbis.dll
[2008/12/13 09:24:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\ogg.dll
[2008/12/13 09:24:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\vorbisfile.dll
[2008/12/06 20:18:18 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/11/22 15:42:02 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/07/05 12:33:14 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003472_.tmp.dll
[2008/07/05 12:33:14 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003440_.tmp.dll
[2008/05/24 07:49:37 | 000,026,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/03/03 20:00:47 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/02/18 22:34:35 | 000,000,326 | ---- | C] () -- C:\WINDOWS\MindApp.INI
[2007/11/14 20:38:27 | 000,000,737 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/09/10 18:36:47 | 000,000,018 | ---- | C] () -- C:\WINDOWS\EPSTRYTL.ini
[2007/09/10 18:20:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/08/13 14:52:37 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\WHBMD5TYHNKER3NBHUM9S5UJX6
[2007/07/30 13:21:15 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/07/30 13:21:13 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/05/23 15:01:33 | 000,000,334 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/04/27 08:19:30 | 000,001,425 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2007/04/27 08:19:29 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2007/04/25 19:06:38 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/08 23:31:29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/22 12:45:20 | 000,038,478 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Comma Separated Values (DOS).ADR
[2007/02/18 09:31:48 | 000,000,023 | ---- | C] () -- C:\WINDOWS\DownloadStudio.INI
[2007/01/30 22:38:48 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\dm.ini
[2006/09/18 13:36:28 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/09/07 16:23:46 | 000,038,482 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Tab Separated Values (DOS).ADR
[2006/08/13 20:49:57 | 000,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll
[2006/08/13 20:40:58 | 000,000,020 | ---- | C] () -- C:\WINDOWS\squotes.ini
[2006/06/12 09:37:03 | 000,000,065 | ---- | C] () -- C:\WINDOWS\dreamm.INI
[2006/06/12 09:37:03 | 000,000,045 | ---- | C] () -- C:\WINDOWS\DMCBIDS.INI
[2006/06/12 08:51:05 | 000,000,067 | ---- | C] () -- C:\WINDOWS\dreammN.INI
[2006/06/12 08:50:57 | 000,000,260 | ---- | C] () -- C:\WINDOWS\DMCBIDSN.ini
[2006/06/12 08:50:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DreammT.ini
[2006/05/26 16:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/04/27 19:42:12 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2006/04/27 19:42:12 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2006/04/27 19:42:12 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2006/04/22 23:37:29 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/03/17 20:04:58 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ZT3WAQ7HBAUC9KGKBAC7YLPFDV
[2006/03/15 20:22:44 | 000,000,165 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/14 13:08:58 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/14 13:04:26 | 000,001,370 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/03/14 13:04:25 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/02/26 14:08:00 | 000,041,047 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2006/02/24 22:38:21 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/24 22:12:10 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\fusioncache.dat
[2006/02/17 12:26:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/17 12:20:08 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gwseh.dat
[2006/02/17 12:16:41 | 000,005,310 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/17 12:05:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/17 12:02:17 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/02/17 11:38:18 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/02/17 11:38:14 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/17 11:38:14 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/17 11:38:14 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/17 11:38:14 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/17 11:37:44 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/12 16:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 16:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/08/03 13:33:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/02 14:24:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/06/22 16:11:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/08/25 18:24:33 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\Mswrkdmk.dll
[2004/08/11 17:24:19 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/06/16 15:04:19 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\TFC2B66AGMJLD5TYN3EE7UMVHH
[2004/06/01 16:02:00 | 000,038,477 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft Excel.ADR
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/12 19:44:03 | 000,027,296 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Personal Address Book.ADR
[2003/11/25 15:17:54 | 000,038,491 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Tab Separated Values (Windows).ADR
[2003/10/08 21:32:45 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\rsUtil.dll
[2003/10/03 14:45:10 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\AgilInf.dll
[2003/06/06 13:26:24 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003/06/06 13:22:51 | 000,023,076 | ---- | C] () -- C:\WINDOWS\System32\Landdll2.dll
[2003/06/06 13:22:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2003/06/06 13:22:44 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2003/05/06 22:59:59 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2003/05/06 22:59:50 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2003/04/06 16:43:26 | 000,010,512 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ACT! 3.x, 4.0 Contact Manager for Windows.TSK
[2003/04/06 16:43:24 | 000,012,252 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ACT! 3.x, 4.0 Contact Manager for Windows.CAL
[2003/04/06 16:43:05 | 000,034,934 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ACT! 3.x, 4.0 Contact Manager for Windows.ADR
[2003/04/02 20:06:25 | 000,013,013 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Comma Separated Values (Windows).CAL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/22 16:10:42 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2002/11/22 16:10:41 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
[2002/05/12 18:32:07 | 000,354,056 | ---- | C] () -- C:\WINDOWS\System32\RIVET200.DLL
[2002/04/06 15:42:46 | 000,038,516 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Comma Separated Values (Windows).ADR
[2002/01/18 21:09:12 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2002/01/15 02:37:17 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\saverrc.dll
[2002/01/15 02:35:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2002/01/15 02:34:50 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserName.txt
[2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[2000/07/03 23:51:12 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[1998/07/12 00:13:00 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\HSZlib.dll

