tjn8080

Infected by Windows Restore virus, desktop icons missing

17 posts in this topic

Hello,

I was recently infected by the Windows Restore virus. I went through procedures and am mostly confident that I have successfully removed the virus, but I still cannot see my desktop icons even though I know they have not been wiped out. Can someone assist me in putting them back on my desktop. Running Windows XP.

Thank you in advance.

Share this post


Link to post
Share on other sites

Hi tjn8080,

Welcome to the Malwarebytes Support Forum :)

My name is Matt and I will be assisting you.

This infection family will hide all the files on your computer from being seen. To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

Download RogueKiller to your desktop

  1. Quit all running programs
  2. For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  3. When prompted, type 1 and validate
  4. The RKreport.txt shall be generated next to the executable.
  5. If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Share this post


Link to post
Share on other sites

Thank you for the assistance. I have completed your recommendations above. Here is a summary of the RogueKiller scan:

RogueKiller V5.1.0 [05/02/2011] by Tigzy

contact at http://www.sur-la-toile.com

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Timothy Narva [Admin rights]

Mode: Scan -- Date : 05/03/2011 09:28:10

Bad processes: 2

[APPDT/TMP/DESKTOP] SansaDispatch.exe -- c:\documents and settings\timothy narva\application data\sandisk\sansa updater\sansadispatch.exe -> KILLED

[APPDT/TMP/DESKTOP] magicJack.exe -- c:\documents and settings\timothy narva\application data\mjusbsp\magicjack.exe -> KILLED

Registry Entries: 5

[APPDT/TMP/DESKTOP] HKCU\[...]\Run : SansaDispatch (C:\Documents and Settings\Timothy Narva\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND

[APPDT/TMP/DESKTOP] HKCU\[...]\Run : cdloader ("C:\Documents and Settings\Timothy Narva\Application Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND

[APPDT/TMP/DESKTOP] HKUS\S-1-5-21-1115902758-4067780220-673865116-1006[...]\Run : SansaDispatch (C:\Documents and Settings\Timothy Narva\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND

[APPDT/TMP/DESKTOP] HKUS\S-1-5-21-1115902758-4067780220-673865116-1006[...]\Run : cdloader ("C:\Documents and Settings\Timothy Narva\Application Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> FOUND

HOSTS File:

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 www.1001namen.com

127.0.0.1 1001namen.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

You're welcome. :)

Are you able to see your desktop icons now?

Also, we will run RogueKiller again but this time we will have it remove the infections found:

Run RogueKiller

  1. Quit all running programs
  2. For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  3. When prompted, type 2 and validate
  4. The RKreport.txt shall be generated next to the executable.
  5. If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Share this post


Link to post
Share on other sites

No, I still cannot see my Desktop icons.

Ran RogueKiller again per your instructions, results here:

RogueKiller V5.1.0 [05/02/2011] by Tigzy

contact at http://www.sur-la-toile.com

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Timothy Narva [Admin rights]

Mode: Remove -- Date : 05/03/2011 12:46:17

Bad processes: 1

[APPDT/TMP/DESKTOP] SansaDispatch.exe -- c:\documents and settings\timothy narva\application data\sandisk\sansa updater\sansadispatch.exe -> KILLED

Registry Entries: 3

[APPDT/TMP/DESKTOP] HKCU\[...]\Run : SansaDispatch (C:\Documents and Settings\Timothy Narva\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe) -> DELETED

[APPDT/TMP/DESKTOP] HKCU\[...]\Run : cdloader ("C:\Documents and Settings\Timothy Narva\Application Data\mjusbsp\cdloader2.exe" MAGICJACK) -> DELETED

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> NOT REMOVED, USE PROXYFIX

HOSTS File:

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 www.1001namen.com

127.0.0.1 1001namen.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Share this post


Link to post
Share on other sites

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Share this post


Link to post
Share on other sites

Okay, completed the OTL scans, results:

OTL Extras logfile created on: 5/3/2011 3:30:48 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Timothy Narva\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.70 Gb Total Space | 12.43 Gb Free Space | 17.34% Space Free | Partition Type: NTFS

Drive G: | 298.02 Gb Total Space | 63.87 Gb Free Space | 21.43% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: Timothy Narva | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK

"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD

"{23C12370-3A82-4558-B727-F345B473AD87}" = BlackBerry Device Software Updater

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 19

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine

"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations

"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page

"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex

"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold

"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5

"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2

"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement

"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC

"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81

"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf09

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06

"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon

"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant

"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8B611C23-ADB6-4F5E-A04A-959EB0D349F6}" = Winkflash Transporter

"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT

"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{99A5569D-9F86-4f32-A227-1538B731DA42}" = Canon MF4320-4350

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore

"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A351224F-533A-4EED-89F4-0BF3417FD31D}" = WD Backup

