1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

unable to remove Babylon search engine

Discussion in 'Virus & Other Malware Removal' started by elenaz, Jan 31, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. elenaz

    elenaz Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    19
    I have read ALL posts both here and on other forums. I have used ADD/DELETE programs to remove Babylon, I deleted the folder in PROGRAMS and I have search the entire C drive for anything having to do with Babylon. Ran registry mechanic and STILL, when I enter something in the url bar, it automatically default to the babylon search. This happens in both IE and FIREFOX. The home page is set to Bing and there is NO add-ons that deal with Babylon. In essence, I cannot find BABYLON anywhere on my computer and yet, it automatically defaults as the search engine when using the url bar at the top of my browser to search. I have TRIED everything. No utility like Spyware Doctor, System Mechanic, Spybot, Malware Bytes or any other has been able to find any issues. PLEASE HELP!!!!!!!!!!!!!!!!!!!!
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,158
    Hiya elenaz,

    Please proceed as follows :-

    Step 1

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Make sure any open work is saved. TFC will close all open application windows.
    • Double-click TFC.exe to run the program.
    • If prompted, click "Yes" to reboot.
    TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

    Step 2

    Download [​IMG] from any of the following links and save to your Desktop:

    Link 1
    Link 2
    Link 3

    • Double click on the icon to run it. Vista and Windows 7 users right click and select Run as Administrator. Make sure all other windows are closed and to let it run uninterrupted.
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Under the Custom Scan box paste this in
      Code:
            netsvcs
            drivers32
            %SYSTEMDRIVE%\*.*
            %systemroot%\*. /mp /s
            CREATERESTOREPOINT
            %systemroot%\System32\config\*.sav
            HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply
    Copy and paste OTL Txt and ExtrasTxt in your reply.

    Kevin
     
  3. elenaz

    elenaz Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    19
    OTL logfile created on: 1/31/2011 3:15:00 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Elena Zanfei\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
    5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 3500 5600 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 87.83 Gb Total Space | 10.72 Gb Free Space | 12.21% Space Free | Partition Type: NTFS

    Computer Name: ELENA | User Name: Elena Zanfei | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/31 15:14:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
    PRC - [2010/12/03 13:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/31 15:14:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
    MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (hpdj00)
    SRV - File not found [Disabled | Stopped] -- -- (HP Port Resolver)
    SRV - File not found [Disabled | Stopped] -- -- (FreezeScreenSaver)
    SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
    SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
    SRV - [2010/10/12 11:08:06 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
    SRV - [2010/10/12 11:08:06 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
    SRV - [2010/10/01 11:27:22 | 000,632,792 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
    SRV - [2010/09/20 19:25:06 | 003,117,200 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Disabled | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
    SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
    SRV - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
    SRV - [2008/05/09 04:53:32 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Disabled | Stopped] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
    SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
    SRV - [2008/04/04 11:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
    SRV - [2007/04/27 08:19:29 | 000,002,560 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
    SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2006/11/09 09:50:27 | 000,895,088 | ---- | M] (PC Tools Research Pty Ltd) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\sdhelp.exe -- (SDhelper)
    SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV - [2006/05/01 08:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2006/05/01 08:20:52 | 000,114,753 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2006/05/01 08:20:26 | 000,217,164 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2005/08/02 14:18:50 | 000,086,016 | ---- | M] (CACE Technologies) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
    DRV - [2010/12/31 09:36:40 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
    DRV - [2010/12/31 09:36:38 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
    DRV - [2010/12/31 09:36:36 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
    DRV - [2010/12/16 08:46:04 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
    DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2010/07/21 15:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
    DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
    DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
    DRV - [2010/06/15 17:43:35 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/20 08:15:37 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2010/02/20 08:15:36 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 12:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/03/06 14:57:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2008/01/03 15:21:32 | 000,026,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2007/06/27 08:42:34 | 000,073,856 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
    DRV - [2007/06/27 08:41:48 | 000,101,248 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
    DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/05/01 08:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2006/04/27 06:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
    DRV - [2005/12/14 19:38:00 | 003,210,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2005/12/01 07:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2005/12/01 07:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2005/12/01 07:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2005/11/29 17:37:44 | 000,108,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
    DRV - [2005/11/29 17:37:44 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV - [2005/11/29 17:37:44 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
    DRV - [2005/11/29 17:37:44 | 000,036,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
    DRV - [2005/11/29 04:36:56 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
    DRV - [2005/08/05 16:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2005/08/02 14:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
    DRV - [2005/07/14 23:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2005/07/14 22:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2005/07/13 00:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2005/05/31 04:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2005/05/31 04:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2005/05/31 04:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2005/05/31 04:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2005/05/31 04:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2005/05/31 04:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2005/05/31 04:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2005/05/31 04:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2005/05/31 04:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2005/05/13 09:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2005/05/13 09:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
    DRV - [2005/04/22 02:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2005/04/21 01:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
    DRV - [2004/02/13 16:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
    DRV - [2003/05/28 18:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
    DRV - [2001/09/04 18:38:44 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr)
    DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/customize/ymsgr/defaults/cs/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C C0 0E A8 15 BB CB 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.r5.attbi.com;*.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=sas.r5.attbi.com:8000;gopher=sas.r5.attbi.com:8000;http=sas.r5.attbi.com:8000;https=sas.r5.attbi.com:8000

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Bing"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VE3D01&q="
    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
    FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
    FF - prefs.js..extensions.enabledItems: [email protected]:1.2
    FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300
    FF - prefs.js..keyword.URL: "http://utils.babylon.com/abt/index.php?url="
    FF - prefs.js..network.proxy.ftp: "sas.r5.attbi.com"
    FF - prefs.js..network.proxy.ftp_port: 8000
    FF - prefs.js..network.proxy.gopher: "sas.r5.attbi.com"
    FF - prefs.js..network.proxy.gopher_port: 8000
    FF - prefs.js..network.proxy.http: "sas.r5.attbi.com"
    FF - prefs.js..network.proxy.http_port: 8000
    FF - prefs.js..network.proxy.no_proxies_on: "*.r5.attbi.com,*.local"
    FF - prefs.js..network.proxy.ssl: "sas.r5.attbi.com"
    FF - prefs.js..network.proxy.ssl_port: 8000


    FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/19 17:10:03 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/04/14 09:15:30 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/01/28 20:23:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/29 20:53:18 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/29 20:53:18 | 000,000,000 | ---D | M]

    [2010/02/02 13:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Extensions
    [2011/01/31 14:02:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions
    [2010/07/02 12:13:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/07/02 12:13:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/01/16 16:40:04 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\[email protected]
    [2011/01/16 16:40:04 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing-zugo.xml
    [2010/07/20 11:09:20 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing.xml
    [2011/01/29 20:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/19 17:10:03 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2009/02/12 12:11:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/01/28 20:23:44 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX
    [2007/04/14 09:15:30 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX

    O1 HOSTS File: ([2010/06/09 09:11:11 | 000,393,120 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 192.168.0.12 HP000D9D1CF0F8
    O1 - Hosts: 192.168.0.14 HP0015604A2AFA
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 13578 more lines...
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll (PC Tools)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found.
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
    O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - File not found
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
    O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
    O9 - Extra Button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
    O9 - Extra 'Tools' menuitem : Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
    O9 - Extra Button: Safenotes - {45DB34C3-955C-11D3-ABEF-444553540002} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
    O9 - Extra 'Tools' menuitem : Safenotes Editor - {45DB34C3-955C-11D3-ABEF-444553540002} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - Reg Error: Value error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O15 - HKCU\..Trusted Domains: //showID('hidden_div'); ([]javascript in Trusted sites)
    O15 - HKCU\..Trusted Domains: autofol.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: facebook.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freemarketinggraphics.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: freemkgr.hop ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKCU\..Trusted Domains: kaas.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
    O15 - HKCU\..Trusted Domains: mrmisupercashsystem.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: terrisfp.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: timothysfineart.com ([]* in Trusted sites)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2005_6_10_1/yregucfg.cab (RegUserCfgUI Class)
    O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://designers-surplus.2020.net/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (Reg Error: Key error.)
    O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab (SysData Class)
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
    O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab (Bejeweled Control)
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (Reg Error: Value error.)
    O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)
    O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
    O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} http://ibhost.dancik.com/download/actimage8.0915.cab (Image Builder Room Control)
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://servicemagic.view22.com/app/view22RTE.cab (Reg Error: Key error.)
    O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} http://merillat.view22.com/release_3_9_177/View22RTEv4.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab (Facebook Photo Uploader 4)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://minutesmatter.webex.com/client/T23L/webex/ieatgpc.cab (GpcContainer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://livenj02.custhelp.com/7530-b327h/rnl/java/RntX.cab (Live Collaboration)
    O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} https://secure.iolo.com/app/ocx/UpgradeVerify.ocx (iolo.ProductDetector)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134 192.168.1.1
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{1ad4c042-e18c-11dc-9981-001422ef63f0}\Shell - "" = AutoRun
    O33 - MountPoints2\{1ad4c042-e18c-11dc-9981-001422ef63f0}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1ad4c042-e18c-11dc-9981-001422ef63f0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/31 15:14:10 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
    [2011/01/31 15:02:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\TFC.exe
    [2011/01/30 10:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Desktop\ANTISPYWARE UTILITIES
    [2011/01/30 10:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\COMCAST STUFF FROM DESKTOP SHORTCUTS
    [2011/01/30 10:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\DELL shortcuts from desktop
    [2011/01/30 09:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\LANDLORD FORMS
    [2011/01/30 09:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\FINANCE_MAKING MONEY
    [2011/01/29 20:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
    [2011/01/29 18:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2011/01/29 08:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\Threat Expert
    [2011/01/28 20:23:40 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
    [2011/01/28 20:23:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
    [2011/01/28 20:23:15 | 000,069,392 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
    [2011/01/28 20:23:15 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
    [2011/01/28 20:23:15 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
    [2011/01/28 20:21:20 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
    [2011/01/28 20:20:24 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
    [2011/01/28 20:20:24 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
    [2011/01/28 20:20:24 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
    [2011/01/28 20:20:17 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
    [2011/01/28 20:20:17 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
    [2011/01/28 20:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
    [2011/01/28 20:20:07 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
    [2011/01/28 20:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2011/01/28 15:36:51 | 105,145,416 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Elena Zanfei\Desktop\en-US_TISDell_Download.exe
    [2011/01/28 15:19:44 | 000,000,000 | ---D | C] -- C:\Archive
    [2011/01/28 14:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Desktop\en-US_TISDell_Download
    [2011/01/28 09:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2011/01/25 16:48:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Elena Zanfei\Recent
    [2011/01/24 16:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\2COACHING
    [2011/01/24 15:51:32 | 000,000,000 | ---D | C] -- C:\EDB_License
    [2011/01/21 10:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\VS Revo Group
    [2011/01/21 10:05:22 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
    [2011/01/21 10:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
    [2011/01/21 10:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2011/01/16 16:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Start Menu\Programs\FoxTab Audio Converter
    [2011/01/16 16:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabAudioConverter
    [2011/01/16 16:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
    [2011/01/15 14:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2011/01/15 14:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
    [2011/01/15 14:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Application Data\Skype

    ========== Files - Modified Within 30 Days ==========

    [2011/01/31 15:19:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{387CC01B-D7D2-4B62-AB21-5FE6F622E672}.job
    [2011/01/31 15:16:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
    [2011/01/31 15:14:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
    [2011/01/31 15:07:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/01/31 15:06:55 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3968011601-653935474-224142973-1007.job
    [2011/01/31 15:06:55 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
    [2011/01/31 15:06:53 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/31 15:06:53 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
    [2011/01/31 15:06:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/01/31 15:06:46 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/31 15:02:38 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\TFC.exe
    [2011/01/31 15:01:16 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3968011601-653935474-224142973-1007.job
    [2011/01/31 14:26:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/31 12:20:00 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (2).lnk
    [2011/01/31 11:34:02 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
    [2011/01/31 09:11:32 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Publisher 2003 (2).lnk
    [2011/01/31 09:07:29 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
    [2011/01/30 19:39:41 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
    [2011/01/30 16:35:26 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2011/01/30 15:14:46 | 028,510,699 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\tony-robbins-interview-leagueMono.mp3
    [2011/01/30 15:13:48 | 028,894,408 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\TonyRobbinsInterview2MONO.mp3
    [2011/01/30 10:19:38 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Mechanic.lnk
    [2011/01/30 10:07:47 | 000,028,366 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2011/01/30 10:04:10 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to TheSecret-Visualization.mov.lnk
    [2011/01/30 10:03:44 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to secrettoyou.mov.lnk
    [2011/01/30 09:59:19 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to FURNITURE manufacturers for web.xml.lnk
    [2011/01/30 09:46:23 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TouchCopy 09.lnk
    [2011/01/30 09:40:23 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Jenny.lnk
    [2011/01/29 18:51:33 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/01/29 17:31:47 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\trend micro.pub
    [2011/01/28 20:20:14 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
    [2011/01/28 20:18:56 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\sdasetup.exe
    [2011/01/28 16:00:49 | 105,145,416 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Elena Zanfei\Desktop\en-US_TISDell_Download.exe
    [2011/01/28 15:10:28 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
    [2011/01/28 15:10:28 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
    [2011/01/28 14:53:08 | 000,750,444 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2011/01/28 14:50:54 | 003,327,000 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\WindowsXP-KB942288-v3-x86.exe
    [2011/01/26 14:47:45 | 000,000,031 | ---- | M] () -- C:\WINDOWS\WebUpdateSvc4.INI
    [2011/01/23 22:00:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
    [2011/01/23 20:54:25 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/17 14:58:02 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
    [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
    [2011/01/16 16:57:52 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\FoxTab Audio Converter.lnk
    [2011/01/16 16:39:54 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\Audacity.lnk
    [2011/01/15 15:10:46 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2011/01/15 14:58:37 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2011/01/15 14:54:52 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2011/01/12 21:30:44 | 001,174,841 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\2012 free report.pdf
    [2011/01/07 14:54:18 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
    [2011/01/07 14:54:16 | 001,533,904 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
    [2011/01/07 14:54:14 | 002,000,848 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
    [2011/01/07 14:54:04 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
    [2011/01/06 11:54:52 | 000,002,125 | ---- | M] () -- C:\WINDOWS\UDB.zip