========== Custom Scans ==========

< :OTL >

< SRV - File not found [Disabled | Stopped] -- -- (hpdj00) >

< SRV - File not found [Disabled | Stopped] -- -- (HP Port Resolver) >

< SRV - File not found [Disabled | Stopped] -- -- (FreezeScreenSaver) >

< FF - prefs.js..extensions.enabledItems: [email protected]:1.2 >

< FF - prefs.js..keyword.URL: "http://utils.babylon.com/abt/index.php?url=" >

< [2011/01/16 16:40:04 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\[email protected] o.com >
Invalid Switch: 16 16:40:04 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\[email protected] o.com

< [2011/01/16 16:40:04 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing-zugo.xml >
Invalid Switch: 16 16:40:04 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing-zugo.xml

< O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found. >

< O3 - HKLM\..\Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - No CLSID value found. >

< O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. >

< O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. >

< O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found >

< O9 - Extra 'Tools' menuitem : Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - File not found >

< O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - Reg Error: Value error. File not found >

< O15 - HKCU\..Trusted Domains: //showID('hidden_div'); ([]javascript in Trusted sites) >
Invalid Switch: showID('hidden_div'); ([]javascript in Trusted sites)

< O15 - HKCU\..Trusted Domains: autofol.com ([]http in Trusted sites) >

< O15 - HKCU\..Trusted Domains: facebook.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: freemarketinggraphics.com ([]http in Trusted sites) >

< O15 - HKCU\..Trusted Domains: freemkgr.hop ([]http in Trusted sites) >

< O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) >

< O15 - HKCU\..Trusted Domains: kaas.com ([]http in Trusted sites) >

< O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet) >

< O15 - HKCU\..Trusted Domains: mrmisupercashsystem.com ([]http in Trusted sites) >

< O15 - HKCU\..Trusted Domains: terrisfp.com ([]http in Trusted sites) >

< O15 - HKCU\..Trusted Domains: timothysfineart.com ([]* in Trusted sites) >

< O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found >

< :Services >

< >

< :Reg >

< >

< :Files >

< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

< C:\WINDOWS\System32\_003472_.tmp.dll >
[2004/08/04 05:00:00 | 000,249,270 | ---- | M] () -- C:\WINDOWS\system32\_003472_.tmp.dll

< C:\WINDOWS\System32\_003440_.tmp.dll >
[2004/08/04 05:00:00 | 000,022,040 | ---- | M] () -- C:\WINDOWS\system32\_003440_.tmp.dll

< >

< :Commands >

< [purity] >

< [emptytemp] >

< [EMPTYFLASH] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >


----------



## kevinf80 (Mar 21, 2006)

Did you use the *"Run Scan"* tab instead of the *"Run Fix"* tab? What about the feedback from Jotti and VirusTotal or the log from Malwarebytes....