"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0

"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit

"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt

"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0

"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4

"{D9226EB1-C528-48AC-B423-BD9240E1F60B}" = Opera 9.62

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English

"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK

"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP

"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS

"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock

"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver

"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001

"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 4.57

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"avast5" = avast! Free Antivirus

"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0

"CCleaner" = CCleaner

"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver

"GuitarScalesMethod_is1" = GSM 1.2.3.0

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Intel® 537EP V9x DFV PCI Modem" = Intel® 537EP V9x DFV PCI Modem

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PreSonus 1394 Audio Driver V1.20.0 (FIREBox) Setup" = PreSonus 1394 Audio Driver V1.20.0 (FIREBox)

"PROSet" = Intel® PRO Network Adapters and Drivers

"RealPlayer 12.0" = RealPlayer

"REAPER" = REAPER

"Smart Defrag_is1" = Smart Defrag

"Sonik Synth 2 Free" = Sonik Synth 2 Free

"Steinberg Cubase LE" = Steinberg Cubase LE

"TweakNow PowerPack 2010_is1" = TweakNow PowerPack 2010

"Winamp" = Winamp

"Windows Live Safety Scanner" = Windows Live Safety Scanner

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"ZoneAlarm" = ZoneAlarm

"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"magicJack" = magicJack

"Pilot Desktop" = Palm Desktop

"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]

Error - 10/30/2009 3:26:38 PM | Computer Name = DESKTOP | Source = avast! | ID = 33554522

Description =

Error - 11/9/2009 10:59:41 AM | Computer Name = DESKTOP | Source = avast! | ID = 33554522

Description =

Error - 11/10/2009 12:34:38 PM | Computer Name = DESKTOP | Source = avast! | ID = 33554522

Description =

Error - 11/10/2009 1:07:34 PM | Computer Name = DESKTOP | Source = avast! | ID = 33554522

Description =

[ Application Events ]

Error - 5/24/2010 9:34:50 AM | Computer Name = DESKTOP | Source = Application Error | ID = 1000

Description = Faulting application powerpack.exe, version 0.0.0.0, faulting module

kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 7/13/2010 2:52:10 PM | Computer Name = DESKTOP | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 7/13/2010 2:52:10 PM | Computer Name = DESKTOP | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 9/7/2010 8:10:34 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000

Description = Faulting application powerpack.exe, version 0.0.0.0, faulting module

, version 0.0.0.0, fault address 0x00000000.

Error - 9/7/2010 8:10:37 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000

Description = Faulting application powerpack.exe, version 0.0.0.0, faulting module

, version 0.0.0.0, fault address 0x00000000.

Error - 10/7/2010 8:31:45 AM | Computer Name = DESKTOP | Source = HotFixInstaller | ID = 5000

Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2418241,

P2 1033, P3 1618, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10

0.

Error - 12/10/2010 8:32:29 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000

Description = Faulting application powerpack.exe, version 0.0.0.0, faulting module

kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 12/10/2010 8:32:33 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000

Description = Faulting application powerpack.exe, version 0.0.0.0, faulting module

kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 2/10/2011 12:32:12 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting

module shimgvw.dll, version 6.0.2900.6072, fault address 0x0000df4f.

Error - 2/10/2011 12:32:26 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting

module shimgvw.dll, version 6.0.2900.6072, fault address 0x0000df4f.

[ System Events ]

Error - 5/2/2011 1:42:07 PM | Computer Name = DESKTOP | Source = SideBySide | ID = 16842784

Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and

Last Error was The referenced assembly is not installed on your system.

Error - 5/2/2011 1:42:07 PM | Computer Name = DESKTOP | Source = SideBySide | ID = 16842811

Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference

error message: The referenced assembly is not installed on your system. .

Error - 5/2/2011 1:42:07 PM | Computer Name = DESKTOP | Source = SideBySide | ID = 16842811

Description = Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.

Reference

error message: The operation completed successfully. .

Error - 5/3/2011 9:42:09 AM | Computer Name = DESKTOP | Source = SideBySide | ID = 16842784

Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and

Last Error was The referenced assembly is not installed on your system.

Error - 5/3/2011 9:42:09 AM | Computer Name = DESKTOP | Source = SideBySide | ID = 16842811

Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference

error message: The referenced assembly is not installed on your system. .

Error - 5/3/2011 9:42:09 AM | Computer Name = DESKTOP | Source = SideBySide | ID = 16842811

Description = Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.

Reference

error message: The operation completed successfully. .

Error - 5/3/2011 9:59:20 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000

Description = The BrPar service failed to start due to the following error: %%2

Error - 5/3/2011 9:59:20 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Lbd

Error - 5/3/2011 12:50:18 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000

Description = The BrPar service failed to start due to the following error: %%2

Error - 5/3/2011 12:50:18 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Lbd

< End of report >

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Timothy Narva\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files\Real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Documents and Settings\Timothy Narva\Application Data\mjusbsp\magicJack.exe (magicJack L.P.)