    ========== Files Created - No Company Name ==========

    [2011/01/30 15:14:54 | 028,510,699 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\tony-robbins-interview-leagueMono.mp3
    [2011/01/30 15:14:12 | 028,894,408 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\TonyRobbinsInterview2MONO.mp3
    [2011/01/30 10:19:38 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Mechanic.lnk
    [2011/01/30 10:00:40 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to TheSecret-Visualization.mov.lnk
    [2011/01/30 09:59:17 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to secrettoyou.mov.lnk
    [2011/01/30 09:39:18 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to FURNITURE manufacturers for web.xml.lnk
    [2011/01/29 18:51:33 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/01/29 17:33:41 | 000,232,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/01/29 17:31:45 | 000,174,592 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\trend micro.pub
    [2011/01/28 20:23:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
    [2011/01/28 20:21:20 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
    [2011/01/28 20:21:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
    [2011/01/28 20:21:20 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
    [2011/01/28 20:21:20 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
    [2011/01/28 20:20:14 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
    [2011/01/28 14:50:53 | 003,327,000 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\WindowsXP-KB942288-v3-x86.exe
    [2011/01/28 09:46:54 | 000,750,444 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2011/01/28 09:44:45 | 000,513,032 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\sdasetup.exe
    [2011/01/21 10:05:22 | 000,000,961 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
    [2011/01/21 10:05:22 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
    [2011/01/16 16:57:52 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\FoxTab Audio Converter.lnk
    [2011/01/16 16:39:54 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
    [2011/01/16 16:39:54 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\Audacity.lnk
    [2011/01/15 15:10:46 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2011/01/15 14:58:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2011/01/15 14:54:52 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2011/01/12 21:30:44 | 001,174,841 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\2012 free report.pdf
    [2010/10/29 13:01:03 | 000,000,816 | ---- | C] () -- C:\WINDOWS\System32\ker.dll
    [2009/12/10 08:28:24 | 000,000,558 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2009/12/07 16:46:33 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
    [2009/08/07 20:48:23 | 000,000,031 | ---- | C] () -- C:\WINDOWS\WebUpdateSvc4.INI
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/04/27 15:15:42 | 000,001,151 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2008/12/13 09:24:55 | 000,974,848 | ---- | C] () -- C:\WINDOWS\vorbis.dll
    [2008/12/13 09:24:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\ogg.dll
    [2008/12/13 09:24:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\vorbisfile.dll
    [2008/12/06 20:18:18 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2008/11/22 15:42:02 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
    [2008/07/05 12:33:14 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003472_.tmp.dll
    [2008/07/05 12:33:14 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003440_.tmp.dll
    [2008/05/24 07:49:37 | 000,026,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
    [2008/03/03 20:00:47 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
    [2008/02/18 22:34:35 | 000,000,326 | ---- | C] () -- C:\WINDOWS\MindApp.INI
    [2007/11/14 20:38:27 | 000,000,737 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
    [2007/09/10 18:36:47 | 000,000,018 | ---- | C] () -- C:\WINDOWS\EPSTRYTL.ini
    [2007/09/10 18:20:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2007/08/13 14:52:37 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\WHBMD5TYHNKER3NBHUM9S5UJX6
    [2007/07/30 13:21:15 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
    [2007/07/30 13:21:13 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2007/05/23 15:01:33 | 000,000,334 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2007/04/27 08:19:30 | 000,001,425 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
    [2007/04/27 08:19:29 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
    [2007/04/25 19:06:38 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/03/08 23:31:29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2007/02/22 12:45:20 | 000,038,478 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Comma Separated Values (DOS).ADR
    [2007/02/18 09:31:48 | 000,000,023 | ---- | C] () -- C:\WINDOWS\DownloadStudio.INI
    [2007/01/30 22:38:48 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\dm.ini
    [2006/09/18 13:36:28 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
    [2006/09/07 16:23:46 | 000,038,482 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Tab Separated Values (DOS).ADR
    [2006/08/13 20:49:57 | 000,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll
    [2006/08/13 20:40:58 | 000,000,020 | ---- | C] () -- C:\WINDOWS\squotes.ini
    [2006/06/12 09:37:03 | 000,000,065 | ---- | C] () -- C:\WINDOWS\dreamm.INI
    [2006/06/12 09:37:03 | 000,000,045 | ---- | C] () -- C:\WINDOWS\DMCBIDS.INI
    [2006/06/12 08:51:05 | 000,000,067 | ---- | C] () -- C:\WINDOWS\dreammN.INI
    [2006/06/12 08:50:57 | 000,000,260 | ---- | C] () -- C:\WINDOWS\DMCBIDSN.ini
    [2006/06/12 08:50:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DreammT.ini
    [2006/05/26 16:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2006/04/27 19:42:12 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
    [2006/04/27 19:42:12 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
    [2006/04/27 19:42:12 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
    [2006/04/22 23:37:29 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
    [2006/03/17 20:04:58 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ZT3WAQ7HBAUC9KGKBAC7YLPFDV
    [2006/03/15 20:22:44 | 000,000,165 | ---- | C] () -- C:\WINDOWS\Quicken.ini
    [2006/03/14 13:08:58 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/03/14 13:04:26 | 000,001,370 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
    [2006/03/14 13:04:25 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [2006/02/26 14:08:00 | 000,041,047 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
    [2006/02/24 22:38:21 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/02/24 22:12:10 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\fusioncache.dat
    [2006/02/17 12:26:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/02/17 12:20:08 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gwseh.dat
    [2006/02/17 12:16:41 | 000,005,310 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/02/17 12:05:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/02/17 12:02:17 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
    [2006/02/17 11:38:18 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
    [2006/02/17 11:38:14 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006/02/17 11:38:14 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006/02/17 11:38:14 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006/02/17 11:38:14 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006/02/17 11:37:44 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2006/01/12 16:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
    [2006/01/12 16:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
    [2005/08/03 13:33:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/08/02 14:24:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
    [2005/06/22 16:11:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
    [2004/08/25 18:24:33 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\Mswrkdmk.dll
    [2004/08/11 17:24:19 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
    [2004/06/16 15:04:19 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\TFC2B66AGMJLD5TYN3EE7UMVHH
    [2004/06/01 16:02:00 | 000,038,477 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft Excel.ADR
    [2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
    [2004/01/12 19:44:03 | 000,027,296 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Personal Address Book.ADR
    [2003/11/25 15:17:54 | 000,038,491 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Tab Separated Values (Windows).ADR
    [2003/10/08 21:32:45 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\rsUtil.dll
    [2003/10/03 14:45:10 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\AgilInf.dll
    [2003/06/06 13:26:24 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
    [2003/06/06 13:22:51 | 000,023,076 | ---- | C] () -- C:\WINDOWS\System32\Landdll2.dll
    [2003/06/06 13:22:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
    [2003/06/06 13:22:44 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
    [2003/05/06 22:59:59 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
    [2003/05/06 22:59:50 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
    [2003/04/06 16:43:26 | 000,010,512 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ACT! 3.x, 4.0 Contact Manager for Windows.TSK
    [2003/04/06 16:43:24 | 000,012,252 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ACT! 3.x, 4.0 Contact Manager for Windows.CAL
    [2003/04/06 16:43:05 | 000,034,934 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ACT! 3.x, 4.0 Contact Manager for Windows.ADR
    [2003/04/02 20:06:25 | 000,013,013 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Comma Separated Values (Windows).CAL
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/11/22 16:10:42 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
    [2002/11/22 16:10:41 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
    [2002/05/12 18:32:07 | 000,354,056 | ---- | C] () -- C:\WINDOWS\System32\RIVET200.DLL
    [2002/04/06 15:42:46 | 000,038,516 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Comma Separated Values (Windows).ADR
    [2002/01/18 21:09:12 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
    [2002/01/15 02:37:17 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\saverrc.dll
    [2002/01/15 02:35:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
    [2002/01/15 02:34:50 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserName.txt
    [2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
    [2000/07/03 23:51:12 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [1998/07/12 00:13:00 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\HSZlib.dll

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/01/30 16:35:26 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2006/08/14 19:18:21 | 000,036,837 | -H-- | M] () -- C:\cache.dmx
    [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007/02/14 12:53:25 | 000,000,000 | ---- | M] () -- C:\debug1.txt
    [2006/02/17 11:43:06 | 000,006,587 | RH-- | M] () -- C:\dell.sdr
    [2010/09/22 19:37:16 | 000,000,045 | ---- | M] () -- C:\error.log
    [2009/08/11 19:34:57 | 000,005,898 | ---- | M] () -- C:\EventLOG.txt
    [2001/09/05 20:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
    [2007/02/14 12:53:25 | 000,000,008 | ---- | M] () -- C:\GetFlashID.txt
    [2010/12/07 11:09:41 | 000,226,623 | ---- | M] () -- C:\halloween_log.html
    [2011/01/31 15:06:46 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
    [2006/03/13 10:58:32 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2007/03/08 23:33:05 | 000,002,305 | -H-- | M] () -- C:\IPH.PH
    [2009/04/07 13:08:42 | 000,014,586 | ---- | M] () -- C:\log.html
    [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2007/07/30 13:27:09 | 020,407,748 | ---- | M] () -- C:\MyMindMovie1.mpg.MP4
    [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/03/31 18:44:54 | 000,250,048 | ---- | M] () -- C:\ntldr
    [2011/01/31 15:06:44 | 3670,016,000 | -HS- | M] () -- C:\pagefile.sys
    [2009/03/27 21:18:25 | 000,000,002 | ---- | M] () -- C:\ProjectEngine.log
    [2006/02/17 12:15:09 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
    [2009/03/23 15:24:21 | 000,002,934 | ---- | M] () -- C:\virus logs.TXT
    [2006/05/27 08:54:14 | 000,002,370 | ---- | M] () -- C:\_Sid.txt

