Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post Many Malware Problems
Go to first new post Hijacked links & Scripts running in ...
Go to first new post How to delete qv06 Virus
Go to first new post Unkown program, no file size, called &qu ...
Go to first new post Internet Explorer
Go to first new post Hijacked links, Malware or something.
Go to first new post Infected with some sort of malware/Troja ...
Go to first new post Windows 7 Not Booting: autochk program n ...
Go to first new post Memory upgrade problems.
Go to first new post Windows 7 problem - white program backgr ...
Go to first new post Old computer running as slow as molasses
Go to first new post Audio has disappeared
Go to first new post MBR PhysicalDrive0 issue
Go to first new post email hacked
Go to first new post Phantom audio ads and popup ads
Search Search
Search for:
Tech Support Guy Forums > > >

unable to remove Babylon search engine

(In Progress)
(!)

Reply
Page 1 of 2 1 2
elenaz's Avatar
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
  
Join Date: Sep 2010
Experience: Intermediate
31-Jan-2011, 03:12 PM #1
Unhappy unable to remove Babylon search engine
I have read ALL posts both here and on other forums. I have used ADD/DELETE programs to remove Babylon, I deleted the folder in PROGRAMS and I have search the entire C drive for anything having to do with Babylon. Ran registry mechanic and STILL, when I enter something in the url bar, it automatically default to the babylon search. This happens in both IE and FIREFOX. The home page is set to Bing and there is NO add-ons that deal with Babylon. In essence, I cannot find BABYLON anywhere on my computer and yet, it automatically defaults as the search engine when using the url bar at the top of my browser to search. I have TRIED everything. No utility like Spyware Doctor, System Mechanic, Spybot, Malware Bytes or any other has been able to find any issues. PLEASE HELP!!!!!!!!!!!!!!!!!!!!
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,634 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
31-Jan-2011, 03:48 PM #2
Hiya elenaz,

Please proceed as follows :-

Step 1

Download TFC to your desktop, from either of the following links
Link 1
Link 2
  • Make sure any open work is saved. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Step 2

Download from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3
  • Double click on the icon to run it. Vista and Windows 7 users right click and select Run as Administrator. Make sure all other windows are closed and to let it run uninterrupted.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Under the Custom Scan box paste this in
    Code:
          netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply
Copy and paste OTL Txt and ExtrasTxt in your reply.

Kevin
elenaz's Avatar
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
  
Join Date: Sep 2010
Experience: Intermediate
31-Jan-2011, 04:27 PM #3
Otl.txt
OTL logfile created on: 1/31/2011 3:15:00 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Elena Zanfei\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 3500 5600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.83 Gb Total Space | 10.72 Gb Free Space | 12.21% Space Free | Partition Type: NTFS

Computer Name: ELENA | User Name: Elena Zanfei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/31 15:14:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
PRC - [2010/12/03 13:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/01/31 15:14:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (hpdj00)
SRV - File not found [Disabled | Stopped] -- -- (HP Port Resolver)
SRV - File not found [Disabled | Stopped] -- -- (FreezeScreenSaver)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/10/12 11:08:06 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/10/12 11:08:06 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/10/01 11:27:22 | 000,632,792 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/09/20 19:25:06 | 003,117,200 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Disabled | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/05/09 04:53:32 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Disabled | Stopped] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/04/04 11:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2007/04/27 08:19:29 | 000,002,560 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/09 09:50:27 | 000,895,088 | ---- | M] (PC Tools Research Pty Ltd) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\sdhelp.exe -- (SDhelper)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/05/01 08:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2006/05/01 08:20:52 | 000,114,753 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2006/05/01 08:20:26 | 000,217,164 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005/08/02 14:18:50 | 000,086,016 | ---- | M] (CACE Technologies) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/12/31 09:36:40 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2010/12/31 09:36:38 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/12/31 09:36:36 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/16 08:46:04 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/21 15:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/06/15 17:43:35 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/20 08:15:37 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/20 08:15:36 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/06 14:57:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/01/03 15:21:32 | 000,026,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/06/27 08:42:34 | 000,073,856 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
DRV - [2007/06/27 08:41:48 | 000,101,248 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/05/01 08:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/27 06:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/12/14 19:38:00 | 003,210,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/12/01 07:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 07:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 07:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/29 17:37:44 | 000,108,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005/11/29 17:37:44 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/11/29 17:37:44 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/11/29 17:37:44 | 000,036,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/11/29 04:36:56 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 16:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/08/02 14:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/07/14 23:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 22:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/13 00:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/05/31 04:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/31 04:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/31 04:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/31 04:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/31 04:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/31 04:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/31 04:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/31 04:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/31 04:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/13 09:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2005/05/13 09:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2005/04/22 02:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/04/21 01:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/02/13 16:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/05/28 18:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/09/04 18:38:44 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C C0 0E A8 15 BB CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.r5.attbi.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=sas.r5.attbi.com:8000;gopher=sas.r5.attbi.com:8000;http=sas.r5.attbi.co m:8000;https=sas.r5.attbi.com:8000

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VE3D01&q="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300
FF - prefs.js..keyword.URL: "http://utils.babylon.com/abt/index.php?url="
FF - prefs.js..network.proxy.ftp: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.ftp_port: 8000
FF - prefs.js..network.proxy.gopher: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.gopher_port: 8000
FF - prefs.js..network.proxy.http: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.http_port: 8000
FF - prefs.js..network.proxy.no_proxies_on: "*.r5.attbi.com,*.local"
FF - prefs.js..network.proxy.ssl: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.ssl_port: 8000


FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/19 17:10:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/04/14 09:15:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/01/28 20:23:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/29 20:53:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/29 20:53:18 | 000,000,000 | ---D | M]

[2010/02/02 13:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Extensions
[2011/01/31 14:02:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions
[2010/07/02 12:13:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/02 12:13:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/16 16:40:04 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\searchtoolbar@zug o.com
[2011/01/16 16:40:04 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing-zugo.xml
[2010/07/20 11:09:20 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing.xml
[2011/01/29 20:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/19 17:10:03 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/02/12 12:11:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/28 20:23:44 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX
[2007/04/14 09:15:30 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX

O1 HOSTS File: ([2010/06/09 09:11:11 | 000,393,120 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.12 HP000D9D1CF0F8
O1 - Hosts: 192.168.0.14 HP0015604A2AFA
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 13578 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll (PC Tools)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra Button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O9 - Extra 'Tools' menuitem : Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O9 - Extra Button: Safenotes - {45DB34C3-955C-11D3-ABEF-444553540002} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O9 - Extra 'Tools' menuitem : Safenotes Editor - {45DB34C3-955C-11D3-ABEF-444553540002} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: //showID('hidden_div'); ([]javascript in Trusted sites)
O15 - HKCU\..Trusted Domains: autofol.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freemarketinggraphics.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: freemkgr.hop ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: kaas.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: mrmisupercashsystem.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: terrisfp.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: timothysfineart.com ([]* in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab (RegUserCfgUI Class)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://designers-surplus.2020.net/Co...erAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/Driver...reqlab_nvd.cab (Reg Error: Key error.)
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedIn...derControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Cu...WebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v46.../bejeweled.cab (Bejeweled Control)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn...tDetection.cab (Reg Error: Value error.)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/S...dObjSigned.cab (HPSDDX Class)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab (DDRevision Class)
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} http://ibhost.dancik.com/download/actimage8.0915.cab (Image Builder Room Control)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://servicemagic.view22.com/app/view22RTE.cab (Reg Error: Key error.)
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} http://merillat.view22.com/release_3...iew22RTEv4.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/...ploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://minutesmatter.webex.com/clie...ex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://livenj02.custhelp.com/7530-b3.../java/RntX.cab (Live Collaboration)
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} https://secure.iolo.com/app/ocx/UpgradeVerify.ocx (iolo.ProductDetector)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1ad4c042-e18c-11dc-9981-001422ef63f0}\Shell - "" = AutoRun
O33 - MountPoints2\{1ad4c042-e18c-11dc-9981-001422ef63f0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1ad4c042-e18c-11dc-9981-001422ef63f0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/31 15:14:10 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
[2011/01/31 15:02:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\TFC.exe
[2011/01/30 10:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Desktop\ANTISPYWARE UTILITIES
[2011/01/30 10:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\COMCAST STUFF FROM DESKTOP SHORTCUTS
[2011/01/30 10:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\DELL shortcuts from desktop
[2011/01/30 09:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\LANDLORD FORMS
[2011/01/30 09:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\FINANCE_MAKING MONEY
[2011/01/29 20:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/01/29 18:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/29 08:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\Threat Expert
[2011/01/28 20:23:40 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/01/28 20:23:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/01/28 20:23:15 | 000,069,392 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/01/28 20:23:15 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/01/28 20:23:15 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/01/28 20:21:20 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/01/28 20:20:24 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/01/28 20:20:24 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/01/28 20:20:24 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/01/28 20:20:17 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/01/28 20:20:17 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/01/28 20:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/01/28 20:20:07 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/01/28 20:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/01/28 15:36:51 | 105,145,416 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Elena Zanfei\Desktop\en-US_TISDell_Download.exe
[2011/01/28 15:19:44 | 000,000,000 | ---D | C] -- C:\Archive
[2011/01/28 14:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Desktop\en-US_TISDell_Download
[2011/01/28 09:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/01/25 16:48:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Elena Zanfei\Recent
[2011/01/24 16:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\2COACHING
[2011/01/24 15:51:32 | 000,000,000 | ---D | C] -- C:\EDB_License
[2011/01/21 10:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\VS Revo Group
[2011/01/21 10:05:22 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011/01/21 10:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/01/21 10:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/01/16 16:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Start Menu\Programs\FoxTab Audio Converter
[2011/01/16 16:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabAudioConverter
[2011/01/16 16:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2011/01/15 14:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/01/15 14:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/01/15 14:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Application Data\Skype

========== Files - Modified Within 30 Days ==========

[2011/01/31 15:19:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{387CC01B-D7D2-4B62-AB21-5FE6F622E672}.job
[2011/01/31 15:16:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/01/31 15:14:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
[2011/01/31 15:07:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/31 15:06:55 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3968011601-653935474-224142973-1007.job
[2011/01/31 15:06:55 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/01/31 15:06:53 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/31 15:06:53 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/01/31 15:06:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/31 15:06:46 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/31 15:02:38 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\TFC.exe
[2011/01/31 15:01:16 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3968011601-653935474-224142973-1007.job
[2011/01/31 14:26:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/31 12:20:00 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (2).lnk
[2011/01/31 11:34:02 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2011/01/31 09:11:32 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Publisher 2003 (2).lnk
[2011/01/31 09:07:29 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
[2011/01/30 19:39:41 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/01/30 16:35:26 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/01/30 15:14:46 | 028,510,699 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\tony-robbins-interview-leagueMono.mp3
[2011/01/30 15:13:48 | 028,894,408 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\TonyRobbinsInterview2MONO.mp3
[2011/01/30 10:19:38 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Mechanic.lnk
[2011/01/30 10:07:47 | 000,028,366 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/01/30 10:04:10 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to TheSecret-Visualization.mov.lnk
[2011/01/30 10:03:44 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to secrettoyou.mov.lnk
[2011/01/30 09:59:19 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to FURNITURE manufacturers for web.xml.lnk
[2011/01/30 09:46:23 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TouchCopy 09.lnk
[2011/01/30 09:40:23 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Jenny.lnk
[2011/01/29 18:51:33 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/29 17:31:47 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\trend micro.pub
[2011/01/28 20:20:14 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2011/01/28 20:18:56 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\sdasetup.exe
[2011/01/28 16:00:49 | 105,145,416 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Elena Zanfei\Desktop\en-US_TISDell_Download.exe
[2011/01/28 15:10:28 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/01/28 15:10:28 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/01/28 14:53:08 | 000,750,444 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/28 14:50:54 | 003,327,000 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\WindowsXP-KB942288-v3-x86.exe
[2011/01/26 14:47:45 | 000,000,031 | ---- | M] () -- C:\WINDOWS\WebUpdateSvc4.INI
[2011/01/23 22:00:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/01/23 20:54:25 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/17 14:58:02 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
[2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/01/16 16:57:52 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\FoxTab Audio Converter.lnk
[2011/01/16 16:39:54 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\Audacity.lnk
[2011/01/15 15:10:46 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/01/15 14:58:37 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/15 14:54:52 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/12 21:30:44 | 001,174,841 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\2012 free report.pdf
[2011/01/07 14:54:18 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/01/07 14:54:16 | 001,533,904 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/01/07 14:54:14 | 002,000,848 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/01/07 14:54:04 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2011/01/06 11:54:52 | 000,002,125 | ---- | M] () -- C:\WINDOWS\UDB.zip

