Fake hdd

CandiRain · April 6, 2012

It hide all my files and short-cuts and blacked out my desktop. The onlything left is a fake hdd shortcut. I cant get to explorer or my hijackthis and cant run dds or whatever its called what should i do now.

Maurice Naggar · April 6, 2012

Hello CandiRain and welcome to MalwareBytes forums.

Why do you mention "hijackthis" ? Are you getting help somewhere else?

If you need to, download and Save the tools using a clean (other) system and save to a new USB-flash or CD/DVD and take tools to the infected system.

First, make sure you have saved all your work before you begin, and close your open apps.

Close all open windows on the Task Bar.

Note: If using Firefox browser, right-click on any download links and choose Save As

Please download OTH to your desktop

Please download OTL to your desktop

Double click the OTH file to run it and click Kill All Processes button, your desktop will go blank. (That is normal & expected).

If running on Windows 7 or Vista, to start tools, do a RIGHT-Click and then select "Run As Administrator".

Then press Start OTL button. OTL will now run. If prompted to allow it to run, press YES.

In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
Then copy/paste the following into your post (in order):

the contents of OTL.txt;
the contents of Extras.txt ; and
the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

CandiRain · April 7, 2012

just to let you know. when i turned on my computer the anti virus protection i have found a trojen and put it in a vault... not sure what to do with that but still no files or start up menu and black desktop with no icons. i did everything you said to do tho ill post below

CandiRain · April 7, 2012

OTL logfile created on: 4/7/2012 9:16:29 AM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\victoria\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 492.17 Mb Available Physical Memory | 48.48% Memory free

2.39 Gb Paging File | 1.77 Gb Available in Paging File | 74.41% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.88 Gb Total Space | 41.57 Gb Free Space | 74.39% Space Free | Partition Type: NTFS

Computer Name: VICTORIA-AE7A76 | User Name: victoria | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/07 09:14:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTL.scr

PRC - [2012/04/07 09:13:35 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTH.scr

PRC - [2012/01/24 18:24:26 | 002,416,480 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe

PRC - [2011/11/28 02:19:04 | 001,229,664 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe

PRC - [2011/10/12 07:25:22 | 004,433,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

PRC - [2011/10/10 07:23:34 | 000,973,664 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe

PRC - [2011/09/08 21:53:26 | 000,743,264 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe

PRC - [2011/08/15 07:21:40 | 000,337,760 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe

PRC - [2011/08/02 07:09:08 | 000,192,776 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe

PRC - [2008/12/02 22:57:30 | 000,729,088 | -H-- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFLTR.EXE

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2011/10/12 07:25:22 | 004,433,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/08/02 07:09:08 | 000,192,776 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2008/11/09 16:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/09/11 07:00:10 | 000,237,650 | -H-- | M] (IDT, Inc.) [Auto | Stopped] -- c:\Program Files\IDT\WDM\STACSV.EXE -- (STacSV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.SYS -- (PCTINDIS5)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pctnullport.sys -- (Nmea)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)

DRV - [2011/10/07 07:23:48 | 000,230,608 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2011/10/04 07:21:42 | 000,016,720 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/09/13 06:30:10 | 000,032,592 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/08/08 07:08:58 | 000,040,016 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/07/11 02:14:38 | 000,295,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/07/11 02:14:28 | 000,024,272 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/07/11 02:14:28 | 000,023,120 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV - [2011/07/11 02:14:26 | 000,134,608 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2009/05/03 05:41:54 | 001,294,200 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2009/05/01 09:43:30 | 000,026,888 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)

DRV - [2009/05/01 09:43:28 | 000,171,144 | -H-- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)

DRV - [2009/05/01 09:43:28 | 000,149,512 | -H-- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)

DRV - [2009/05/01 09:43:24 | 000,222,720 | -H-- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)

DRV - [2008/12/02 22:57:32 | 000,112,128 | -H-- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)

DRV - [2008/10/15 14:58:32 | 000,027,072 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)