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/11 17:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/11 17:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/11 17:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-31 14:37:43

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

    < End of report >
     
  4. elenaz

    elenaz Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    19
    OTL Extras logfile created on: 1/31/2011 3:15:00 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Elena Zanfei\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
    5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 3500 5600 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 87.83 Gb Total Space | 10.72 Gb Free Space | 12.21% Space Free | Partition Type: NTFS

    Computer Name: ELENA | User Name: Elena Zanfei | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
    "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\stickies\stickies.exe" = C:\Program Files\stickies\stickies.exe:*:Enabled:Stickies 5.1a -- ()
    "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
    "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
    "D:\setup\HPZNET01.EXE" = D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe
    "C:\WINDOWS\system32\wupdmgr.exe" = C:\WINDOWS\system32\wupdmgr.exe:*:Enabled:Windows Update -- (Microsoft Corporation)
    "C:\TEMP\HP_WebRelease\Setup\HPZnet01.exe" = C:\TEMP\HP_WebRelease\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in
    "C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux
    "D:\setup\HPZNUI01.EXE" = D:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
    "D:\setup\HPONICIFS01.EXE" = D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe
    "C:\Program Files\HP\digital imaging\bin\hpofxm08.exe" = C:\Program Files\HP\digital imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\digital imaging\bin\hposfx08.exe" = C:\Program Files\HP\digital imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\digital imaging\bin\hposid01.exe" = C:\Program Files\HP\digital imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\digital imaging\bin\hpqcopy.exe" = C:\Program Files\HP\digital imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\digital imaging\bin\hpfccopy.exe" = C:\Program Files\HP\digital imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\digital imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\digital imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\digital imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\digital imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
    "C:\Program Files\HP\digital imaging\bin\hpoews01.exe" = C:\Program Files\HP\digital imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger
    "C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe" = C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe:*:Enabled:SMPCSetup
    "C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\IXP000.TMP\smwinvnc.exe" = C:\Documents and Settings\Elena Zanfei\Local Settings\Temp\IXP000.TMP\smwinvnc.exe:*:Enabled:TightVNC Win32 Server
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\CallWave\IAM.exe" = C:\Program Files\CallWave\IAM.exe:*:Enabled:CallWave -- (CallWave, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
    "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
    "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
    "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
    "{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
    "{1E697208-321A-4BD7-A8A3-41B406EB3DED}" = eBook Pro Viewer 5.5
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
    "{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
    "{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
    "{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
    "{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer (OpenSBI Edition)
    "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
    "{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
    "{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
    "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
    "{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
    "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
    "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
    "{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
    "{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
    "{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5AB6F784-1163-4EE6-96EB-05BAB1B46DBA}" = TouchCopy 09
    "{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
    "{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
    "{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
    "{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
    "{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
    "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
    "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
    "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
    "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
    "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
    "{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
    "{7DCF7BBA-39A9-4e27-9154-F57BCED90CBF}" = HP Officejet J6400 Series
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
    "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
    "{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
    "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
    "{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
    "{95F9D960-C571-11D0-90F0-00001B1EFBA8}" = QuickBooks Pro 2001
    "{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{9FA93155-472F-4778-87A8-95244FD1535D}" = OLYMPUS Master 2
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
    "{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
    "{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
    "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BE8913B7-B2C4-48BE-8A26-84390FF4F231}" = DMX Update
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C22B3E5E-B1D6-4C4D-AB78-2132C327A3E4}" = Product Idea Profitabilty Evaluator
    "{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
    "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
    "{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE4C9170-F517-42EB-A5CB-F16DE610315A}" = Stamps.com Application Support for Microsoft Outlook 2000, 2002, 2003
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
    "{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
    "{D22B50A0-DD4E-4E33-9971-891C328677C8}" = DellConnect
    "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
    "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
    "{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Google
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E5E6E687-1033-BA7E-6000-000000000001}" = Adobe Acrobat Elements 6.0
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
    "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F8AA728E-AB2B-4338-9B3D-680253CDCC0F}" = BrightLister
    "{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
    "{FAD7C32D-8A42-4E35-9648-52CD980E1928}" = Minutes Matter Studio
    "{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "Adaptec UDF Reader" = Adaptec UDF Reader
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "AI RoboForm" = AI RoboForm (All Users)
    "Audacity_is1" = Audacity 1.2.6
    "Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
    "Browser Defender_is1" = Browser Defender 3.0
    "CallWave" = CallWave
    "Carbonite Backup" = Carbonite
    "CCleaner" = CCleaner
    "Cisco Connect" = Cisco Connect
    "Core FTP LE 2.1" = Core FTP LE 2.1
    "Creating Abundance" = Creating Abundance
    "dBpowerAMP Music Converter" = dBpowerAMP Music Converter
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "Dell Game Console" = Dell Game Console
    "Dream-Minder N" = Dream-Minder N
    "FileZilla Client" = FileZilla Client 3.3.4.1
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MemoriesOnWeb_is1" = MemoriesOnWeb 3.1.7
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "ProInst" = Intel(R) PROSet/Wireless Software
    "Quicken Legal Business Pro 2010" = Quicken Legal Business Pro 2010
    "RealPlayer 12.0" = RealPlayer
    "Registry Mechanic_is1" = Registry Mechanic 10.0
    "Software Update Wizard (Redistributable)" = Software Update Wizard (Redistributable) 4.5
    "Spyware Doctor" = Spyware Doctor with AntiVirus 8.0
    "Stamps.com" = Stamps.com
    "Stamps.com support for Microsoft Outlook 2000-2007" = Stamps.com support for Microsoft Outlook 2000-2007
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "SystemRequirementsLab" = System Requirements Lab
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Web Page Maker_is1" = Web Page Maker V3.03
    "WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinPcapInst" = WinPcap 3.1
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! SiteBuilder" = Yahoo! SiteBuilder

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "309a46b1dc89b774" = Dell Driver Download Manager
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/30/2011 6:46:27 PM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic Update Manager -- Error 1706. An installation package
    for the product Sonic Update Manager cannot be found. Try the installation again
    using a valid copy of the installation package 'UM.MSI'.

    Error - 1/31/2011 10:37:24 AM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
    could be found for product Microsoft .NET Framework 1.1. The Windows installer
    cannot continue.

    Error - 1/31/2011 10:37:25 AM | Computer Name = ELENA | Source = MsiInstaller | ID = 1023
    Description = Product: Microsoft .NET Framework 1.1 - Update '{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}'
    could not be installed. Error code 1603. Additional information is available in
    the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2416447-X86\NDP1.1sp1-KB2416447-X86-msi.0.log.

    Error - 1/31/2011 10:37:27 AM | Computer Name = ELENA | Source = NativeWrapper | ID = 5000
    Description =

    Error - 1/31/2011 2:20:04 PM | Computer Name = ELENA | Source = Microsoft Office 11 | ID = 2000
    Description = Accepted Safe Mode action : Microsoft Office Word.

    Error - 1/31/2011 5:07:35 PM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic Update Manager -- Error 1706. An installation package
    for the product Sonic Update Manager cannot be found. Try the installation again
    using a valid copy of the installation package 'UM.MSI'.

    Error - 1/31/2011 5:07:39 PM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic Update Manager -- Error 1706. An installation package
    for the product Sonic Update Manager cannot be found. Try the installation again
    using a valid copy of the installation package 'UM.MSI'.