PRC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)

PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)

PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Palm\HOTSYNC.EXE (Palm Computing, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Timothy Narva\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)

SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()

SRV - (KodakCCS) -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe (Eastman Kodak Company)

========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)

DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)

DRV - (vsdatant) -- C:\WINDOWS\SYSTEM32\vsdatant.sys (Check Point Software Technologies LTD)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)

DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)

DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)

DRV - (WD_FireWire_HID) -- C:\WINDOWS\SYSTEM32\DRIVERS\wdfwhid.sys (Western Digital Technologies)

DRV - (DcCam) -- C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys (Eastman Kodak Company)

DRV - (Exportit) -- C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys (Eastman Kodak Company)

DRV - (DcPTP) -- C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys (Eastman Kodak Company)

DRV - (DcLps) -- C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys (Eastman Kodak Company)

DRV - (DCFS2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys (Eastman Kodak Company)

DRV - (DcFpoint) -- C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys (Eastman Kodak Company)

DRV - (ps_avs) -- C:\WINDOWS\SYSTEM32\DRIVERS\ps_avs.sys (BridgeCo AG)

DRV - (ps_1394) -- C:\WINDOWS\SYSTEM32\DRIVERS\ps_1394.sys (BridgeCo AG)

DRV - (DgiVecp) -- C:\WINDOWS\SYSTEM32\DRIVERS\DGIVECP.SYS (Samsung Electronics Co., Ltd.)

DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation)

DRV - (P17) -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys (Creative Technology Ltd.)

DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation)

DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation)

DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation)

DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)

DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)

DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\DRIVERS\Pfmodnt.sys (Creative Technology Ltd.)

DRV - (YMIDUSB) -- C:\WINDOWS\SYSTEM32\DRIVERS\ymidusb.sys (YAMAHA Corporation)

DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/cs/ymj/*http://www.yahoo.com/ext/search/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\Zonealarm\tbZone.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/07 09:45:06 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/05 15:04:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 08:57:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 08:57:08 | 000,000,000 | ---D | M]

[2009/05/26 11:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Timothy Narva\Application Data\Mozilla\Extensions

[2009/05/26 11:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Timothy Narva\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2011/05/03 09:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Timothy Narva\Application Data\Mozilla\Firefox\Profiles\7fr0vurj.default\extensions

[2011/05/02 11:23:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Timothy Narva\Application Data\Mozilla\Firefox\Profiles\7fr0vurj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2007/08/30 09:22:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Timothy Narva\Application Data\Mozilla\Firefox\Profiles\7fr0vurj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011/05/03 09:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/01/05 15:04:18 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2011/02/07 09:45:06 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER

[2008/12/09 14:25:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/05/13 09:40:31 | 002,445,312 | ---- | M] (DNAML Pty Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npdbplug.dll

O1 HOSTS File: ([2008/11/26 14:35:50 | 000,288,517 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 9942 more lines...

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)

O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\Zonealarm\tbZone.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKLM..\RunOnceEx: [] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm Computing, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)

O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - - File not found

O24 - Desktop WallPaper: C:\Documents and Settings\Timothy Narva\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Timothy Narva\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007/03/29 14:56:34 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/03 15:29:57 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Timothy Narva\Desktop\OTL.exe

[2011/05/03 09:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Timothy Narva\Desktop\RK_Quarantine

[2011/04/26 16:50:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Timothy Narva\Recent

[2010/06/03 20:18:12 | 033,850,672 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe

[2010/04/22 22:39:34 | 002,131,808 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_9_114_cnet.exe

[2010/04/05 21:56:46 | 006,182,544 | ---- | C] (TweakNow.com ) -- C:\Program Files\PowerPack2.exe

[2009/12/26 14:31:47 | 007,444,376 | ---- | C] (TweakNow.com ) -- C:\Program Files\PowerPack172.exe

[2009/10/30 14:36:51 | 027,386,280 | ---- | C] ( ) -- C:\Program Files\AdbeRdr920_en_US.exe

[2009/10/22 22:29:45 | 008,067,224 | ---- | C] (Mozilla) -- C:\Program Files\Firefox+Setup+3.5.3.exe

[2009/10/21 16:13:42 | 002,457,600 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\RootkitBuster.exe

[2009/10/21 14:51:49 | 000,119,808 | ---- | C] (Atribune.org) -- C:\Program Files\VundoFix.exe

[2009/10/21 14:00:19 | 001,914,496 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HousecallLauncher.exe

[2009/09/28 16:59:37 | 006,612,600 | ---- | C] (Acelogix Software) -- C:\Program Files\aufull.exe

[2009/09/28 12:35:54 | 000,308,160 | ---- | C] (ALWIL Software) -- C:\Program Files\avast_home_setup.exe