DRV - [2008/09/11 07:00:10 | 001,390,323 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2008/06/27 13:02:00 | 000,289,024 | -H-- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2007/11/02 18:51:30 | 000,006,400 | -H-- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)

DRV - [2007/11/02 18:36:12 | 000,018,176 | -H-- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)

DRV - [2007/07/03 17:58:20 | 000,106,792 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2007/07/03 17:57:24 | 000,011,944 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2007/07/03 17:54:24 | 000,080,552 | -H-- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2007/01/22 22:33:00 | 000,007,680 | -H-- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8

IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{22E177FF-D849-4A8A-801A-FB5854291E6C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ444YYUS&apn_uid=8858E931-055A-46C6-9B63-314C9D53A66E&apn_sauid=4D6286F7-03B5-40AA-8555-8BD699A77E9F

IE - HKCU\..\SearchScopes\{5CD15C20-3EB0-40E5-ABD1-E9B7F7CB60AF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_en

IE - HKCU\..\SearchScopes\{84EDDA1C-D0C4-4D54-BD3C-035E52170924}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1

IE - HKCU\..\SearchScopes\{B0C87276-8019-4ED3-BDFA-64E75F7D0F8B}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}

IE - HKCU\..\SearchScopes\{B1C9773A-F0D8-491E-8204-47D7E655B7F8}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKCU\..\SearchScopes\{C26080EF-DE5E-4852-B7D5-89FC74906A2B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8

IE - HKCU\..\SearchScopes\{D9AA5878-FB80-48D3-AA9B-2DCFACF372AD}: "URL" = http://delicious.com/search?p={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.3.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: profilesong.toolbar@completeplaylists.com:1.0.1

FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\victoria\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 18:30:33 | 000,000,000 | -H-D | M]

[2010/07/28 23:14:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Extensions

[2010/07/28 23:14:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com

[2010/07/26 17:11:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions

[2009/07/05 00:54:32 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/08/16 23:55:29 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/05/22 15:36:04 | 000,000,000 | -H-D | M] (Diccionario de EspaÃ±ol/EspaÃ±a) -- C:\Documents and Settings\victoria\Application Data\Mozilla\Firefox\Profiles\4u4bxpcq.default\extensions\es-es@dictionaries.addons.mozilla.org

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files\IMVU_Inc\prxtbIMV0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [iDTSysTrayApp] C:\WINDOWS\STTRAY.EXE (IDT, Inc.)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\STTRAY.EXE (IDT, Inc.)

O4 - HKCU..\Run: [Aim6] File not found

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found

O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\victoria\Start Menu\Programs\IMVU\Run IMVU.lnk ()

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: mathxl.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: pearsoned.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: vccs.edu ([google] https in Trusted sites)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31FFF463-D0A4-4BDD-9FB9-20D2291C98FC}: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\victoria\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\victoria\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/05/03 05:24:22 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{2ad73db6-382e-11de-9c46-0024815d8f86}\Shell - "" = AutoRun

O33 - MountPoints2\{2ad73db6-382e-11de-9c46-0024815d8f86}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{2ad73db6-382e-11de-9c46-0024815d8f86}\Shell\AutoRun\command - "" = D:\WIN\setup.exe

O33 - MountPoints2\{47565a08-c375-11de-9ccd-0024815d8f86}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/07 09:14:51 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTL.scr

[2012/04/07 09:14:03 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTH.scr

[2012/04/07 09:00:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\victoria\Recent

[2012/04/06 15:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\victoria\Start Menu\Programs\SMART HDD

[2012/04/05 07:40:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\victoria\Application Data\PoseCentral

[2012/04/05 07:40:44 | 000,000,000 | -H-D | C] -- C:\Program Files\PandoraV

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\Documents and Settings\victoria\My Documents\*.tmp files -> C:\Documents and Settings\victoria\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/07 09:42:00 | 000,000,990 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2025429265-527237240-1004UA.job

[2012/04/07 09:14:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTL.scr

[2012/04/07 09:13:35 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\victoria\Desktop\OTH.scr

