View Full Version : Cannot Connect to Internet
Woodworker44
2010-08-18, 02:44
Help. I have been working on this for over two weeks and may have done some major damage to my laptop.
Infected August 2nd with fake security warning trojan. After virus was removed, connection to Internet would drop out unexpectedly. Noticed that first Google hits were www.juggle.com, www.adultphoyos.com, www.localmoxie.com, etc. All bogus sites leading to people selling crap...
Cannot connect to the Internet. Cannot ping router/access point. Vista states when attempting to run any browser that the server was not found. When opening Vista Network and Sharing Center, it states that I am connected to IPv4 locally and have limited connect to IPv6. Using Linksys wireless router and until August, system ran for over a year with no problems to four computers. None of the other computers infected.
Runnign Norton 360 and it did not detect trojan.
Since infection have run the following in no particular order:
Registry Mechanic, Glary Registry Repair, Spybot, Bit Defender, AVG Anti-Spyware, CCleaner, Housecall, Panda Active Scan, Ad-Aware, HiJack This, and maybe one or two others I may not have written in my log.
I have run ERUNT not that it will do any good.
I'm ready to buy Windows 7 and start over.......ARGHH!!!
Here are the DDS files:
DDS (Ver_10-03-17.01) - NTFSX64
Run by Cindy at 19:16:37.50 on Tue 08/17/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2044 [GMT -4:00]
SP: AVG Anti-Spyware *disabled* (Updated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Cindy\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~2\common~1\symant~1\ids\IPSBHO.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files (x86)\iwin games\iWinGamesHookIE.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: ~NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files (x86)\freeze.com\my.freeze.com netassistant\NetAssistant.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [UCam_Menu] "c:\program files (x86)\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
mRun: [UpdateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files (x86)\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UpdateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files (x86)\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files (x86)\norton 360\osCheck.exe"
mRun: [SSBkgdUpdate] "c:\program files (x86)\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files (x86)\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [TSMAgent] "c:\program files (x86)\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [DVDAgent] "c:\program files (x86)\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [!AVG Anti-Spyware] "c:\program files (x86)\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
StartupFolder: c:\users\cindy\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE
StartupFolder: c:\users\cindy\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program files (x86)\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files (x86)\winzip\WZQKPICK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\qullnmj.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Zuma/Images/stg_drm.ocx
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Zuma/Images/armhelper.ocx
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files (x86)\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: AVG Anti-Spyware 7.5: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - CShellExecuteHookImpl Object
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB-X64: {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [WrtMon.exe] c:\windows\system32\spool\drivers\x64\3\WrtMon.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
================= FIREFOX ===================
FF - ProfilePath - c:\users\cindy\appdata\roaming\mozilla\firefox\profiles\1xsqmwgx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\cindy\appdata\roaming\mozilla\firefox\profiles\1xsqmwgx.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
FF - component: c:\users\cindy\appdata\roaming\mozilla\firefox\profiles\1xsqmwgx.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPcol308.dll
FF - plugin: c:\program files (x86)\picasa2\npPicasa3.dll
FF - plugin: c:\programdata\realarcade\npraclient.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {A92ADD4B-1A47-402A-8BE6-2447A0923EE0} - c:\windows\system32\config\systemprofile\appdata\local\{A92ADD4B-1A47-402A-8BE6-2447A0923EE0}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files (x86)\grisoft\avg anti-spyware 7.5\guard64.sys [2007-5-30 12024]
R1 AvgAsC64;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsC64.sys [2010-8-17 14072]
R1 IDSvia64;Symantec Intrusion Prevention Driver;c:\progra~3\symantec\defini~1\symcdata\ipsdefs\20100810.001\IDSvia64.sys [2010-8-13 386096]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/08/01 08:51:26];c:\program files (x86)\hewlett-packard\media\dvd\000.fcl [2009-8-1 146928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_bd5387da\AESTSr64.exe [2009-3-5 89088]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files (x86)\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 23040]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files (x86)\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\sminst\BLService.exe [2009-1-20 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2008-11-26 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2008-11-26 116096]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 60928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-1 132656]
R3 Symantec Core LC;Symantec Core LC;c:\progra~2\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-4-4 1245064]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 47664]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-4-4 26168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-15 135664]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iwin games\iwintrusted.exe --> c:\program files (x86)\iwin games\iWinTrusted.exe [?]