[2009/04/29 21:35:37 | 027,017,654 | ---- | C] (Macrovision Corporation) -- C:\Program Files\JAD7_BASIC.exe

[2009/04/29 13:52:33 | 003,077,558 | ---- | C] (foobar2000.org) -- C:\Program Files\foobar2000_0.9.6.5.exe

[2009/04/28 11:50:07 | 010,484,512 | ---- | C] (Apex Corporation ) -- C:\Program Files\apex-audio-converter.exe

[2009/04/07 11:15:48 | 003,496,632 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Slim.exe

[2008/06/05 16:33:08 | 009,722,720 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd152.exe

[2008/03/06 16:45:36 | 006,281,272 | ---- | C] (IObit ) -- C:\Program Files\AWCSetup.exe

[2007/02/10 14:44:56 | 002,595,267 | ---- | C] (FairStars Soft ) -- C:\Program Files\fscdripper.exe

[2006/06/04 17:14:01 | 001,578,029 | ---- | C] (Macromedia, Inc.) -- C:\Program Files\Fretboard Warrior.exe

[1980/01/01 02:00:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2011/05/03 15:30:10 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1115902758-4067780220-673865116-1006.job

[2011/05/03 15:30:10 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1115902758-4067780220-673865116-1006.job

[2011/05/03 15:29:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy Narva\Desktop\OTL.exe

[2011/05/03 14:18:12 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Timothy Narva\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/05/03 13:12:44 | 000,001,054 | ---- | M] () -- C:\Documents and Settings\Timothy Narva\Desktop\magicJack.lnk

[2011/05/03 12:55:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2011/05/03 12:49:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2011/05/03 12:49:31 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/03 09:27:04 | 000,463,360 | ---- | M] () -- C:\Documents and Settings\Timothy Narva\Desktop\RogueKiller.exe

[2011/05/03 09:05:50 | 000,504,657 | ---- | M] () -- C:\Documents and Settings\Timothy Narva\Desktop\unhide.exe

[2011/05/02 08:52:25 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job

[2011/05/02 08:32:01 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2011/04/30 11:17:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/04/27 18:09:27 | 000,504,657 | ---- | M] () -- C:\Program Files\unhide.exe

[2011/04/27 17:51:06 | 001,006,778 | ---- | M] () -- C:\Program Files\rkill.com

[2011/04/27 17:50:04 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Timothy Narva\Desktop\rkill.com

[2011/04/27 13:36:26 | 001,914,496 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HousecallLauncher.exe

[2011/04/26 15:32:16 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19914548

[2011/04/26 14:34:51 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\19914548

[2011/04/26 14:33:34 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19914548r

[2011/04/21 14:37:59 | 000,027,992 | ---- | M] () -- C:\Documents and Settings\Timothy Narva\Desktop\Destination B Standard 7-9-2010.pdf

[2011/04/14 12:36:17 | 000,342,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/04/14 12:16:25 | 000,445,772 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT

[2011/04/14 12:16:25 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

[2011/04/13 18:46:28 | 000,006,572 | ---- | M] () -- C:\Documents and Settings\Timothy Narva\Desktop\Term Timothy Narva 500k 20yr.pdf

[2011/04/13 09:22:33 | 001,543,609 | ---- | M] () -- C:\Documents and Settings\Timothy Narva\Desktop\PAUL II.pdf

========== Files Created - No Company Name ==========

[2011/05/03 09:27:09 | 000,463,360 | ---- | C] () -- C:\Documents and Settings\Timothy Narva\Desktop\RogueKiller.exe

[2011/05/03 09:05:57 | 000,504,657 | ---- | C] () -- C:\Documents and Settings\Timothy Narva\Desktop\unhide.exe

[2011/04/27 18:09:32 | 000,504,657 | ---- | C] () -- C:\Program Files\unhide.exe

[2011/04/27 17:51:36 | 001,006,778 | ---- | C] () -- C:\Program Files\rkill.com

[2011/04/27 17:50:00 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Timothy Narva\Desktop\rkill.com

[2011/04/27 13:28:45 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2011/04/26 14:33:34 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548r

[2011/04/26 14:33:34 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548

[2011/04/26 14:24:45 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19914548

[2011/04/13 18:46:27 | 000,006,572 | ---- | C] () -- C:\Documents and Settings\Timothy Narva\Desktop\Term Timothy Narva 500k 20yr.pdf

[2011/04/13 09:22:32 | 001,543,609 | ---- | C] () -- C:\Documents and Settings\Timothy Narva\Desktop\PAUL II.pdf

[2011/01/14 15:18:30 | 000,000,502 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP34.INI

[2010/11/30 12:33:40 | 005,201,246 | ---- | C] () -- C:\Program Files\reaper373-install.exe

[2010/09/27 09:05:59 | 000,192,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/05/13 09:40:32 | 000,245,840 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll

[2010/05/13 09:40:31 | 001,025,688 | ---- | C] () -- C:\WINDOWS\dbplugin.exe

[2010/05/13 09:40:16 | 001,143,464 | ---- | C] () -- C:\Program Files\dnlsetup.exe

[2010/04/22 21:23:15 | 000,015,356 | -HS- | C] () -- C:\Documents and Settings\Timothy Narva\Local Settings\Application Data\2307417872

[2010/04/22 21:23:15 | 000,015,356 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2307417872

[2010/04/22 21:14:53 | 000,015,352 | -HS- | C] () -- C:\Documents and Settings\Timothy Narva\Local Settings\Application Data\Mi715R2

[2010/04/22 21:14:53 | 000,015,352 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Mi715R2

[2010/03/01 23:19:11 | 007,757,856 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe

[2010/02/01 20:55:32 | 006,301,339 | ---- | C] () -- C:\Program Files\fuze01.02.28.zip

[2010/01/28 09:43:12 | 000,383,259 | ---- | C] () -- C:\Program Files\PrcView_5_2_15.zip

[2009/11/03 17:31:21 | 033,952,648 | ---- | C] () -- C:\Program Files\zaSetup_80_298_000_en.exe

[2009/10/26 10:23:07 | 000,070,456 | ---- | C] () -- C:\Program Files\1.jpeg

[2009/10/26 09:32:16 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin

[2009/10/26 09:10:12 | 322,695,512 | ---- | C] () -- C:\Program Files\500_b028_multilanguage.exe

[2009/10/21 16:12:59 | 001,039,920 | ---- | C] () -- C:\Program Files\RootkitBuster_2.80.1071.zip

[2009/10/20 21:57:07 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Timothy Narva\Local Settings\Application Data\housecall.guid.cache

[2009/04/29 13:46:20 | 001,129,122 | ---- | C] () -- C:\Program Files\mkwact097b1.exe

[2009/02/26 12:54:40 | 000,304,957 | ---- | C] () -- C:\Program Files\hjsplit.zip

[2008/07/15 12:44:51 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Timothy Narva\Local Settings\Application Data\fusioncache.dat

[2008/03/28 11:35:08 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Stingers

[2008/03/28 11:35:08 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

[2008/02/22 10:56:44 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2008/02/10 14:47:50 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2008/02/06 16:42:22 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll

[2008/02/06 16:42:22 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll

[2007/08/16 16:24:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI

[2007/07/23 10:05:38 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html

[2007/05/21 09:34:23 | 000,000,621 | ---- | C] () -- C:\WINDOWS\Tuareg2.ini

[2007/05/21 09:20:31 | 002,489,528 | ---- | C] () -- C:\Program Files\tu20.zip

[2007/04/11 11:28:48 | 124,772,352 | ---- | C] () -- C:\Program Files\DrumCore_Demo_Install.exe

[2007/03/16 12:01:27 | 000,004,659 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2007/02/14 19:35:00 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/02/11 14:06:52 | 001,508,117 | ---- | C] () -- C:\Program Files\hh_install.exe

[2007/02/10 14:57:06 | 004,918,428 | ---- | C] () -- C:\Program Files\expcdripper.exe

[2006/06/23 09:46:49 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI

[2006/06/12 15:09:47 | 000,953,008 | ---- | C] () -- C:\Program Files\install_flash_player.exe

[2006/06/04 17:18:18 | 001,430,778 | ---- | C] () -- C:\Program Files\fretpro-setup.exe

[2006/05/25 10:04:43 | 000,939,889 | ---- | C] () -- C:\Program Files\GuitarScalesMethod.exe

[2006/04/06 10:16:53 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe

[2006/02/23 09:08:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2006/02/23 09:08:33 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe

[2006/02/23 09:08:21 | 000,003,581 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2006/02/15 20:13:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe

[2005/12/02 17:05:19 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll

[2005/12/02 17:05:19 | 000,000,064 | ---- | C] () -- C:\WINDOWS\msocreg32.dat

[2005/09/22 11:17:21 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Timothy Narva\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/08/09 18:13:59 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe

[2005/08/09 18:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2005/07/01 14:29:00 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Timothy Narva\Application Data\PFP120JPR.{PB

[2005/07/01 14:29:00 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Timothy Narva\Application Data\PFP120JCM.{PB

[2005/06/14 08:54:00 | 000,000,604 | ---- | C] () -- C:\WINDOWS\PowerReg.dat

[2005/05/04 13:41:36 | 000,001,084 | ---- | C] () -- C:\WINDOWS\checkip.dat

[2005/05/04 13:11:36 | 000,001,293 | ---- | C] () -- C:\WINDOWS\ipconfig.dat

[2005/04/26 12:49:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2005/03/24 12:44:55 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll

[2005/02/24 12:59:07 | 000,000,058 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2005/02/24 12:59:07 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini

[2005/02/24 12:59:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brohl144.ini