[2012/04/07 09:07:23 | 094,033,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2012/04/07 09:01:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3

[2012/04/07 09:01:06 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3r

[2012/04/07 09:00:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk

[2012/04/07 09:00:26 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\IuUdBzWZhpFZk3

[2012/04/07 08:59:27 | 000,000,848 | -H-- | M] () -- C:\WINDOWS\tasks\ZatisfiUpdateTaskMachineCore.job

[2012/04/07 08:59:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/04/06 14:43:00 | 000,000,850 | -H-- | M] () -- C:\WINDOWS\tasks\ZatisfiUpdateTaskMachineUA.job

[2012/04/06 13:03:36 | 000,069,283 | -H-- | M] () -- C:\Documents and Settings\victoria\.recently-used.xbel

[2012/04/05 17:32:51 | 000,048,743 | -H-- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2012/04/05 07:40:56 | 000,001,631 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Pandora.lnk

[2012/04/05 07:13:24 | 000,001,949 | -H-- | M] () -- C:\Documents and Settings\victoria\Desktop\IMVU.lnk

[2012/04/04 10:42:00 | 000,000,938 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2025429265-527237240-1004Core.job

[2012/04/03 12:05:40 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/03/30 23:51:49 | 000,834,682 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/03/30 23:51:48 | 000,262,846 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/03/15 19:45:27 | 000,152,384 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/03/15 10:17:13 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\Documents and Settings\victoria\My Documents\*.tmp files -> C:\Documents and Settings\victoria\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/07 09:00:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\victoria\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk

[2012/04/06 15:33:57 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3r

[2012/04/06 15:33:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-IuUdBzWZhpFZk3

[2012/04/06 15:33:12 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\IuUdBzWZhpFZk3

[2012/04/06 13:03:36 | 000,069,283 | -H-- | C] () -- C:\Documents and Settings\victoria\.recently-used.xbel

[2012/04/05 07:40:56 | 000,001,631 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Pandora.lnk

[2012/02/15 20:46:03 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/11/17 17:18:34 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/06/11 14:19:11 | 000,073,220 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2011/06/11 14:19:11 | 000,001,137 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2011/06/11 14:19:11 | 000,001,130 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2011/06/11 14:19:11 | 000,001,130 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2011/06/11 14:19:11 | 000,001,104 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2011/06/11 14:19:11 | 000,000,097 | -H-- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2011/06/11 14:19:10 | 000,031,053 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2011/06/11 14:19:10 | 000,029,114 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2011/06/11 14:19:10 | 000,027,417 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2011/06/11 14:19:10 | 000,021,021 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2011/06/11 14:19:10 | 000,015,670 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2011/06/11 14:19:10 | 000,013,280 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2011/06/11 14:19:10 | 000,010,673 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2011/06/11 14:19:10 | 000,004,943 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2011/06/11 14:19:10 | 000,001,140 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2011/06/11 14:19:10 | 000,001,140 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2011/03/19 19:13:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

========== LOP Check ==========

[2010/06/28 19:24:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AIM

[2011/07/27 11:10:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Ask

[2011/10/10 01:00:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2010/10/16 12:02:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2011/08/30 05:48:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2012/04/07 09:08:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010/08/01 20:34:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint

[2009/05/03 06:05:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2011/05/21 12:17:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/11/25 16:47:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/07/04 19:42:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/05/04 15:30:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\acccore

[2010/10/16 13:01:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\AVG10

[2002/01/08 22:39:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\AVG2012

[2009/06/14 12:07:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Bytemobile

[2011/06/11 14:02:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Driver Smith

[2011/06/11 16:00:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\EPSON

[2009/05/03 18:15:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\GetRightToGo

[2012/04/06 12:41:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\gtk-2.0

[2012/04/05 17:54:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\IMVU

[2010/08/02 15:17:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\IMVU Previewer

[2012/03/02 12:33:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\IMVUClient

[2010/02/08 14:54:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Maple

[2012/04/05 07:40:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\PoseCentral

[2012/04/07 09:20:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\PriceGong