========== Files Created - No Company Name ==========

[2011/01/30 15:14:54 | 028,510,699 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\tony-robbins-interview-leagueMono.mp3
[2011/01/30 15:14:12 | 028,894,408 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\TonyRobbinsInterview2MONO.mp3
[2011/01/30 10:19:38 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Mechanic.lnk
[2011/01/30 10:00:40 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to TheSecret-Visualization.mov.lnk
[2011/01/30 09:59:17 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to secrettoyou.mov.lnk
[2011/01/30 09:39:18 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to FURNITURE manufacturers for web.xml.lnk
[2011/01/29 18:51:33 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/29 17:33:41 | 000,232,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/29 17:31:45 | 000,174,592 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\trend micro.pub
[2011/01/28 20:23:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/01/28 20:21:20 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/01/28 20:21:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/01/28 20:21:20 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/01/28 20:21:20 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/01/28 20:20:14 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2011/01/28 14:50:53 | 003,327,000 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\WindowsXP-KB942288-v3-x86.exe
[2011/01/28 09:46:54 | 000,750,444 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/28 09:44:45 | 000,513,032 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\sdasetup.exe
[2011/01/21 10:05:22 | 000,000,961 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/01/21 10:05:22 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/01/16 16:57:52 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\FoxTab Audio Converter.lnk
[2011/01/16 16:39:54 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
[2011/01/16 16:39:54 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\Audacity.lnk
[2011/01/15 15:10:46 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/01/15 14:58:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/15 14:54:52 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/12 21:30:44 | 001,174,841 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\2012 free report.pdf
[2010/10/29 13:01:03 | 000,000,816 | ---- | C] () -- C:\WINDOWS\System32\ker.dll
[2009/12/10 08:28:24 | 000,000,558 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/12/07 16:46:33 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/08/07 20:48:23 | 000,000,031 | ---- | C] () -- C:\WINDOWS\WebUpdateSvc4.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/27 15:15:42 | 000,001,151 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/12/13 09:24:55 | 000,974,848 | ---- | C] () -- C:\WINDOWS\vorbis.dll
[2008/12/13 09:24:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\ogg.dll
[2008/12/13 09:24:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\vorbisfile.dll
[2008/12/06 20:18:18 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/11/22 15:42:02 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/07/05 12:33:14 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003472_.tmp.dll
[2008/07/05 12:33:14 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003440_.tmp.dll
[2008/05/24 07:49:37 | 000,026,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/03/03 20:00:47 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/02/18 22:34:35 | 000,000,326 | ---- | C] () -- C:\WINDOWS\MindApp.INI
[2007/11/14 20:38:27 | 000,000,737 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/09/10 18:36:47 | 000,000,018 | ---- | C] () -- C:\WINDOWS\EPSTRYTL.ini
[2007/09/10 18:20:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/08/13 14:52:37 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\WHBMD5TYHNKER3NBHUM9S5UJX6
[2007/07/30 13:21:15 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/07/30 13:21:13 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/05/23 15:01:33 | 000,000,334 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/04/27 08:19:30 | 000,001,425 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2007/04/27 08:19:29 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2007/04/25 19:06:38 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/08 23:31:29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/22 12:45:20 | 000,038,478 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Comma Separated Values (DOS).ADR
[2007/02/18 09:31:48 | 000,000,023 | ---- | C] () -- C:\WINDOWS\DownloadStudio.INI
[2007/01/30 22:38:48 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\dm.ini
[2006/09/18 13:36:28 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/09/07 16:23:46 | 000,038,482 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Tab Separated Values (DOS).ADR
[2006/08/13 20:49:57 | 000,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll
[2006/08/13 20:40:58 | 000,000,020 | ---- | C] () -- C:\WINDOWS\squotes.ini
[2006/06/12 09:37:03 | 000,000,065 | ---- | C] () -- C:\WINDOWS\dreamm.INI
[2006/06/12 09:37:03 | 000,000,045 | ---- | C] () -- C:\WINDOWS\DMCBIDS.INI
[2006/06/12 08:51:05 | 000,000,067 | ---- | C] () -- C:\WINDOWS\dreammN.INI
[2006/06/12 08:50:57 | 000,000,260 | ---- | C] () -- C:\WINDOWS\DMCBIDSN.ini
[2006/06/12 08:50:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DreammT.ini
[2006/05/26 16:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/04/27 19:42:12 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2006/04/27 19:42:12 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2006/04/27 19:42:12 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2006/04/22 23:37:29 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/03/17 20:04:58 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ZT3WAQ7HBAUC9KGKBAC7YLPFDV
[2006/03/15 20:22:44 | 000,000,165 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/14 13:08:58 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/14 13:04:26 | 000,001,370 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/03/14 13:04:25 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/02/26 14:08:00 | 000,041,047 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2006/02/24 22:38:21 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/24 22:12:10 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\fusioncache.dat
[2006/02/17 12:26:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/17 12:20:08 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gwseh.dat
[2006/02/17 12:16:41 | 000,005,310 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/17 12:05:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/17 12:02:17 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/02/17 11:38:18 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/02/17 11:38:14 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/17 11:38:14 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/17 11:38:14 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/17 11:38:14 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/17 11:37:44 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/12 16:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 16:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/08/03 13:33:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/02 14:24:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/06/22 16:11:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/08/25 18:24:33 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\Mswrkdmk.dll
[2004/08/11 17:24:19 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/06/16 15:04:19 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\TFC2B66AGMJLD5TYN3EE7UMVHH
[2004/06/01 16:02:00 | 000,038,477 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft Excel.ADR
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/12 19:44:03 | 000,027,296 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Personal Address Book.ADR
[2003/11/25 15:17:54 | 000,038,491 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Tab Separated Values (Windows).ADR
[2003/10/08 21:32:45 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\rsUtil.dll
[2003/10/03 14:45:10 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\AgilInf.dll
[2003/06/06 13:26:24 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003/06/06 13:22:51 | 000,023,076 | ---- | C] () -- C:\WINDOWS\System32\Landdll2.dll
[2003/06/06 13:22:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2003/06/06 13:22:44 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2003/05/06 22:59:59 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2003/05/06 22:59:50 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2003/04/06 16:43:26 | 000,010,512 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ACT! 3.x, 4.0 Contact Manager for Windows.TSK
[2003/04/06 16:43:24 | 000,012,252 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ACT! 3.x, 4.0 Contact Manager for Windows.CAL
[2003/04/06 16:43:05 | 000,034,934 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ACT! 3.x, 4.0 Contact Manager for Windows.ADR
[2003/04/02 20:06:25 | 000,013,013 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Comma Separated Values (Windows).CAL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/22 16:10:42 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2002/11/22 16:10:41 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
[2002/05/12 18:32:07 | 000,354,056 | ---- | C] () -- C:\WINDOWS\System32\RIVET200.DLL
[2002/04/06 15:42:46 | 000,038,516 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Comma Separated Values (Windows).ADR
[2002/01/18 21:09:12 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2002/01/15 02:37:17 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\saverrc.dll
[2002/01/15 02:35:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2002/01/15 02:34:50 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserName.txt
[2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[2000/07/03 23:51:12 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[1998/07/12 00:13:00 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\HSZlib.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/01/30 16:35:26 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2006/08/14 19:18:21 | 000,036,837 | -H-- | M] () -- C:\cache.dmx
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/02/14 12:53:25 | 000,000,000 | ---- | M] () -- C:\debug1.txt
[2006/02/17 11:43:06 | 000,006,587 | RH-- | M] () -- C:\dell.sdr
[2010/09/22 19:37:16 | 000,000,045 | ---- | M] () -- C:\error.log
[2009/08/11 19:34:57 | 000,005,898 | ---- | M] () -- C:\EventLOG.txt
[2001/09/05 20:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2007/02/14 12:53:25 | 000,000,008 | ---- | M] () -- C:\GetFlashID.txt
[2010/12/07 11:09:41 | 000,226,623 | ---- | M] () -- C:\halloween_log.html
[2011/01/31 15:06:46 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2006/03/13 10:58:32 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2007/03/08 23:33:05 | 000,002,305 | -H-- | M] () -- C:\IPH.PH
[2009/04/07 13:08:42 | 000,014,586 | ---- | M] () -- C:\log.html
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2007/07/30 13:27:09 | 020,407,748 | ---- | M] () -- C:\MyMindMovie1.mpg.MP4
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/31 18:44:54 | 000,250,048 | ---- | M] () -- C:\ntldr
[2011/01/31 15:06:44 | 3670,016,000 | -HS- | M] () -- C:\pagefile.sys
[2009/03/27 21:18:25 | 000,000,002 | ---- | M] () -- C:\ProjectEngine.log
[2006/02/17 12:15:09 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2009/03/23 15:24:21 | 000,002,934 | ---- | M] () -- C:\virus logs.TXT
[2006/05/27 08:54:14 | 000,002,370 | ---- | M] () -- C:\_Sid.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/11 17:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 17:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 17:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install\\LastSuccessTime: 2011-01-31 14:37:43