[2005/02/24 12:59:04 | 000,000,296 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI

[2005/02/24 12:59:04 | 000,000,012 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2005/02/24 12:59:04 | 000,000,011 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI

[2005/02/24 12:58:48 | 000,000,410 | ---- | C] () -- C:\WINDOWS\brwmark.ini

[2005/02/24 12:58:47 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini

[2005/02/24 12:58:45 | 000,000,038 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2005/02/03 23:59:48 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\metaflac.exe

[2005/02/03 23:59:44 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\flac.exe

[2005/01/30 14:24:13 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE

[2005/01/30 14:22:33 | 000,023,138 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini

[2005/01/29 13:39:00 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/01/18 21:07:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/01/18 21:02:13 | 000,001,455 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/01/18 20:57:53 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT

[2005/01/18 20:57:53 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2005/01/18 20:57:41 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini

[2005/01/18 20:57:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2005/01/18 20:57:35 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2005/01/18 20:47:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT

[2005/01/18 20:47:06 | 000,445,772 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT

[2005/01/18 20:47:06 | 000,072,978 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT

[2005/01/18 20:30:36 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/08/10 15:13:12 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI

[2004/08/10 15:08:08 | 000,342,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/10 15:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/10 15:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/10 12:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN

[2004/08/10 12:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT

[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT

[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT

[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT

[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN

[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT

[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT

[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI

[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT

[2004/07/19 18:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE

[2004/05/26 17:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE

[2003/08/06 05:33:22 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll

[2003/07/31 19:16:46 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT

[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

[1980/01/01 02:00:00 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll

[1980/01/01 02:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/11/16 10:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2005/01/18 20:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2008/03/28 11:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2009/10/25 10:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft

[2009/10/20 19:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit

[2010/08/24 07:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack

[2008/03/05 10:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier

[2008/03/28 11:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2011/02/08 15:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic

[2010/09/13 09:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion

[2007/10/22 18:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMSI

[2008/03/12 10:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Submersible

[2008/02/23 09:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/10/20 22:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2008/03/28 11:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Themes

[2008/03/28 11:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2007/09/10 12:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo

[2009/10/30 16:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\Blackberry Desktop

[2010/07/07 09:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\CheckPoint

[2009/10/20 19:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\COWON

[2009/03/14 12:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\DeepBurner

[2009/09/08 10:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\IObit

[2009/01/14 00:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\Juniper Networks

[2005/01/29 14:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\Leadertech

[2009/05/26 12:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\LimeWire

[2011/05/03 13:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\mjusbsp

[2007/09/04 09:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\Musicmatch

[2006/09/18 12:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\Opera

[2010/11/30 12:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\REAPER

[2010/09/16 12:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\Research In Motion

[2009/08/14 09:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\SanDisk

[2006/04/06 10:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\Softplicity

[2005/12/02 16:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\Steinberg

[2007/04/11 11:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\Submersible

[2007/08/02 09:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\TrueSwitch

[2010/03/29 20:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\TweakNow PowerPack 2009

[2010/03/29 19:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\TweakNow PowerPack 2010

[2009/10/05 10:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\Uniblue

[2009/10/20 21:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Narva\Application Data\WinPatrol

[2011/05/02 08:52:25 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Share this post


Link to post
Share on other sites

Sorry for the delay.

Run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\RunOnceEx: [] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
    [2009/10/20 19:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

Share this post


Link to post
Share on other sites

Completed and the icons are back on my desktop...thank you!

Is there anything else I should do to ensure that this bugs is gone from my system? There appear to be a few ghost files that I don't recall seeing before.

Share this post


Link to post
Share on other sites

You're welcome :)

Glad to hear you have your desktop icons back.

Step #1

To re-hide those files:

[*]Click on My Computer from your desktop and from the menu click on Tools and then Folder Options.

toolsfolderoptions.png

[*]Click on the View tab and under the Hidden Files and Folders section, choose the radio button that says

Share this post


Link to post
Share on other sites

Appears to be back to normal. Thank you for all of your assistance.

Share this post


Link to post
Share on other sites

You're welcome :)

Glad to hear!

Please post the MBAM and Kaspersky logs I requested in my previous set of instructions so we can make sure you are clean.

Share this post


Link to post
Share on other sites

You're welcome :)

Glad to hear!

Please post the MBAM and Kaspersky logs I requested in my previous set of instructions so we can make sure you are clean.

Sorry for not checking back until now on this. Actually, I've been having some issues with my external drive the past couple days and posted a help request in the PC forum. I believe that drive has been corrupted somehow.

Share this post


Link to post
Share on other sites

Hello Spy Sentinel-

I have the same exact problem.

I have removed the virus, but still cannot access my programs.