    Error - 1/31/2011 5:07:42 PM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic Update Manager -- Error 1706. An installation package
    for the product Sonic Update Manager cannot be found. Try the installation again
    using a valid copy of the installation package 'UM.MSI'.

    Error - 1/31/2011 5:07:43 PM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic Update Manager -- Error 1706. An installation package
    for the product Sonic Update Manager cannot be found. Try the installation again
    using a valid copy of the installation package 'UM.MSI'.

    Error - 1/31/2011 5:07:46 PM | Computer Name = ELENA | Source = MsiInstaller | ID = 11706
    Description = Product: Sonic Update Manager -- Error 1706. An installation package
    for the product Sonic Update Manager cannot be found. Try the installation again
    using a valid copy of the installation package 'UM.MSI'.

    [ System Events ]
    Error - 1/31/2011 3:44:12 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service CarboniteService
    with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

    Error - 1/31/2011 3:44:12 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service CarboniteService
    with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

    Error - 1/31/2011 3:44:12 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service CarboniteService
    with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

    Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service CarboniteService
    with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

    Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service CarboniteService
    with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

    Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service CarboniteService
    with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

    Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service CarboniteService
    with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

    Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service CarboniteService
    with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

    Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service CarboniteService
    with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

    Error - 1/31/2011 4:30:24 PM | Computer Name = ELENA | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service CarboniteService
    with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}


    < End of report >
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,158
    You recognize these proxies :-

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.r5.attbi.com;*.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=sas.r5.attbi.com:8000;gopher=sas.r5.attbi.com:8000;http=sas.r5.attbi.co m:8000;https=sas.r5.attbi.com:8000

    FF - prefs.js..network.proxy.ftp: "sas.r5.attbi.com"
    FF - prefs.js..network.proxy.ftp_port: 8000
    FF - prefs.js..network.proxy.gopher: "sas.r5.attbi.com"
    FF - prefs.js..network.proxy.gopher_port: 8000
    FF - prefs.js..network.proxy.http: "sas.r5.attbi.com"
    FF - prefs.js..network.proxy.http_port: 8000
    FF - prefs.js..network.proxy.no_proxies_on: "*.r5.attbi.com,*.local"
    FF - prefs.js..network.proxy.ssl: "sas.r5.attbi.com"
    FF - prefs.js..network.proxy.ssl_port: 8000
     
  6. elenaz

    elenaz Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    19
    Kevin,
    I'm not sure what this response is or if you are asking a question. I don't know or understand any of the information you included. Sorry :-(
    Anything else you need from me?
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,158
    Do you connect to the internet through a proxy server, did you or someone you know set them up?
     
  8. elenaz

    elenaz Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    19
    I don't connect through a proxy server that I know of. I have comcast cable modem and connect via that. The house is on a wireless network. Not sure how proxy servers work or what they are. How are they used and why would anyone set my computer up using them? I'm not sure. My laptop was with a geek about a year or so ago - could they, would they have set that up if that is not a standard setting? what is a standard setting??
     
  9. elenaz

    elenaz Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    19
    Kevin, this brings up another issue now that you mention proxy servers. My outlook hangs a lot as it's syncing folders. When I searched online for a solution, it indicated that it does that when you are set up via a proxy server. Now I'm really baffled. Any connection that you know of?
     
  10. elenaz

    elenaz Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    19
    I just reviewed online what proxy servers are and their benefits. With regards to storing ip addresses in the proxy and improving response when accessing the same sites over and over, I definitely have that feature and it's useful to me because I do in fact do that. I'm wondering if the use of a proxy server is something that was set up by the internet provider (comcast) or a feature of the Internet Security programs such as TrendMicro PC Cillin (which I've had up to several weeks ago when it stopped working for me) or Spyware Doctor Internet Security which is currently running? Boy, this techy stuff :)
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,158
    Check the following settings in IE and FF...

    Internet Explorer:
    Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > See if a proxy is running,

    Firefox:
    Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. Is a proxy set

    Just tell me dont stop them yet, i`ll have to research see if I can find out what they are.....
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,158
    Hiya elenaz,

    Leave the Proxie settings the way they are for now, from what i`ve read they may very well belong to Comcast. Good or bad, we`ll have to wait and see.

    Proceed as follows :-

    Step 1

    Re-Run [​IMG] by double left click, Vista and Widows 7 users right click and select Run as Administrator.
    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Disabled | Stopped] -- -- (hpdj00)
      SRV - File not found [Disabled | Stopped] -- -- (HP Port Resolver)
      SRV - File not found [Disabled | Stopped] -- -- (FreezeScreenSaver)
      FF - prefs.js..extensions.enabledItems: [email protected]:1.2
      FF - prefs.js..keyword.URL: "http://utils.babylon.com/abt/index.php?url="
      [2011/01/16 16:40:04 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\searchtoolbar@zug o.com
      [2011/01/16 16:40:04 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing-zugo.xml
      O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
      O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
      O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found
      O9 - Extra 'Tools' menuitem : Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - File not found
      O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - Reg Error: Value error. File not found
      O15 - HKCU\..Trusted Domains: //showID('hidden_div'); ([]javascript in Trusted sites)
      O15 - HKCU\..Trusted Domains: autofol.com ([]http in Trusted sites)
      O15 - HKCU\..Trusted Domains: facebook.com ([]* in Trusted sites)
      O15 - HKCU\..Trusted Domains: freemarketinggraphics.com ([]http in Trusted sites)
      O15 - HKCU\..Trusted Domains: freemkgr.hop ([]http in Trusted sites)
      O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
      O15 - HKCU\..Trusted Domains: kaas.com ([]http in Trusted sites)
      O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
      O15 - HKCU\..Trusted Domains: mrmisupercashsystem.com ([]http in Trusted sites)
      O15 - HKCU\..Trusted Domains: terrisfp.com ([]http in Trusted sites)
      O15 - HKCU\..Trusted Domains: timothysfineart.com ([]* in Trusted sites)
      O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found
      :Services
      
      :Reg
      
      :Files
      ipconfig /flushdns /c
      C:\WINDOWS\System32\_003472_.tmp.dll
      C:\WINDOWS\System32\_003440_.tmp.dll
      
      :Commands
      [purity]
      [emptytemp]
      [EMPTYFLASH]
      [CREATERESTOREPOINT]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log it produces in your next reply.

    Step 2

    We need to upload a file to Jotti

    1. Click HERE to get to Jotti's site.

    2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

    C:\WINDOWS\wc98pp.dll

    3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

    4. Please provide me with the results of the analysis.


    Upload same File to Virustotal
    Please visit Virustotal
    • Click the Browse... button
    • Navigate to the file C:\WINDOWS\wc98pp.dll
    • Click the Open button
    • Click the Send button
    • If you get a message saying File has already been analyzed: click Reanalyze file now
    • Copy and paste the results back here please.

    Step 3

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    What i`d like in your reply :-

    • Log from OTL Fix
    • Results from Jotti
    • Results from VirusTotal
    • Log from Malwarebytes
    • System review, improvements? issues?

    Kevin
     
  13. elenaz

    elenaz Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    19
    Internet Explorer:
    Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > See if a proxy is running,
    NOTHING IS CHECKED

    Firefox:
    Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. Is a proxy set
    YES. use system proxy setting is selected.

    will move on to your other steps.
     