[2009/07/04 19:24:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Research In Motion

[2010/12/13 18:15:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\SecondLife

[2009/05/03 18:03:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Sierra Wireless

[2009/05/03 05:38:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\TMP

[2010/07/28 23:23:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Vivox

[2011/05/18 23:40:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\victoria\Application Data\Wacom

[2012/04/07 08:59:27 | 000,000,848 | -H-- | M] () -- C:\WINDOWS\Tasks\ZatisfiUpdateTaskMachineCore.job

[2012/04/06 14:43:00 | 000,000,850 | -H-- | M] () -- C:\WINDOWS\Tasks\ZatisfiUpdateTaskMachineUA.job

========== Purity Check ==========

< End of report >

CandiRain · April 7, 2012

_{_{OTL Extras logfile created on: 4/7/2012 9:16:29 AM - Run 1}}

_{_{OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\victoria\Desktop}}

_{_{Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation}}

_{_{Internet Explorer (Version = 8.0.6001.18702)}}

_{_{Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy}}

_{_{1015.23 Mb Total Physical Memory | 492.17 Mb Available Physical Memory | 48.48% Memory free}}

_{_{2.39 Gb Paging File | 1.77 Gb Available in Paging File | 74.41% Paging File free}}

_{_{Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]}}

_{_{%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files}}

_{_{Drive C: | 55.88 Gb Total Space | 41.57 Gb Free Space | 74.39% Space Free | Partition Type: NTFS}}

_{_{Computer Name: VICTORIA-AE7A76 | User Name: victoria | Logged in as Administrator.}}

_{_{Boot Mode: Normal | Scan Mode: Current user}}

_{_{Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days}}

_{_{========== Extra Registry (SafeList) ==========}}

_{_{========== File Associations ==========}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]}}

_{_{.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*}}

_{_{.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l}}

_{_{========== Shell Spawning ==========}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]}}

_{_{batfile [open] -- "%1" %*}}

_{_{cmdfile [open] -- "%1" %*}}

_{_{comfile [open] -- "%1" %*}}

_{_{cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*}}

_{_{exefile [open] -- "%1" %*}}

_{_{InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l}}

_{_{piffile [open] -- "%1" %*}}

_{_{regfile [merge] -- Reg Error: Key error.}}

_{_{scrfile [config] -- "%1"}}

_{_{scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l}}

_{_{scrfile [open] -- "%1" /S}}

_{_{txtfile [edit] -- Reg Error: Key error.}}

_{_{Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1}}

_{_{Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)}}

_{_{Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)}}

_{_{Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)}}

_{_{Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)}}

_{_{========== Security Center Settings ==========}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]}}

_{_{"FirstRunDisabled" = 1}}

_{_{"AntiVirusDisableNotify" = 0}}

_{_{"FirewallDisableNotify" = 0}}

_{_{"UpdatesDisableNotify" = 0}}

_{_{"AntiVirusOverride" = 1}}

_{_{"FirewallOverride" = 1}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]}}

_{_{========== System Restore Settings ==========}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]}}

_{_{"DisableSR" = 0}}

_{_{[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]}}

_{_{"Start" = 0}}

_{_{[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]}}

_{_{"Start" = 2}}

_{_{========== Firewall Settings ==========}}

_{_{[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]}}

_{_{"EnableFirewall" = 1}}

_{_{[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]}}

_{_{"EnableFirewall" = 1}}

_{_{========== Authorized Applications List ==========}}

_{_{[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]}}

_{_{[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]}}

_{_{"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)}}

_{_{"C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe" = C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux}}

_{_{"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)}}

_{_{"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager}}

_{_{"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer}}

_{_{"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)}}

_{_{"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Disabled:Java Platform SE binary -- (Sun Microsystems, Inc.)}}