I have followed your steps through the OTL with my results as follows:

OTL logfile created on: 5/13/2011 7:53:49 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Randy\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.47 Gb Total Space | 8.68 Gb Free Space | 11.66% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: RANDY-B30E658C7 | User Name: Randy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Randy\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)

PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)

PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)

PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)

PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)

PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Randy\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found

SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (ZuneWlanCfgSvc) -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV - (ZuneBusEnum) -- C:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)

SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)

SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe (SigmaTel, Inc.)

SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)

========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (stdriver) -- C:\WINDOWS\system32\drivers\stdriver32.sys (NCH Software)

DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)

DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)

DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)

DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"

FF - prefs.js..browser.startup.homepage: "http://www.google.com/|http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872

FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {D1210C8B-58C7-4983-AFF9-9F01FCEE013B}:1.9.1

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4bd24857&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 14:27:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/05/09 18:02:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{D1210C8B-58C7-4983-AFF9-9F01FCEE013B}: C:\Documents and Settings\Randy\Local Settings\Application Data\{D1210C8B-58C7-4983-AFF9-9F01FCEE013B} [2011/05/12 17:56:47 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 21:37:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 21:37:43 | 000,000,000 | ---D | M]

[2010/04/23 21:09:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Randy\Application Data\Mozilla\Extensions

[2011/05/13 19:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\3rj20mrl.default\extensions

[2010/07/18 14:11:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\3rj20mrl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/06/28 22:12:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\3rj20mrl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011/04/21 21:01:39 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\3rj20mrl.default\extensions\toolbar@ask.com

[2011/05/12 17:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/12/17 17:55:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/06/28 22:11:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2011/01/27 10:43:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/05/12 17:56:47 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\RANDY\LOCAL SETTINGS\APPLICATION DATA\{D1210C8B-58C7-4983-AFF9-9F01FCEE013B}

[2010/11/24 14:27:05 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX

[2011/05/09 18:02:38 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED

[2010/06/28 22:11:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2011/02/02 10:58:47 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

Hosts file not found

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\ShellBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [hpqSRMon] File not found

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272064404126 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/04/23 18:28:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{9e45cb25-5331-11df-994a-001a6b79da97}\Shell\AutoRun\command - "" = E:\Launch.exe

O33 - MountPoints2\{bc86791f-c81f-11df-996c-001a6b79da97}\Shell\AutoRun\command - "" = F:\Setup.exe

O33 - MountPoints2\{bc86791f-c81f-11df-996c-001a6b79da97}\Shell\Install\command - "" = F:\Setup.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/13 19:51:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Randy\Desktop\OTL.exe

[2011/05/13 18:01:44 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Randy\Desktop\mbam-setup-1.50.1.1100.exe

[2011/05/13 17:58:36 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2011/05/13 17:43:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Randy\Recent

[2011/05/12 17:56:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\Desktop\tdsskiller

[2011/05/12 17:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\Local Settings\Application Data\{D1210C8B-58C7-4983-AFF9-9F01FCEE013B}

[2011/05/12 17:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\hP02400NcCkK02400

[2011/04/22 22:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\Desktop\music

[2011/04/22 17:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PS3 Media Server

[2011/04/22 17:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randy\Application Data\PMS

[2011/04/22 17:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/13 19:51:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Randy\Desktop\OTL.exe

[2011/05/13 19:50:51 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/05/13 19:50:51 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/05/13 19:50:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-448539723-839522115-1003UA.job

[2011/05/13 19:49:58 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\New Internet Shortcut.url

[2011/05/13 19:49:48 | 000,066,915 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2011/05/13 19:46:35 | 000,034,722 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml

[2011/05/13 19:46:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/05/13 19:46:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/13 19:46:09 | 2145,349,632 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/13 19:18:47 | 075,984,338 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2011/05/13 18:06:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/13 18:03:42 | 000,502,095 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\unhide.exe

[2011/05/13 18:01:54 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Randy\Desktop\mbam-setup-1.50.1.1100.exe

[2011/05/13 17:31:44 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18013988

[2011/05/13 16:20:01 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ctumexuluqizevax.dat

[2011/05/13 16:20:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ghakequwezanonul.bin

[2011/05/12 17:56:45 | 001,280,815 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\tdsskiller.zip

[2011/05/12 17:54:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Randy\2gweorjqjutp92vjy9gake

[2011/05/12 16:50:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/05/10 22:15:58 | 000,089,075 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\J Coren Resume.pdf

[2011/05/10 22:01:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2011/05/10 21:50:50 | 000,002,306 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Google Chrome.lnk

[2011/05/05 15:52:30 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2011/05/04 19:43:52 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Randy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/05/02 13:50:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-448539723-839522115-1003Core.job

[2011/04/22 18:06:44 | 000,000,519 | ---- | M] () -- C:\music.lnk

[2011/04/22 18:06:44 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\music.lnk

[2011/04/22 17:49:42 | 000,136,206 | ---- | M] () -- C:\Documents and Settings\Randy\Desktop\Untitled.jpg