========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >
elenaz's Avatar
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
  
Join Date: Sep 2010
Experience: Intermediate
31-Jan-2011, 04:30 PM #4
Extras.txt
OTL Extras logfile created on: 1/31/2011 3:15:00 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Elena Zanfei\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 3500 5600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.83 Gb Total Space | 10.72 Gb Free Space | 12.21% Space Free | Partition Type: NTFS

Computer Name: ELENA | User Name: Elena Zanfei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\stickies\stickies.exe" = C:\Program Files\stickies\stickies.exe:*:Enabled:Stickies 5.1a -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"D:\setup\HPZNET01.EXE" = D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe
"C:\WINDOWS\system32\wupdmgr.exe" = C:\WINDOWS\system32\wupdmgr.exe:*:Enabled:Windows Update -- (Microsoft Corporation)
"C:\TEMP\HP_WebRelease\Setup\HPZnet01.exe" = C:\TEMP\HP_WebRelease\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in
"C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux
"D:\setup\HPZNUI01.EXE" = D:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
"D:\setup\HPONICIFS01.EXE" = D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe
"C:\Program Files\HP\digital imaging\bin\hpofxm08.exe" = C:\Program Files\HP\digital imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\digital imaging\bin\hposfx08.exe" = C:\Program Files\HP\digital imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\digital imaging\bin\hposid01.exe" = C:\Program Files\HP\digital imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\digital imaging\bin\hpqcopy.exe" = C:\Program Files\HP\digital imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\digital imaging\bin\hpfccopy.exe" = C:\Program Files\HP\digital imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\digital imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\digital imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\digital imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\digital imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\digital imaging\bin\hpoews01.exe" = C:\Program Files\HP\digital imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger
"C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe" = C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe:*:Enabled:SMPCSetup
"C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\IXP000.TMP\smwinvnc.exe" = C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\IXP000.TMP\smwinvnc.exe:*:Enabled:TightVNC Win32 Server
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\CallWave\IAM.exe" = C:\Program Files\CallWave\IAM.exe:*:Enabled:CallWave -- (CallWave, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1E697208-321A-4BD7-A8A3-41B406EB3DED}" = eBook Pro Viewer 5.5
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer (OpenSBI Edition)
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AB6F784-1163-4EE6-96EB-05BAB1B46DBA}" = TouchCopy 09
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7DCF7BBA-39A9-4e27-9154-F57BCED90CBF}" = HP Officejet J6400 Series
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
"{95F9D960-C571-11D0-90F0-00001B1EFBA8}" = QuickBooks Pro 2001
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FA93155-472F-4778-87A8-95244FD1535D}" = OLYMPUS Master 2
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE8913B7-B2C4-48BE-8A26-84390FF4F231}" = DMX Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C22B3E5E-B1D6-4C4D-AB78-2132C327A3E4}" = Product Idea Profitabilty Evaluator
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4C9170-F517-42EB-A5CB-F16DE610315A}" = Stamps.com Application Support for Microsoft Outlook 2000, 2002, 2003
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D22B50A0-DD4E-4E33-9971-891C328677C8}" = DellConnect
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Google
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E5E6E687-1033-BA7E-6000-000000000001}" = Adobe Acrobat Elements 6.0
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8AA728E-AB2B-4338-9B3D-680253CDCC0F}" = BrightLister
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FAD7C32D-8A42-4E35-9648-52CD980E1928}" = Minutes Matter Studio
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adaptec UDF Reader" = Adaptec UDF Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AI RoboForm" = AI RoboForm (All Users)
"Audacity_is1" = Audacity 1.2.6
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Browser Defender_is1" = Browser Defender 3.0
"CallWave" = CallWave
"Carbonite Backup" = Carbonite
"CCleaner" = CCleaner
"Cisco Connect" = Cisco Connect
"Core FTP LE 2.1" = Core FTP LE 2.1
"Creating Abundance" = Creating Abundance
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Dream-Minder N" = Dream-Minder N
"FileZilla Client" = FileZilla Client 3.3.4.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MemoriesOnWeb_is1" = MemoriesOnWeb 3.1.7
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"Quicken Legal Business Pro 2010" = Quicken Legal Business Pro 2010
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Software Update Wizard (Redistributable)" = Software Update Wizard (Redistributable) 4.5
"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0
"Stamps.com" = Stamps.com
"Stamps.com support for Microsoft Outlook 2000-2007" = Stamps.com support for Microsoft Outlook 2000-2007
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Web Page Maker_is1" = Web Page Maker V3.03
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 3.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/30/2011 6:46:27 PM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 1/31/2011 10:37:24 AM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 1/31/2011 10:37:25 AM | Computer Name = ELENA | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2416447-X86\NDP1.1sp1-KB2416447-X86-msi.0.log.

Error - 1/31/2011 10:37:27 AM | Computer Name = ELENA | Source = NativeWrapper | ID = 5000
Description =

Error - 1/31/2011 2:20:04 PM | Computer Name = ELENA | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Word.