  14. elenaz

    elenaz Thread Starter

    Joined:
    Sep 27, 2010
    Messages:
    19
    OTL logfile created on: 1/31/2011 6:58:59 PM - Run 2
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Elena Zanfei\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
    5.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): C:\pagefile.sys 3500 5600 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 87.83 Gb Total Space | 11.25 Gb Free Space | 12.81% Space Free | Partition Type: NTFS

    Computer Name: ELENA | User Name: Elena Zanfei | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/31 15:14:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
    PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
    PRC - [2011/01/07 14:54:12 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\FGuard.exe
    PRC - [2010/12/03 13:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/12/03 13:35:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/31 15:14:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
    MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (hpdj00)
    SRV - File not found [Disabled | Stopped] -- -- (HP Port Resolver)
    SRV - File not found [Disabled | Stopped] -- -- (FreezeScreenSaver)
    SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
    SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
    SRV - [2010/10/12 11:08:06 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
    SRV - [2010/10/12 11:08:06 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
    SRV - [2010/10/01 11:27:22 | 000,632,792 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
    SRV - [2010/09/20 19:25:06 | 003,117,200 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Disabled | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
    SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
    SRV - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
    SRV - [2008/05/09 04:53:32 | 000,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Disabled | Stopped] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
    SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
    SRV - [2008/04/04 11:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
    SRV - [2007/04/27 08:19:29 | 000,002,560 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
    SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2006/11/09 09:50:27 | 000,895,088 | ---- | M] (PC Tools Research Pty Ltd) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\sdhelp.exe -- (SDhelper)
    SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV - [2006/05/01 08:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2006/05/01 08:20:52 | 000,114,753 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2006/05/01 08:20:26 | 000,217,164 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2005/08/02 14:18:50 | 000,086,016 | ---- | M] (CACE Technologies) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
    DRV - [2010/12/31 09:36:40 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
    DRV - [2010/12/31 09:36:38 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
    DRV - [2010/12/31 09:36:36 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
    DRV - [2010/12/16 08:46:04 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
    DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2010/07/21 15:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
    DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
    DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
    DRV - [2010/06/15 17:43:35 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/20 08:15:37 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2010/02/20 08:15:36 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 12:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/03/06 14:57:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2008/01/03 15:21:32 | 000,026,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2007/06/27 08:42:34 | 000,073,856 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
    DRV - [2007/06/27 08:41:48 | 000,101,248 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
    DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/05/01 08:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2006/04/27 06:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
    DRV - [2005/12/14 19:38:00 | 003,210,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2005/12/01 07:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2005/12/01 07:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2005/12/01 07:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2005/11/29 17:37:44 | 000,108,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
    DRV - [2005/11/29 17:37:44 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV - [2005/11/29 17:37:44 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
    DRV - [2005/11/29 17:37:44 | 000,036,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
    DRV - [2005/11/29 04:36:56 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
    DRV - [2005/08/05 16:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2005/08/02 14:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
    DRV - [2005/07/14 23:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2005/07/14 22:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2005/07/13 00:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2005/05/31 04:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2005/05/31 04:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2005/05/31 04:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2005/05/31 04:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2005/05/31 04:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2005/05/31 04:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2005/05/31 04:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2005/05/31 04:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2005/05/31 04:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2005/05/13 09:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2005/05/13 09:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
    DRV - [2005/04/22 02:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2005/04/21 01:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
    DRV - [2004/02/13 16:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
    DRV - [2003/05/28 18:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
    DRV - [2001/09/04 18:38:44 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr)
    DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/customize/ymsgr/defaults/cs/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C C0 0E A8 15 BB CB 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.r5.attbi.com;*.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=sas.r5.attbi.com:8000;gopher=sas.r5.attbi.com:8000;http=sas.r5.attbi.com:8000;https=sas.r5.attbi.com:8000

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Bing"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VE3D01&q="
    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
    FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
    FF - prefs.js..extensions.enabledItems: [email protected]:1.2
    FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300
    FF - prefs.js..keyword.URL: "http://utils.babylon.com/abt/index.php?url="
    FF - prefs.js..network.proxy.ftp: "sas.r5.attbi.com"
    FF - prefs.js..network.proxy.ftp_port: 8000
    FF - prefs.js..network.proxy.gopher: "sas.r5.attbi.com"
    FF - prefs.js..network.proxy.gopher_port: 8000
    FF - prefs.js..network.proxy.http: "sas.r5.attbi.com"
    FF - prefs.js..network.proxy.http_port: 8000
    FF - prefs.js..network.proxy.no_proxies_on: "*.r5.attbi.com,*.local"
    FF - prefs.js..network.proxy.ssl: "sas.r5.attbi.com"
    FF - prefs.js..network.proxy.ssl_port: 8000


    FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/19 17:10:03 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/04/14 09:15:30 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/01/31 17:37:56 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/29 20:53:18 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/29 20:53:18 | 000,000,000 | ---D | M]

    [2010/02/02 13:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Extensions
    [2011/01/31 15:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions
    [2010/07/02 12:13:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/07/02 12:13:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/01/16 16:40:04 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\[email protected]
    [2011/01/16 16:40:04 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing-zugo.xml
    [2010/07/20 11:09:20 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing.xml
    [2011/01/29 20:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/19 17:10:03 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2009/02/12 12:11:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/01/31 17:37:56 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX
    [2007/04/14 09:15:30 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX

    O1 HOSTS File: ([2010/06/09 09:11:11 | 000,393,120 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 192.168.0.12 HP000D9D1CF0F8
    O1 - Hosts: 192.168.0.14 HP0015604A2AFA
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 13578 more lines...
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll (PC Tools)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found.
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
    O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - File not found
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
    O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
    O9 - Extra Button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
    O9 - Extra 'Tools' menuitem : Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
    O9 - Extra Button: Safenotes - {45DB34C3-955C-11D3-ABEF-444553540002} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
    O9 - Extra 'Tools' menuitem : Safenotes Editor - {45DB34C3-955C-11D3-ABEF-444553540002} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\digital imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - Reg Error: Value error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O15 - HKCU\..Trusted Domains: //showID('hidden_div'); ([]javascript in Trusted sites)
    O15 - HKCU\..Trusted Domains: autofol.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: facebook.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freemarketinggraphics.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: freemkgr.hop ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKCU\..Trusted Domains: kaas.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
    O15 - HKCU\..Trusted Domains: mrmisupercashsystem.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: terrisfp.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: timothysfineart.com ([]* in Trusted sites)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2005_6_10_1/yregucfg.cab (RegUserCfgUI Class)
    O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://designers-surplus.2020.net/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (Reg Error: Key error.)
    O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab (SysData Class)
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
    O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab (Bejeweled Control)
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (Reg Error: Value error.)
    O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)
    O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
    O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} http://ibhost.dancik.com/download/actimage8.0915.cab (Image Builder Room Control)
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://servicemagic.view22.com/app/view22RTE.cab (Reg Error: Key error.)
    O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} http://merillat.view22.com/release_3_9_177/View22RTEv4.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab (Facebook Photo Uploader 4)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://minutesmatter.webex.com/client/T23L/webex/ieatgpc.cab (GpcContainer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://livenj02.custhelp.com/7530-b327h/rnl/java/RntX.cab (Live Collaboration)
    O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} https://secure.iolo.com/app/ocx/UpgradeVerify.ocx (iolo.ProductDetector)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134 192.168.1.1
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{1ad4c042-e18c-11dc-9981-001422ef63f0}\Shell - "" = AutoRun
    O33 - MountPoints2\{1ad4c042-e18c-11dc-9981-001422ef63f0}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1ad4c042-e18c-11dc-9981-001422ef63f0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    [CREATERESTOREPOINT]
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/31 17:40:39 | 000,069,392 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
    [2011/01/31 17:40:39 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
    [2011/01/31 17:40:39 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
    [2011/01/31 17:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
    [2011/01/31 15:14:10 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
    [2011/01/31 15:02:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\TFC.exe
    [2011/01/30 10:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Desktop\ANTISPYWARE UTILITIES
    [2011/01/30 10:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\COMCAST STUFF FROM DESKTOP SHORTCUTS
    [2011/01/30 10:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\DELL shortcuts from desktop
    [2011/01/30 09:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\LANDLORD FORMS
    [2011/01/30 09:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\FINANCE_MAKING MONEY
    [2011/01/29 20:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
    [2011/01/29 18:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2011/01/29 08:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\Threat Expert
    [2011/01/28 20:23:40 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0154.old
    [2011/01/28 20:23:40 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
    [2011/01/28 20:23:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0154.old
    [2011/01/28 20:23:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
    [2011/01/28 20:21:20 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
    [2011/01/28 20:20:24 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
    [2011/01/28 20:20:24 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
    [2011/01/28 20:20:24 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
    [2011/01/28 20:20:17 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
    [2011/01/28 20:20:17 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
    [2011/01/28 20:20:07 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
    [2011/01/28 20:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2011/01/28 15:36:51 | 105,145,416 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Elena Zanfei\Desktop\en-US_TISDell_Download.exe
    [2011/01/28 15:19:44 | 000,000,000 | ---D | C] -- C:\Archive
    [2011/01/28 14:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Desktop\en-US_TISDell_Download
    [2011/01/28 09:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2011/01/25 16:48:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Elena Zanfei\Recent
    [2011/01/24 16:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\My Documents\2COACHING
    [2011/01/24 15:51:32 | 000,000,000 | ---D | C] -- C:\EDB_License
    [2011/01/21 10:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\VS Revo Group
    [2011/01/21 10:05:22 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
    [2011/01/21 10:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
    [2011/01/21 10:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2011/01/16 16:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Start Menu\Programs\FoxTab Audio Converter
    [2011/01/16 16:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabAudioConverter
    [2011/01/15 14:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2011/01/15 14:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
    [2011/01/15 14:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elena Zanfei\Application Data\Skype