----------



## elenaz (Sep 27, 2010)

Kevin, I think I might have used 'Run Scan' instead of 'Run Fix'. I tried to run it just now and there was an issue. I will try running it again and then post the results. I will move on to the other steps you listed and then post those results. Thanks for your patience with me


----------



## elenaz (Sep 27, 2010)

Kevin, I am a little confused at this point. I ran the OTL with FIX and after the system rebooted and windows started again the windows box (do you want to run OTL) came up again so I thought it didn't work however, when I selected to run it again, the .txt box opened with the following content and so now, I'm not sure if it ran or not and if I should run it again. Please advise. Also, should I move on to the other steps now or wait until you verify the content of this text file????
-----------------------------------------
All processes killed
========== OTL ==========
Service hpdj00 stopped successfully!
Service hpdj00 deleted successfully!
Service HP Port Resolver stopped successfully!
Service HP Port Resolver deleted successfully!
Service FreezeScreenSaver stopped successfully!
Service FreezeScreenSaver deleted successfully!
Prefs.js: [email protected]:1.2 removed from extensions.enabledItems
Prefs.js: "http://utils.babylon.com/abt/index.php?url=" removed from keyword.URL
Folder C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\[email protected] o.com\ not found.
C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing-zugo.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B56A7D7D-6927-48C8-A975-17DF180C71AC}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{53829F91-1B06-4DB9-B13E-812A986169F9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53829F91-1B06-4DB9-B13E-812A986169F9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{307D80B7-6553-42FB-9C99-19841353B4F0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{307D80B7-6553-42FB-9C99-19841353B4F0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//showID\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\autofol.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\facebook.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freemarketinggraphics.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freemkgr.hop\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kaas.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mrmisupercashsystem.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\terrisfp.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\timothysfineart.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cetihpz\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF184AD3-CDCB-4168-A3F7-8E447D129300}\ not found.
File {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Elena Zanfei\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Elena Zanfei\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\System32\_003472_.tmp.dll moved successfully.
C:\WINDOWS\System32\_003440_.tmp.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Elena Zanfei
->Temp folder emptied: 1741658 bytes
->Temporary Internet Files folder emptied: 8713638 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43620483 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 790 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33759 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2664549 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 141038 bytes

Total Files Cleaned = 54.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Elena Zanfei
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.20.6 log created on 02012011_081538

Files\Folders moved on Reboot...
C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\OLKRPCLOG_02_01_2011_07_52_58_1.etl moved successfully.
C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\OPMLog.log moved successfully.
File\Folder C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\~DF258C.tmp not found!
File\Folder C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\~DF25C3.tmp not found!
C:\WINDOWS\temp\HPSLPS005.log moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_874.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_c84.dat moved successfully.

Registry entries deleted on Reboot...


----------



## elenaz (Sep 27, 2010)

JOTTI analysis = ALL 'found nothing'

VIRUSTOTAL Analysis
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. 
File name: 
wc98pp.dll
Submission date: 
2011-02-01 15:18:14 (UTC)
Current status: 
queued (#79) queued (#79) analysing finished








Result: 
0/ 43 (0.0%)

VT Community








not reviewed
Safety score: - Compact 
Print results ​
Antivirus Version Last Update Result AhnLab-V32011.01.27.012011.01.27-AntiVir7.11.2.482011.02.01-Antiy-AVL2.0.3.72011.01.28-Avast4.8.1351.02011.02.01-Avast55.0.677.02011.02.01-AVG10.0.0.11902011.02.01-BitDefender7.22011.02.01-CAT-QuickHeal11.002011.02.01-ClamAV0.96.4.02011.02.01-Commtouch5.2.11.52011.02.01-Comodo75592011.01.31-DrWeb5.0.2.033002011.02.01-Emsisoft5.1.0.22011.02.01-eSafe7.0.17.02011.02.01-eTrust-Vet36.1.81322011.02.01-F-Prot4.6.2.1172011.01.31-F-Secure9.0.16160.02011.02.01-Fortinet4.2.254.02011.02.01-GData212011.02.01-IkarusT3.1.1.97.02011.02.01-Jiangmin13.0.9002011.02.01-K7AntiVirus9.79.37022011.02.01-Kaspersky7.0.0.1252011.02.01-McAfee5.400.0.11582011.02.01-McAfee-GW-Edition2010.1C2011.02.01-Microsoft1.65022011.02.01-NOD3258372011.02.01-Norman6.06.122011.02.01-nProtect2011-01-27.012011.02.01-Panda10.0.3.52011.01.31-PCTools7.0.3.52011.01.31-Prevx3.02011.02.01-Rising23.43.01.002011.02.01-Sophos4.61.02011.02.01-SUPERAntiSpyware4.40.0.10062011.02.01-Symantec20101.3.0.1032011.02.01-TheHacker6.7.0.1.1222011.01.30-TrendMicro9.120.0.10042011.02.01-TrendMicro-HouseCall9.120.0.10042011.02.01-VBA323.12.14.32011.02.01-VIPRE82742011.02.01-ViRobot2011.2.1.42852011.02.01-VirusBuster13.6.175.02011.02.01- Additional information
Show all 
MD5 : 01ce67a8b8f546986309c28d4594d29c SHA1 : c375555e487481ba317af381d8f8524ab20defb0 SHA256: 74bd7a4d90534a25f73b253c4cd21d8886b4c9d83c05a609f2bce91dfc3caf5c