Error - 1/31/2011 5:07:35 PM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 1/31/2011 5:07:39 PM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 1/31/2011 5:07:42 PM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 1/31/2011 5:07:43 PM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 1/31/2011 5:07:46 PM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

[ System Events ]
Error - 1/31/2011 3:44:12 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/31/2011 3:44:12 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/31/2011 3:44:12 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service CarboniteService
with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}


< End of report >
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,634 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
31-Jan-2011, 04:50 PM #5
You recognize these proxies :-

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.r5.attbi.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=sas.r5.attbi.com:8000;gopher=sas.r5.attbi.com:8000;http=sas.r5.attbi.co m:8000;https=sas.r5.attbi.com:8000

FF - prefs.js..network.proxy.ftp: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.ftp_port: 8000
FF - prefs.js..network.proxy.gopher: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.gopher_port: 8000
FF - prefs.js..network.proxy.http: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.http_port: 8000
FF - prefs.js..network.proxy.no_proxies_on: "*.r5.attbi.com,*.local"
FF - prefs.js..network.proxy.ssl: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.ssl_port: 8000
elenaz's Avatar
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
  
Join Date: Sep 2010
Experience: Intermediate
31-Jan-2011, 06:06 PM #6
response to current comment
Kevin,
I'm not sure what this response is or if you are asking a question. I don't know or understand any of the information you included. Sorry :-(
Anything else you need from me?
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,634 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
31-Jan-2011, 06:12 PM #7
Do you connect to the internet through a proxy server, did you or someone you know set them up?
elenaz's Avatar
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
  
Join Date: Sep 2010
Experience: Intermediate
31-Jan-2011, 06:16 PM #8
answer
I don't connect through a proxy server that I know of. I have comcast cable modem and connect via that. The house is on a wireless network. Not sure how proxy servers work or what they are. How are they used and why would anyone set my computer up using them? I'm not sure. My laptop was with a geek about a year or so ago - could they, would they have set that up if that is not a standard setting? what is a standard setting??
elenaz's Avatar
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
  
Join Date: Sep 2010
Experience: Intermediate
31-Jan-2011, 06:17 PM #9
Kevin, this brings up another issue now that you mention proxy servers. My outlook hangs a lot as it's syncing folders. When I searched online for a solution, it indicated that it does that when you are set up via a proxy server. Now I'm really baffled. Any connection that you know of?
elenaz's Avatar
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
  
Join Date: Sep 2010
Experience: Intermediate
31-Jan-2011, 06:24 PM #10
I just reviewed online what proxy servers are and their benefits. With regards to storing ip addresses in the proxy and improving response when accessing the same sites over and over, I definitely have that feature and it's useful to me because I do in fact do that. I'm wondering if the use of a proxy server is something that was set up by the internet provider (comcast) or a feature of the Internet Security programs such as TrendMicro PC Cillin (which I've had up to several weeks ago when it stopped working for me) or Spyware Doctor Internet Security which is currently running? Boy, this techy stuff :-)
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,634 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
31-Jan-2011, 06:29 PM #11
Check the following settings in IE and FF...

Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > See if a proxy is running,

Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. Is a proxy set

Just tell me dont stop them yet, i`ll have to research see if I can find out what they are.....
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,634 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
31-Jan-2011, 07:07 PM #12
Hiya elenaz,

Leave the Proxie settings the way they are for now, from what i`ve read they may very well belong to Comcast. Good or bad, we`ll have to wait and see.

Proceed as follows :-

Step 1

Re-Run by double left click, Vista and Widows 7 users right click and select Run as Administrator.
  • Under the box at the bottom, paste in the following

    Code:
    :OTL
SRV - File not found [Disabled | Stopped] -- -- (hpdj00)
SRV - File not found [Disabled | Stopped] -- -- (HP Port Resolver)
SRV - File not found [Disabled | Stopped] -- -- (FreezeScreenSaver)
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..keyword.URL: "http://utils.babylon.com/abt/index.php?url="
[2011/01/16 16:40:04 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\searchtoolbar@zug o.com
[2011/01/16 16:40:04 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing-zugo.xml
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - File not found
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: //showID('hidden_div'); ([]javascript in Trusted sites)
O15 - HKCU\..Trusted Domains: autofol.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freemarketinggraphics.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: freemkgr.hop ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: kaas.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: mrmisupercashsystem.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: terrisfp.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: timothysfineart.com ([]* in Trusted sites)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found
:Services

:Reg

:Files
ipconfig /flushdns /c
C:\WINDOWS\System32\_003472_.tmp.dll
C:\WINDOWS\System32\_003440_.tmp.dll

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
  • Then click button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 2

We need to upload a file to Jotti

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

C:\WINDOWS\wc98pp.dll

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.


Upload same File to Virustotal
Please visit Virustotal
  • Click the Browse... button
  • Navigate to the file C:\WINDOWS\wc98pp.dll
  • Click the Open button
  • Click the Send button
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

Step 3

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

What i`d like in your reply :-
  • Log from OTL Fix
  • Results from Jotti
  • Results from VirusTotal
  • Log from Malwarebytes
  • System review, improvements? issues?

Kevin
elenaz's Avatar
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
  
Join Date: Sep 2010
Experience: Intermediate
31-Jan-2011, 07:58 PM #13
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > See if a proxy is running,
NOTHING IS CHECKED

Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. Is a proxy set
YES. use system proxy setting is selected.

will move on to your other steps.
elenaz's Avatar
Computer Specs
Junior Member with 19 posts.
THREAD STARTER
  
Join Date: Sep 2010
Experience: Intermediate
31-Jan-2011, 08:04 PM #14
NEw OTL.txt file 1/31/2011 7:03 pm
OTL logfile created on: 1/31/2011 6:58:59 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Elena Zanfei\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 3500 5600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.83 Gb Total Space | 11.25 Gb Free Space | 12.81% Space Free | Partition Type: NTFS