    ========== Files - Modified Within 30 Days ==========

    [2011/01/31 19:01:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
    [2011/01/31 19:00:43 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
    [2011/01/31 18:59:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{387CC01B-D7D2-4B62-AB21-5FE6F622E672}.job
    [2011/01/31 18:44:05 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2011/01/31 18:41:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/01/31 18:41:10 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
    [2011/01/31 18:41:09 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3968011601-653935474-224142973-1007.job
    [2011/01/31 18:41:08 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/31 18:41:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
    [2011/01/31 18:41:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/01/31 18:41:01 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/31 18:26:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/31 17:37:45 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
    [2011/01/31 15:43:30 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3968011601-653935474-224142973-1007.job
    [2011/01/31 15:34:06 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
    [2011/01/31 15:14:11 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\OTL.exe
    [2011/01/31 15:02:38 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elena Zanfei\Desktop\TFC.exe
    [2011/01/31 12:20:00 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (2).lnk
    [2011/01/31 09:11:32 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Publisher 2003 (2).lnk
    [2011/01/31 09:07:29 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003 (2).lnk
    [2011/01/30 15:14:46 | 028,510,699 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\tony-robbins-interview-leagueMono.mp3
    [2011/01/30 15:13:48 | 028,894,408 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\TonyRobbinsInterview2MONO.mp3
    [2011/01/30 10:19:38 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Mechanic.lnk
    [2011/01/30 10:07:47 | 000,028,366 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2011/01/30 10:04:10 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to TheSecret-Visualization.mov.lnk
    [2011/01/30 10:03:44 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to secrettoyou.mov.lnk
    [2011/01/30 09:59:19 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to FURNITURE manufacturers for web.xml.lnk
    [2011/01/30 09:46:23 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TouchCopy 09.lnk
    [2011/01/30 09:40:23 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Jenny.lnk
    [2011/01/29 18:51:33 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/01/29 17:31:47 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\trend micro.pub
    [2011/01/28 20:18:56 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\sdasetup.exe
    [2011/01/28 16:00:49 | 105,145,416 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Elena Zanfei\Desktop\en-US_TISDell_Download.exe
    [2011/01/28 15:10:28 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
    [2011/01/28 15:10:28 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
    [2011/01/28 14:53:08 | 000,750,444 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2011/01/28 14:50:54 | 003,327,000 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\WindowsXP-KB942288-v3-x86.exe
    [2011/01/26 14:47:45 | 000,000,031 | ---- | M] () -- C:\WINDOWS\WebUpdateSvc4.INI
    [2011/01/23 22:00:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
    [2011/01/23 20:54:25 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/17 14:58:02 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
    [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
    [2011/01/16 16:57:52 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Desktop\FoxTab Audio Converter.lnk
    [2011/01/15 15:10:46 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2011/01/15 14:58:37 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2011/01/15 14:54:52 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2011/01/12 21:30:44 | 001,174,841 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\My Documents\2012 free report.pdf
    [2011/01/07 14:54:18 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0154.old
    [2011/01/07 14:54:18 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
    [2011/01/07 14:54:16 | 001,533,904 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
    [2011/01/07 14:54:14 | 002,000,848 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0154.old
    [2011/01/07 14:54:14 | 002,000,848 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
    [2011/01/07 14:54:04 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll0154.old
    [2011/01/07 14:54:04 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
    [2011/01/06 11:54:52 | 000,002,125 | ---- | M] () -- C:\WINDOWS\UDB.zip