----------



## elenaz (Sep 27, 2010)

MALWAREBYTES RESULTS
---------------
Malwarebytes' Anti-Malware 1.40
Database version: 2680
Windows 5.1.2600 Service Pack 3

2/1/2011 7:57:02 AM
mbam-log-2011-02-01 (07-57-02).txt

Scan type: Quick Scan
Objects scanned: 1
Time elapsed: 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## elenaz (Sep 27, 2010)

Just for the heck of it I thought I would try an internet search again using the url bar...babylon is still there...this is what the results was in the url bar...
-----------
http://assist.babylon.com/babylonassista/dnsassist/main?domain=STANLEY+FURNITURE


----------



## kevinf80 (Mar 21, 2006)

How is your system responding, any issues remaining?


----------



## elenaz (Sep 27, 2010)

the system seems to be responding better but that damn babylon search engine default is still happening. This is so puzzling. Even though it defaults, the results it brings rarely work, i think it's because I have deleted EVERYTHING that I can find having to do with babylon. I think babylon is part of a transaltion program which got automatically loaded when I installed a program call FoxTabAudioconverter (At least I think this is what happened). Ironically, I cannot find FOXTABAUDIOCONVERTER in the add delete program or in the REVO UNINSTALLER PRO which I also downloaded since it's suppose to be able to delete hard to find programs. It's still in my RECENT PROGRAM USED list and I can click on it and start it. Not sure why it does NOT show up on the ADD/REMOVE Programs or how to uninstall it to see if all traces of Babylon go away with it. I do need a converter to convert .wav files to mp3 so I would probably re-install it after seeing if it makes a difference. Would deleting the folder FOXTABAUDIOCONVERTER from C://WINDOWS/PROGRAMS do the trick?


----------



## elenaz (Sep 27, 2010)

BTW, I really appreciate your help with this...at least now I can be SURE there is nothing malicious running on my computer right???? Thanks Kevin!!


----------



## kevinf80 (Mar 21, 2006)

Which Browser are you using when it appears, IE or Firefox. I thought i`d removed that pest with the OTL Fix....

If it appears with IE try Firefox or vice versa, see if the same happens with both browsers.


----------



## elenaz (Sep 27, 2010)

OK Kevin...i found something interesting.
IE is Fine. NO traces of the damn Babylon. I also checked all the Toolbars enabled in IE and made sure to turn off anything different in FF.
FF is where the problem is, incidentally, there is also an icon on the lower icon bar that is called 'translator' which I think is part of babylon. In the url bar, it initially default the icon for FF howerver, when I enter a search in the url bar (not the BING search box), it will turn the icon to a blank file icon and then babylon returns the results.
I think I might try to start up in safe move, back up to an earlier version and see what happens.


----------



## kevinf80 (Mar 21, 2006)

Hiya Elana,

OK if this is only specific to FireFox then it`s probably an Addon that is causing the problem. Have a look *Here* for the instructions to help you, obviously the example name will differ to the one you want. Scroll down and read the full link, then see if that helps.

In reply to your question about your system being clean, yep logs would indicate all OK...

Kevin.


----------