Computer Name: ELENA | User Name: Elena Zanfei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/31 15:14:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2011/01/07 14:54:12 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\FGuard.exe
PRC - [2010/12/03 13:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/03 13:35:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/01/31 15:14:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (hpdj00)
SRV - File not found [Disabled | Stopped] -- -- (HP Port Resolver)
SRV - File not found [Disabled | Stopped] -- -- (FreezeScreenSaver)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/10/12 11:08:06 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/10/12 11:08:06 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/10/01 11:27:22 | 000,632,792 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/09/20 19:25:06 | 003,117,200 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Disabled | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/05/09 04:53:32 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Disabled | Stopped] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/04/04 11:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2007/04/27 08:19:29 | 000,002,560 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/09 09:50:27 | 000,895,088 | ---- | M] (PC Tools Research Pty Ltd) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\sdhelp.exe -- (SDhelper)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/05/01 08:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2006/05/01 08:20:52 | 000,114,753 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2006/05/01 08:20:26 | 000,217,164 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005/08/02 14:18:50 | 000,086,016 | ---- | M] (CACE Technologies) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/12/31 09:36:40 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2010/12/31 09:36:38 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/12/31 09:36:36 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/16 08:46:04 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/21 15:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/06/15 17:43:35 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/20 08:15:37 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/20 08:15:36 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/06 14:57:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/01/03 15:21:32 | 000,026,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/06/27 08:42:34 | 000,073,856 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
DRV - [2007/06/27 08:41:48 | 000,101,248 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/05/01 08:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/27 06:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/12/14 19:38:00 | 003,210,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/12/01 07:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 07:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 07:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/29 17:37:44 | 000,108,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005/11/29 17:37:44 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/11/29 17:37:44 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/11/29 17:37:44 | 000,036,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/11/29 04:36:56 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 16:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/08/02 14:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/07/14 23:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 22:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/13 00:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/05/31 04:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/31 04:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/31 04:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/31 04:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/31 04:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/31 04:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/31 04:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/31 04:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/31 04:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/13 09:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2005/05/13 09:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2005/04/22 02:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/04/21 01:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/02/13 16:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/05/28 18:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/09/04 18:38:44 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C C0 0E A8 15 BB CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.r5.attbi.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=sas.r5.attbi.com:8000;gopher=sas.r5.attbi.com:8000;http=sas.r5.attbi.co m:8000;https=sas.r5.attbi.com:8000

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VE3D01&q="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300
FF - prefs.js..keyword.URL: "http://utils.babylon.com/abt/index.php?url="
FF - prefs.js..network.proxy.ftp: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.ftp_port: 8000
FF - prefs.js..network.proxy.gopher: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.gopher_port: 8000
FF - prefs.js..network.proxy.http: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.http_port: 8000
FF - prefs.js..network.proxy.no_proxies_on: "*.r5.attbi.com,*.local"
FF - prefs.js..network.proxy.ssl: "sas.r5.attbi.com"
FF - prefs.js..network.proxy.ssl_port: 8000


FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/19 17:10:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/04/14 09:15:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/01/31 17:37:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/29 20:53:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/29 20:53:18 | 000,000,000 | ---D | M]

[2010/02/02 13:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Extensions
[2011/01/31 15:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions
[2010/07/02 12:13:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/02 12:13:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/16 16:40:04 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\searchtoolbar@zug o.com
[2011/01/16 16:40:04 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing-zugo.xml
[2010/07/20 11:09:20 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing.xml
[2011/01/29 20:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/19 17:10:03 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/02/12 12:11:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/31 17:37:56 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX
[2007/04/14 09:15:30 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX

O1 HOSTS File: ([2010/06/09 09:11:11 | 000,393,120 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.12 HP000D9D1CF0F8
O1 - Hosts: 192.168.0.14 HP0015604A2AFA
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 13578 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll (PC Tools)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra Button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O9 - Extra 'Tools' menuitem : Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O9 - Extra Button: Safenotes - {45DB34C3-955C-11D3-ABEF-444553540002} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O9 - Extra 'Tools' menuitem : Safenotes Editor - {45DB34C3-955C-11D3-ABEF-444553540002} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: //showID('hidden_div'); ([]javascript in Trusted sites)
O15 - HKCU\..Trusted Domains: autofol.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freemarketinggraphics.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: freemkgr.hop ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: kaas.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: mrmisupercashsystem.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: terrisfp.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: timothysfineart.com ([]* in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab (RegUserCfgUI Class)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://designers-surplus.2020.net/Co...erAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/Driver...reqlab_nvd.cab (Reg Error: Key error.)
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedIn...derControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Cu...WebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v46.../bejeweled.cab (Bejeweled Control)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn...tDetection.cab (Reg Error: Value error.)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/S...dObjSigned.cab (HPSDDX Class)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab (DDRevision Class)
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} http://ibhost.dancik.com/download/actimage8.0915.cab (Image Builder Room Control)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://servicemagic.view22.com/app/view22RTE.cab (Reg Error: Key error.)
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} http://merillat.view22.com/release_3...iew22RTEv4.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/...ploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://minutesmatter.webex.com/clie...ex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://livenj02.custhelp.com/7530-b3.../java/RntX.cab (Live Collaboration)
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} https://secure.iolo.com/app/ocx/UpgradeVerify.ocx (iolo.ProductDetector)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1ad4c042-e18c-11dc-9981-001422ef63f0}\Shell - "" = AutoRun
O33 - MountPoints2\{1ad4c042-e18c-11dc-9981-001422ef63f0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1ad4c042-e18c-11dc-9981-001422ef63f0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/31 17:40:39 | 000,069,392 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/01/31 17:40:39 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/01/31 17:40:39 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/01/31 17:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/01/31 15:14:10 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
[2011/01/31 15:02:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\TFC.exe
[2011/01/30 10:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Desktop\ANTISPYWARE UTILITIES
[2011/01/30 10:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\COMCAST STUFF FROM DESKTOP SHORTCUTS
[2011/01/30 10:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\DELL shortcuts from desktop
[2011/01/30 09:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\LANDLORD FORMS
[2011/01/30 09:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\FINANCE_MAKING MONEY
[2011/01/29 20:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/01/29 18:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/29 08:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\Threat Expert
[2011/01/28 20:23:40 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0154.old
[2011/01/28 20:23:40 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/01/28 20:23:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0154.old
[2011/01/28 20:23:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/01/28 20:21:20 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/01/28 20:20:24 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/01/28 20:20:24 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/01/28 20:20:24 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/01/28 20:20:17 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/01/28 20:20:17 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/01/28 20:20:07 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/01/28 20:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/01/28 15:36:51 | 105,145,416 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Elena Zanfei\Desktop\en-US_TISDell_Download.exe
[2011/01/28 15:19:44 | 000,000,000 | ---D | C] -- C:\Archive
[2011/01/28 14:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Desktop\en-US_TISDell_Download
[2011/01/28 09:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/01/25 16:48:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Elena Zanfei\Recent
[2011/01/24 16:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\2COACHING
[2011/01/24 15:51:32 | 000,000,000 | ---D | C] -- C:\EDB_License
[2011/01/21 10:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\VS Revo Group
[2011/01/21 10:05:22 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011/01/21 10:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/01/21 10:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/01/16 16:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Start Menu\Programs\FoxTab Audio Converter
[2011/01/16 16:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabAudioConverter
[2011/01/15 14:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/01/15 14:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/01/15 14:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Application Data\Skype