    ========== Files Created - No Company Name ==========

    [2011/01/31 17:37:45 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
    [2011/01/30 15:14:54 | 028,510,699 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\tony-robbins-interview-leagueMono.mp3
    [2011/01/30 15:14:12 | 028,894,408 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\TonyRobbinsInterview2MONO.mp3
    [2011/01/30 10:19:38 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Mechanic.lnk
    [2011/01/30 10:00:40 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to TheSecret-Visualization.mov.lnk
    [2011/01/30 09:59:17 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to secrettoyou.mov.lnk
    [2011/01/30 09:39:18 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to FURNITURE manufacturers for web.xml.lnk
    [2011/01/29 18:51:33 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/01/29 17:33:41 | 000,232,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/01/29 17:31:45 | 000,174,592 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\trend micro.pub
    [2011/01/28 20:23:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0154.old
    [2011/01/28 20:23:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
    [2011/01/28 20:21:20 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
    [2011/01/28 20:21:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
    [2011/01/28 20:21:20 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
    [2011/01/28 20:21:20 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
    [2011/01/28 14:50:53 | 003,327,000 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\WindowsXP-KB942288-v3-x86.exe
    [2011/01/28 09:46:54 | 000,750,444 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2011/01/28 09:44:45 | 000,513,032 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\sdasetup.exe
    [2011/01/21 10:05:22 | 000,000,961 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
    [2011/01/21 10:05:22 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
    [2011/01/16 16:57:52 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Desktop\FoxTab Audio Converter.lnk
    [2011/01/15 15:10:46 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2011/01/15 14:58:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2011/01/15 14:54:52 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2011/01/12 21:30:44 | 001,174,841 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\My Documents\2012 free report.pdf
    [2010/10/29 13:01:03 | 000,000,816 | ---- | C] () -- C:\WINDOWS\System32\ker.dll
    [2009/12/10 08:28:24 | 000,000,558 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2009/12/07 16:46:33 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
    [2009/08/07 20:48:23 | 000,000,031 | ---- | C] () -- C:\WINDOWS\WebUpdateSvc4.INI
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/04/27 15:15:42 | 000,001,151 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2008/12/13 09:24:55 | 000,974,848 | ---- | C] () -- C:\WINDOWS\vorbis.dll
    [2008/12/13 09:24:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\ogg.dll
    [2008/12/13 09:24:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\vorbisfile.dll
    [2008/12/06 20:18:18 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2008/11/22 15:42:02 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
    [2008/07/05 12:33:14 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003472_.tmp.dll
    [2008/07/05 12:33:14 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003440_.tmp.dll
    [2008/05/24 07:49:37 | 000,026,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
    [2008/03/03 20:00:47 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
    [2008/02/18 22:34:35 | 000,000,326 | ---- | C] () -- C:\WINDOWS\MindApp.INI
    [2007/11/14 20:38:27 | 000,000,737 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
    [2007/09/10 18:36:47 | 000,000,018 | ---- | C] () -- C:\WINDOWS\EPSTRYTL.ini
    [2007/09/10 18:20:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2007/08/13 14:52:37 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\WHBMD5TYHNKER3NBHUM9S5UJX6
    [2007/07/30 13:21:15 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
    [2007/07/30 13:21:13 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2007/05/23 15:01:33 | 000,000,334 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2007/04/27 08:19:30 | 000,001,425 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
    [2007/04/27 08:19:29 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
    [2007/04/25 19:06:38 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/03/08 23:31:29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2007/02/22 12:45:20 | 000,038,478 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Comma Separated Values (DOS).ADR
    [2007/02/18 09:31:48 | 000,000,023 | ---- | C] () -- C:\WINDOWS\DownloadStudio.INI
    [2007/01/30 22:38:48 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\dm.ini
    [2006/09/18 13:36:28 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
    [2006/09/07 16:23:46 | 000,038,482 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Tab Separated Values (DOS).ADR
    [2006/08/13 20:49:57 | 000,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll
    [2006/08/13 20:40:58 | 000,000,020 | ---- | C] () -- C:\WINDOWS\squotes.ini
    [2006/06/12 09:37:03 | 000,000,065 | ---- | C] () -- C:\WINDOWS\dreamm.INI
    [2006/06/12 09:37:03 | 000,000,045 | ---- | C] () -- C:\WINDOWS\DMCBIDS.INI
    [2006/06/12 08:51:05 | 000,000,067 | ---- | C] () -- C:\WINDOWS\dreammN.INI
    [2006/06/12 08:50:57 | 000,000,260 | ---- | C] () -- C:\WINDOWS\DMCBIDSN.ini
    [2006/06/12 08:50:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DreammT.ini
    [2006/05/26 16:15:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2006/04/27 19:42:12 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
    [2006/04/27 19:42:12 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
    [2006/04/27 19:42:12 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
    [2006/04/22 23:37:29 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
    [2006/03/17 20:04:58 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ZT3WAQ7HBAUC9KGKBAC7YLPFDV
    [2006/03/15 20:22:44 | 000,000,165 | ---- | C] () -- C:\WINDOWS\Quicken.ini
    [2006/03/14 13:08:58 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/03/14 13:04:26 | 000,001,370 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
    [2006/03/14 13:04:25 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [2006/02/26 14:08:00 | 000,041,047 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
    [2006/02/24 22:38:21 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/02/24 22:12:10 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Local Settings\Application Data\fusioncache.dat
    [2006/02/17 12:26:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/02/17 12:20:08 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gwseh.dat
    [2006/02/17 12:16:41 | 000,005,310 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/02/17 12:05:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/02/17 12:02:17 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
    [2006/02/17 11:38:18 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
    [2006/02/17 11:38:14 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006/02/17 11:38:14 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006/02/17 11:38:14 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006/02/17 11:38:14 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006/02/17 11:37:44 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2006/01/12 16:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
    [2006/01/12 16:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
    [2005/08/03 13:33:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/08/02 14:24:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
    [2005/06/22 16:11:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
    [2004/08/25 18:24:33 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\Mswrkdmk.dll
    [2004/08/11 17:24:19 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
    [2004/06/16 15:04:19 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\TFC2B66AGMJLD5TYN3EE7UMVHH
    [2004/06/01 16:02:00 | 000,038,477 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Microsoft Excel.ADR
    [2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
    [2004/01/12 19:44:03 | 000,027,296 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Personal Address Book.ADR
    [2003/11/25 15:17:54 | 000,038,491 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Tab Separated Values (Windows).ADR
    [2003/10/08 21:32:45 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\rsUtil.dll
    [2003/10/03 14:45:10 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\AgilInf.dll
    [2003/06/06 13:26:24 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
    [2003/06/06 13:22:51 | 000,023,076 | ---- | C] () -- C:\WINDOWS\System32\Landdll2.dll
    [2003/06/06 13:22:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
    [2003/06/06 13:22:44 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
    [2003/05/06 22:59:59 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
    [2003/05/06 22:59:50 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
    [2003/04/06 16:43:26 | 000,010,512 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ACT! 3.x, 4.0 Contact Manager for Windows.TSK
    [2003/04/06 16:43:24 | 000,012,252 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ACT! 3.x, 4.0 Contact Manager for Windows.CAL
    [2003/04/06 16:43:05 | 000,034,934 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\ACT! 3.x, 4.0 Contact Manager for Windows.ADR
    [2003/04/02 20:06:25 | 000,013,013 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Comma Separated Values (Windows).CAL
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/11/22 16:10:42 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
    [2002/11/22 16:10:41 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
    [2002/05/12 18:32:07 | 000,354,056 | ---- | C] () -- C:\WINDOWS\System32\RIVET200.DLL
    [2002/04/06 15:42:46 | 000,038,516 | ---- | C] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Comma Separated Values (Windows).ADR
    [2002/01/18 21:09:12 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
    [2002/01/15 02:37:17 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\saverrc.dll
    [2002/01/15 02:35:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
    [2002/01/15 02:34:50 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserName.txt
    [2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
    [2000/07/03 23:51:12 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [1998/07/12 00:13:00 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\HSZlib.dll

    ========== Custom Scans ==========


    < :OTL >

    < SRV - File not found [Disabled | Stopped] -- -- (hpdj00) >

    < SRV - File not found [Disabled | Stopped] -- -- (HP Port Resolver) >

    < SRV - File not found [Disabled | Stopped] -- -- (FreezeScreenSaver) >

    < FF - prefs.js..extensions.enabledItems: [email protected]:1.2 >

    < FF - prefs.js..keyword.URL: "http://utils.babylon.com/abt/index.php?url=" >

    < [2011/01/16 16:40:04 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\searchtoolbar@zug o.com >
    Invalid Switch: 16 16:40:04 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\extensions\searchtoolbar@zug o.com


    < [2011/01/16 16:40:04 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing-zugo.xml >
    Invalid Switch: 16 16:40:04 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Elena Zanfei\Application Data\Mozilla\Firefox\Profiles\ry88m2ie.default\searchplugins\bing-zugo.xml


    < O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No CLSID value found. >

    < O3 - HKLM\..\Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - No CLSID value found. >

    < O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. >

    < O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. >

    < O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. >

    < O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. >

    < O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found >

    < O9 - Extra 'Tools' menuitem : Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - File not found >

    < O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - Reg Error: Value error. File not found >

    < O15 - HKCU\..Trusted Domains: //showID('hidden_div'); ([]javascript in Trusted sites) >
    Invalid Switch: showID('hidden_div'); ([]javascript in Trusted sites)


    < O15 - HKCU\..Trusted Domains: autofol.com ([]http in Trusted sites) >

    < O15 - HKCU\..Trusted Domains: facebook.com ([]* in Trusted sites) >

    < O15 - HKCU\..Trusted Domains: freemarketinggraphics.com ([]http in Trusted sites) >

    < O15 - HKCU\..Trusted Domains: freemkgr.hop ([]http in Trusted sites) >

    < O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) >

    < O15 - HKCU\..Trusted Domains: kaas.com ([]http in Trusted sites) >

    < O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet) >

    < O15 - HKCU\..Trusted Domains: mrmisupercashsystem.com ([]http in Trusted sites) >

    < O15 - HKCU\..Trusted Domains: terrisfp.com ([]http in Trusted sites) >

    < O15 - HKCU\..Trusted Domains: timothysfineart.com ([]* in Trusted sites) >

    < O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found >

    < :Services >

    < >

    < :Reg >

    < >

    < :Files >

    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.

    < C:\WINDOWS\System32\_003472_.tmp.dll >
    [2004/08/04 05:00:00 | 000,249,270 | ---- | M] () -- C:\WINDOWS\system32\_003472_.tmp.dll

    < C:\WINDOWS\System32\_003440_.tmp.dll >
    [2004/08/04 05:00:00 | 000,022,040 | ---- | M] () -- C:\WINDOWS\system32\_003440_.tmp.dll

    < >

    < :Commands >

    < [purity] >

    < [emptytemp] >

    < [EMPTYFLASH] >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

    < End of report >
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,158
    Did you use the "Run Scan" tab instead of the "Run Fix" tab? What about the feedback from Jotti and VirusTotal or the log from Malwarebytes....
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/978086