[2011/04/16 13:14:30 | 001,440,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/04/16 12:41:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/13 19:49:53 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\New Internet Shortcut.url

[2011/05/13 19:46:09 | 2145,349,632 | -HS- | C] () -- C:\hiberfil.sys

[2011/05/13 18:06:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/13 18:03:41 | 000,502,095 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\unhide.exe

[2011/05/13 17:31:44 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18013988

[2011/05/12 17:56:48 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ctumexuluqizevax.dat

[2011/05/12 17:56:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ghakequwezanonul.bin

[2011/05/12 17:56:43 | 001,280,815 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\tdsskiller.zip

[2011/05/12 17:54:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Randy\2gweorjqjutp92vjy9gake

[2011/05/10 22:15:58 | 000,089,075 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\J Coren Resume.pdf

[2011/04/22 18:07:37 | 000,000,519 | ---- | C] () -- C:\music.lnk

[2011/04/22 18:06:26 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\music.lnk

[2011/04/22 18:02:55 | 004,857,856 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\03 In The Aeroplane Over The Sea [Neutral Milk Hotel In The Aeroplane Over The Sea].mp3

[2011/04/22 17:49:40 | 000,136,206 | ---- | C] () -- C:\Documents and Settings\Randy\Desktop\Untitled.jpg

[2010/10/20 19:37:03 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

[2010/09/10 20:05:43 | 000,157,467 | ---- | C] () -- C:\WINDOWS\hpoins28.dat

[2010/09/10 20:05:43 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat

[2010/07/16 18:53:41 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll

[2010/07/16 18:53:41 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll

[2010/07/08 22:54:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/07/06 23:28:11 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/07/06 23:28:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010/05/25 17:57:26 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/05/23 16:26:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/04/28 22:01:32 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Randy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/23 21:09:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/04/23 19:39:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI

[2010/04/23 19:17:06 | 000,066,915 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2010/04/23 19:01:15 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2010/04/23 19:01:15 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2010/04/23 19:01:15 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2010/04/23 19:01:14 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2010/04/23 19:01:13 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2010/04/23 19:01:13 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2010/04/23 19:01:12 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2010/04/23 19:01:11 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2010/04/23 18:39:47 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe

[2010/04/23 18:32:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/04/23 18:25:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/04/23 14:17:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/04/23 14:15:48 | 001,440,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 06:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 06:00:00 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 06:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 06:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2004/08/04 06:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2004/08/04 06:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2004/08/04 06:00:00 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll

[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== LOP Check ==========

[2011/01/30 16:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2010/04/23 21:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/04/23 18:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2011/03/17 21:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/12/14 23:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2010/04/23 19:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB

[2010/09/10 21:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\gtk-2.0

[2010/05/07 18:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\NCH Swift Sound

[2011/04/22 17:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\PMS

[2010/11/07 19:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy\Application Data\uTorrent

[2010/05/10 19:02:01 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\expressripShakeIcon.job

[2011/05/10 22:01:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

[2010/05/07 18:44:56 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\soundtapSevenDays.job

[2010/05/07 18:44:56 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\soundtapShakeIcon.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 5/13/2011 7:53:49 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Randy\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.47 Gb Total Space | 8.68 Gb Free Space | 11.66% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: RANDY-B30E658C7 | User Name: Randy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Generate MD5 Signatures] -- "C:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" (Michael K. Weise)

Directory [tralih] -- "C:\Program Files\Trader's Little Helper\tralih.exe" /0 "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)

"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3

"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO

"{0742B739-DCA3-4A21-AADD-B7CBF49C2058}" = Adobe Premiere Pro CS3 Third Party Content

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{185D0A67-E066-44AE-926D-F6305813301C}" = Adobe After Effects CS3 Presets

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 23

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer

"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant

"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)

"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD

"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext

"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content

"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7

"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp

"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update

"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help

"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI

"{64B7E533-21EC-4DB3-95DE-6D2DDE81F855}" = Adobe Soundbooth CS3

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7162AC2C-733F-4127-ACAD-C5F0F27D123D}" = Adobe Creative Suite 3 Master Collection

"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3

"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8E7D7400-4F4F-409D-8F8A-43BF1DAC575A}" = TouchChip USB Driver 2.6

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores

"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{99312C08-19A1-4B20-9F1D-3BCEED582278}" = Adobe Soundbooth CS3 Codecs

"{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}" = Adobe Setup

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status

"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter

"{A6CDBEB9-2DF5-4455-A647-F3DF0441D5C3}" = Adobe Premiere Pro CS3

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3

"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3

"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3

"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch

"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller

"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype

Share this post


Link to post
Share on other sites

I will split that other users topic from this one.

Also, glad that you posted about the other issue in the PC Help Forum.

Please post the MBAM and Kaspersky logs, and if they come back clean I can give you my all clean/prevention speech.

Share this post


Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member.

This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.