========== Files - Modified Within 30 Days ==========

[2011/01/31 19:01:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/01/31 19:00:43 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/01/31 18:59:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{387CC01B-D7D2-4B62-AB21-5FE6F622E672}.job
[2011/01/31 18:44:05 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/01/31 18:41:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/31 18:41:10 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/01/31 18:41:09 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3968011601-653935474-224142973-1007.job
[2011/01/31 18:41:08 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/31 18:41:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/01/31 18:41:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/31 18:41:01 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/31 18:26:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/31 17:37:45 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/01/31 15:43:30 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3968011601-653935474-224142973-1007.job
[2011/01/31 15:34:06 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2011/01/31 15:14:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
[2011/01/31 15:02:38 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\TFC.exe
[2011/01/31 12:20:00 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (2).lnk
[2011/01/31 09:11:32 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Publisher 2003 (2).lnk
[2011/01/31 09:07:29 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
[2011/01/30 15:14:46 | 028,510,699 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\tony-robbins-interview-leagueMono.mp3
[2011/01/30 15:13:48 | 028,894,408 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\TonyRobbinsInterview2MONO.mp3
[2011/01/30 10:19:38 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Mechanic.lnk
[2011/01/30 10:07:47 | 000,028,366 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/01/30 10:04:10 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to TheSecret-Visualization.mov.lnk
[2011/01/30 10:03:44 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to secrettoyou.mov.lnk
[2011/01/30 09:59:19 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to FURNITURE manufacturers for web.xml.lnk
[2011/01/30 09:46:23 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TouchCopy 09.lnk
[2011/01/30 09:40:23 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Jenny.lnk
[2011/01/29 18:51:33 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/29 17:31:47 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\trend micro.pub
[2011/01/28 20:18:56 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\sdasetup.exe
[2011/01/28 16:00:49 | 105,145,416 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Elena Zanfei\Desktop\en-US_TISDell_Download.exe
[2011/01/28 15:10:28 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/01/28 15:10:28 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/01/28 14:53:08 | 000,750,444 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/28 14:50:54 | 003,327,000 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\WindowsXP-KB942288-v3-x86.exe
[2011/01/26 14:47:45 | 000,000,031 | ---- | M] () -- C:\WINDOWS\WebUpdateSvc4.INI
[2011/01/23 22:00:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/01/23 20:54:25 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/17 14:58:02 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
[2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/01/16 16:57:52 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\FoxTab Audio Converter.lnk
[2011/01/15 15:10:46 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/01/15 14:58:37 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/15 14:54:52 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/12 21:30:44 | 001,174,841 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\2012 free report.pdf
[2011/01/07 14:54:18 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0154.old
[2011/01/07 14:54:18 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/01/07 14:54:16 | 001,533,904 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/01/07 14:54:14 | 002,000,848 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0154.old
[2011/01/07 14:54:14 | 002,000,848 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/01/07 14:54:04 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll0154.old
[2011/01/07 14:54:04 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2011/01/06 11:54:52 | 000,002,125 | ---- | M] () -- C:\WINDOWS\UDB.zip

========== Files Created - No Company Name ==========

[2011/01/31 17:37:45 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/01/30 15:14:54 | 028,510,699 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\tony-robbins-interview-leagueMono.mp3
[2011/01/30 15:14:12 | 028,894,408 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\TonyRobbinsInterview2MONO.mp3
[2011/01/30 10:19:38 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Mechanic.lnk
[2011/01/30 10:00:40 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to TheSecret-Visualization.mov.lnk
[2011/01/30 09:59:17 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to secrettoyou.mov.lnk
[2011/01/30 09:39:18 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to FURNITURE manufacturers for web.xml.lnk
[2011/01/29 18:51:33 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/29 17:33:41 | 000,232,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/29 17:31:45 | 000,174,592 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\trend micro.pub
[2011/01/28 20:23:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0154.old
[2011/01/28 20:23:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/01/28 20:21:20 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/01/28 20:21:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/01/28 20:21:20 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/01/28 20:21:20 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/01/28 14:50:53 | 003,327,000 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\WindowsXP-KB942288-v3-x86.exe
[2011/01/28 09:46:54 | 000,750,444 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/28 09:44:45 | 000,513,032 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\sdasetup.exe
[2011/01/21 10:05:22 | 000,000,961 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/01/21 10:05:22 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/01/16 16:57:52 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\FoxTab Audio Converter.lnk
[2011/01/15 15:10:46 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/01/15 14:58:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/15 14:54:52 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/12 21:30:44 | 001,174,841 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\2012 free report.pdf
[2010/10/29 13:01:03 | 000,000,816 | ---- | C] () -- C:\WINDOWS\System32\ker.dll
[2009/12/10 08:28:24 | 000,000,558 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/12/07 16:46:33 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/08/07 20:48:23 | 000,000,031 | ---- | C] () -- C:\WINDOWS\WebUpdateSvc4.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/27 15:15:42 | 000,001,151 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/12/13 09:24:55 | 000,974,848 | ---- | C] () -- C:\WINDOWS\vorbis.dll
[2008/12/13 09:24:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\ogg.dll
[2008/12/13 09:24:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\vorbisfile.dll
[2008/12/06 20:18:18 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/11/22 15:42:02 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/07/05 12:33:14 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003472_.tmp.dll
[2008/07/05 12:33:14 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003440_.tmp.dll
[2008/05/24 07:49:37 | 000,026,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/03/03 20:00:47 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/02/18 22:34:35 | 000,000,326 | ---- | C] () -- C:\WINDOWS\MindApp.INI
[2007/11/14 20:38:27 | 000,000,737 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/09/10 18:36:47 | 000,000,018 | ---- | C] () -- C:\WINDOWS\EPSTRYTL.ini
[2007/09/10 18:20:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/08/13 14:52:37 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\WHBMD5TYHNKER3NBHUM9S5UJX6
[2007/07/30 13:21:15 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/07/30 13:21:13 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/05/23 15:01:33 | 000,000,334 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/04/27 08:19:30 | 000,001,425 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2007/04/27 08:19:29 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2007/04/25 19:06:38 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/08 23:31:29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/22 12:45:20 | 000,038,478 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Comma Separated Values (DOS).ADR
[2007/02/18 09:31:48 | 000,000,023 | ---- | C] () -- C:\WINDOWS\DownloadStudio.INI
[2007/01/30 22:38:48 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\dm.ini
[2006/09/18 13:36:28 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/09/07 16:23:46 | 000,038,482 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Tab Separated Values (DOS).ADR
[2006/08/13 20:49:57 | 000,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll
[2006/08/13 20:40:58 | 000,000,020 | ---- | C] () -- C:\WINDOWS\squotes.ini
[2006/06/12 09:37:03 | 000,000,065 | ---- | C] () -- C:\WINDOWS\dreamm.INI
[2006/06/12 09:37:03 | 000,000,045 | ---- | C] () -- C:\WINDOWS\DMCBIDS.INI
[2006/06/12 08:51:05 | 000,000,067 | ---- | C] () -- C:\WINDOWS\dreammN.INI
[2006/06/12 08:50:57 | 000,000,260 | ---- | C] () -- C:\WINDOWS\DMCBIDSN.ini
[2006/06/12 08:50:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DreammT.ini
[2006/05/26 16:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/04/27 19:42:12 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2006/04/27 19:42:12 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2006/04/27 19:42:12 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2006/04/22 23:37:29 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/03/17 20:04:58 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ZT3WAQ7HBAUC9KGKBAC7YLPFDV
[2006/03/15 20:22:44 | 000,000,165 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/14 13:08:58 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/14 13:04:26 | 000,001,370 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/03/14 13:04:25 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/02/26 14:08:00 | 000,041,047 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2006/02/24 22:38:21 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/24 22:12:10 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\fusioncache.dat
[2006/02/17 12:26:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/17 12:20:08 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gwseh.dat
[2006/02/17 12:16:41 | 000,005,310 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/17 12:05:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/17 12:02:17 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/02/17 11:38:18 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/02/17 11:38:14 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/17 11:38:14 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/17 11:38:14 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/17 11:38:14 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/17 11:37:44 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/12 16:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 16:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/08/03 13:33:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/02 14:24:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/06/22 16:11:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/08/25 18:24:33 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\Mswrkdmk.dll
[2004/08/11 17:24:19 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/06/16 15:04:19 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\TFC2B66AGMJLD5TYN3EE7UMVHH
[2004/06/01 16:02:00 | 000,038,477 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft Excel.ADR
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/12 19:44:03 | 000,027,296 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Personal Address Book.ADR
[2003/11/25 15:17:54 | 000,038,491 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Tab Separated Values (Windows).ADR
[2003/10/08 21:32:45 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\rsUtil.dll
[2003/10/03 14:45:10 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\AgilInf.dll
[2003/06/06 13:26:24 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003/06/06 13:22:51 | 000,023,076 | ---- | C] () -- C:\WINDOWS\System32\Landdll2.dll
[2003/06/06 13:22:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2003/06/06 13:22:44 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2003/05/06 22:59:59 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2003/05/06 22:59:50 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2003/04/06 16:43:26 | 000,010,512 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ACT! 3.x, 4.0 Contact Manager for Windows.TSK
[2003/04/06 16:43:24 | 000,012,252 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ACT! 3.x, 4.0 Contact Manager for Windows.CAL
[2003/04/06 16:43:05 | 000,034,934 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ACT! 3.x, 4.0 Contact Manager for Windows.ADR
[2003/04/02 20:06:25 | 000,013,013 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Comma Separated Values (Windows).CAL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/22 16:10:42 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2002/11/22 16:10:41 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
[2002/05/12 18:32:07 | 000,354,056 | ---- | C] () -- C:\WINDOWS\System32\RIVET200.DLL
[2002/04/06 15:42:46 | 000,038,516 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Comma Separated Values (Windows).ADR
[2002/01/18 21:09:12 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2002/01/15 02:37:17 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\saverrc.dll
[2002/01/15 02:35:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2002/01/15 02:34:50 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserName.txt
[2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[2000/07/03 23:51:12 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[1998/07/12 00:13:00 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\HSZlib.dll