_{_{"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)}}

_{_{"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)}}

_{_{"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)}}

_{_{========== HKEY_LOCAL_MACHINE Uninstall List ==========}}

_{_{[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]}}

_{_{"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR}}

_{_{"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer}}

_{_{"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148}}

_{_{"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 26}}

_{_{"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP}}

_{_{"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis}}

_{_{"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater}}

_{_{"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012}}

_{_{"{4F2AF17E-94F0-4F22-943D-216CE46AC502}" = HP Mobile Broadband Setup Utility}}

_{_{"{55D1B76E-305E-4A2C-A883-E74EFF9D35F3}" = Pandora2012}}

_{_{"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2}}

_{_{"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable}}

_{_{"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053}}

_{_{"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com}}

_{_{"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570}}

_{_{"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight}}

_{_{"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12}}

_{_{"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007}}

_{_{"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)}}

_{_{"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007}}

_{_{"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)}}

_{_{"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007}}

_{_{"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)}}

_{_{"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007}}

_{_{"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)}}

_{_{"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007}}

_{_{"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)}}

_{_{"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007}}

_{_{"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)}}

_{_{"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007}}

_{_{"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007}}

_{_{"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)}}

_{_{"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007}}

_{_{"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)}}

_{_{"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007}}

_{_{"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)}}

_{_{"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In}}

_{_{"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007}}

_{_{"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)}}

_{_{"{930240B3-F09F-4725-8820-7C7480104351}" = AVG 2012}}

_{_{"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant}}

_{_{"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161}}

_{_{"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2}}

_{_{"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support}}

_{_{"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3}}

_{_{"{B5B25043-42A0-4490-A425-C7A6284213E6}" = HP User Guides 0130}}

_{_{"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2}}

_{_{"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver}}

_{_{"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection}}

_{_{"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1}}

_{_{"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1}}

_{_{"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio}}

_{_{"Adobe AIR" = Adobe AIR}}

_{_{"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX}}

_{_{"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin}}

_{_{"Audacity_is1" = Audacity 1.2.6}}

_{_{"AVG" = AVG 2012}}

_{_{"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter}}

_{_{"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com}}

_{_{"EPSON Printer and Utilities" = EPSON Printer Software}}

_{_{"EPSON Scanner" = EPSON Scan}}

_{_{"HDMI" = Intel® Graphics Media Accelerator Driver}}

_{_{"HOMESTUDENTR" = Microsoft Office Home and Student 2007}}

_{_{"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs}}

_{_{"ie7" = Windows Internet Explorer 7}}

_{_{"ie8" = Windows Internet Explorer 8}}

_{_{"IMVU_Inc Toolbar" = IMVU Inc Toolbar}}

_{_{"InstallShield_{55D1B76E-305E-4A2C-A883-E74EFF9D35F3}" = Pandora2012}}

_{_{"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1}}

_{_{"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1}}

_{_{"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP}}

_{_{"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs}}

_{_{"SynTPDeinstKey" = Synaptics Pointing Device Driver}}

_{_{"ViewpointMediaPlayer" = Viewpoint Media Player}}

_{_{"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin}}

_{_{"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin}}

_{_{"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7}}

_{_{"Windows Media Format Runtime" = Windows Media Format 11 runtime}}

_{_{"Windows Media Player" = Windows Media Player 11}}

_{_{"WinGimp-2.0_is1" = GIMP 2.6.10}}

_{_{"WMFDist11" = Windows Media Format 11 runtime}}

_{_{"wmp11" = Windows Media Player 11}}

_{_{"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0}}

_{_{"Yahoo! Messenger" = Yahoo! Messenger}}

_{_{"Yahoo! Software Update" = Yahoo! Software Update}}

_{_{"YTdetect" = Yahoo! Detect}}

_{_{========== HKEY_CURRENT_USER Uninstall List ==========}}

_{_{[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]}}

_{_{"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software}}

_{_{"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8}}

_{_{========== Last 10 Event Log Errors ==========}}

_{_{[ Application Events ]}}

_{_{Error - 3/30/2012 8:47:30 PM | Computer Name = VICTORIA-AE7A76 | Source = PerfNet | ID = 2004}}

_{_{Description = Unable to open the Server service. Server performance data will not}}