========== Custom Scans ==========


< :OTL >

< SRV - File not found [Disabled | Stopped] -- -- (hpdj00) >

< SRV - File not found [Disabled | Stopped] -- -- (HP Port Resolver) >

< SRV - File not found [Disabled | Stopped] -- -- (FreezeScreenSaver) >

< FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2 >

< FF - prefs.js..keyword.URL: "http://utils.babylon.com/abt/index.php?url=" >

< [2011/01/16 16:40:04 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\searchtoolbar@zug o.com >
Invalid Switch: 16 16:40:04 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\searchtoolbar@zug o.com


< [2011/01/16 16:40:04 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing-zugo.xml >
Invalid Switch: 16 16:40:04 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing-zugo.xml


< O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found. >

< O3 - HKLM\..\Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - No CLSID value found. >

< O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. >

< O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. >

< O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found >

< O9 - Extra 'Tools' menuitem : Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - File not found >

< O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - Reg Error: Value error. File not found >

< O15 - HKCU\..Trusted Domains: //showID('hidden_div'); ([]javascript in Trusted sites) >
Invalid Switch: showID('hidden_div'); ([]javascript in Trusted sites)


< O15 - HKCU\..Trusted Domains: autofol.com ([]http in Trusted sites) >

< O15 - HKCU\..Trusted Domains: facebook.com ([]* in Trusted sites) >

< O15 - HKCU\..Trusted Domains: freemarketinggraphics.com ([]http in Trusted sites) >

< O15 - HKCU\..Trusted Domains: freemkgr.hop ([]http in Trusted sites) >

< O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) >

< O15 - HKCU\..Trusted Domains: kaas.com ([]http in Trusted sites) >

< O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet) >

< O15 - HKCU\..Trusted Domains: mrmisupercashsystem.com ([]http in Trusted sites) >

< O15 - HKCU\..Trusted Domains: terrisfp.com ([]http in Trusted sites) >

< O15 - HKCU\..Trusted Domains: timothysfineart.com ([]* in Trusted sites) >

< O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found >

< :Services >

< >

< :Reg >

< >

< :Files >

< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

< C:\WINDOWS\System32\_003472_.tmp.dll >
[2004/08/04 05:00:00 | 000,249,270 | ---- | M] () -- C:\WINDOWS\system32\_003472_.tmp.dll

< C:\WINDOWS\System32\_003440_.tmp.dll >
[2004/08/04 05:00:00 | 000,022,040 | ---- | M] () -- C:\WINDOWS\system32\_003440_.tmp.dll

< >

< :Commands >

< [purity] >

< [emptytemp] >

< [EMPTYFLASH] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,634 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
01-Feb-2011, 02:21 AM #15
Did you use the "Run Scan" tab instead of the "Run Fix" tab? What about the feedback from Jotti and VirusTotal or the log from Malwarebytes....
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Solved: How often to I need to submit my website to Google or other search engines? nika2 Web Design & Development 7 14-Jul-2010 04:50 PM
Hijacked Search Engine?! ckall056 Virus & Other Malware Removal 0 31-Jan-2010 11:42 AM
Please help -- Unable to access any search engines pennymay Virus & Other Malware Removal 8 30-Dec-2009 02:32 PM
Search Engine Links Are Redirected to Error Page IvyRavis Web & Email 3 15-Dec-2009 04:11 PM
Search Engine Redirecting to Wrong Page amiras Virus & Other Malware Removal 1 12-Jan-2009 05:07 PM

TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 11:45 PM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

VigLink badge
Trusted Website Back to the Top ↑