S2 StarWindServiceAE;StarWind AE Service;c:\program files (x86)\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S2 TCPIP Pass-through Filter;TCPIP Pass-through Filter;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 27648]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-4-5 25424]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-1-20 222512]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-21 145496]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-5-29 19544]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files (x86)\common files\surething shared\stllssvr.exe [2010-4-2 74392]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-23 89920]
============== File Associations ===============
JSEFile=c:\windows\syswow64\WScript.exe "%1" %*
=============== Created Last 30 ================
2010-08-17 16:01:58 0 d-----w- c:\users\cindy\appdata\roaming\Grisoft
2010-08-17 16:01:24 14072 ----a-w- c:\windows\system32\drivers\AvgAsC64.sys
2010-08-17 16:01:23 0 d-----w- c:\programdata\Grisoft
2010-08-17 14:53:41 525824 ----a-w- C:\dds.com
2010-08-15 00:35:57 65536 --sha-w- c:\users\cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TM.blf
2010-08-15 00:35:57 524288 --sha-w- c:\users\cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
2010-08-15 00:35:57 524288 --sha-w- c:\users\cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
2010-08-12 19:25:47 0 d-----w- c:\users\cindy\appdata\roaming\SurfSecret Privacy Suite
2010-08-12 19:23:48 0 d-----w- c:\programdata\Panda Security
2010-08-12 18:49:08 812344 ----a-w- C:\HJTInstall.exe
2010-08-12 18:49:08 3420304 ----a-w- C:\ccsetup234.exe
2010-08-12 18:14:33 0 d-----w- c:\program files (x86)\Trend Micro
2010-08-12 08:15:47 65536 --sha-w- c:\users\cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TM.blf
2010-08-12 08:15:47 524288 --sha-w- c:\users\cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
2010-08-12 08:15:47 524288 --sha-w- c:\users\cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
2010-08-12 03:48:58 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 03:48:58 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 03:48:55 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 03:48:49 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-12 03:48:22 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 03:48:22 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-12 03:48:16 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 03:47:49 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 03:47:48 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-12 03:45:28 274944 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-12 03:45:27 343040 ----a-w- c:\windows\system32\schannel.dll
2010-08-05 01:00:42 8192 ----a-w- c:\windows\syswow64\qullnmj.dll
2010-08-05 01:00:39 19456 ----a-w- c:\windows\syswow64\~msippsth.dll
2010-08-04 12:25:28 524288 --sha-w- c:\users\cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
2010-08-04 12:25:27 65536 --sha-w- c:\users\cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TM.blf
2010-08-04 12:25:27 524288 --sha-w- c:\users\cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
2010-08-03 12:58:28 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-03 12:41:46 0 d-----w- c:\programdata\WindowsSearch
2010-08-02 12:41:21 0 d-----w- c:\users\cindy\appdata\roaming\GlarySoft
2010-08-02 12:41:21 0 d-----w- c:\program files (x86)\Glary Registry Repair
2010-08-02 12:29:08 7 ----a-w- c:\windows\syswow64\Class15
2010-08-02 12:29:08 5 ----a-w- c:\windows\syswow64\Band4
2010-07-31 01:01:55 0 d-----w- c:\programdata\Update
2010-07-26 15:48:54 286720 ----a-w- c:\windows\iun506.exe
2010-07-26 15:48:54 0 d-----w- c:\program files (x86)\Mp3 File Editor
2010-07-26 15:40:18 348160 ----a-w- c:\windows\syswow64\FlatBtn6.ocx
2010-07-26 15:40:17 348160 ----a-w- c:\windows\syswow64\MEnc.ocx
2010-07-26 15:40:17 0 d-----w- c:\program files (x86)\WAV to MP3 Encoder
2010-07-22 12:15:31 65536 --sha-w- c:\users\cindy\NTUSER.DAT{fbdd9b78-9581-11df-bf45-00235a32a429}.TM.blf
2010-07-22 12:15:31 524288 --sha-w- c:\users\cindy\NTUSER.DAT{fbdd9b78-9581-11df-bf45-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
2010-07-22 12:15:31 524288 --sha-w- c:\users\cindy\NTUSER.DAT{fbdd9b78-9581-11df-bf45-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
2010-07-20 15:01:41 0 d-----w- c:\program files (x86)\EA GAMES
==================== Find3M ====================
2010-07-17 13:38:19 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-17 13:38:19 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-17 13:38:18 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-11 22:17:48 208008 ----a-w- C:\bigfishgames_p77562547_s1_l1.exe
2010-06-30 13:11:04 1704 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-06-29 15:00:23 871408 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-24 12:11:47 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 18:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2009-11-03 12:45:30 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-10 16:38:52 13727048 ----a-w- c:\program files\winzip121.exe
2009-07-03 20:42:16 69641000 ----a-w- c:\program files\iTunes64Setup.exe
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-20 05:18:23 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 19:17:09.38 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/5/2009 12:41:54 AM
System Uptime: 8/17/2010 5:25:11 PM (2 hours ago)
Motherboard: Hewlett-Packard | | 30FC
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-74 | Socket M2/S1G1 | 2200/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 220 GiB total, 8.833 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 227.099 GiB free.
E: is FIXED (NTFS) - 13 GiB total, 2.037 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is FIXED (FAT32) - 931 GiB total, 556.141 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP295: 7/23/2010 9:53:27 AM - Windows Update
RP296: 7/27/2010 5:56:14 AM - Windows Update
RP297: 7/30/2010 7:50:05 AM - Windows Update
RP298: 8/2/2010 10:38:11 AM - Windows Update
RP299: 8/4/2010 3:00:56 AM - Windows Update
RP300: 8/6/2010 8:57:46 AM - Windows Update
RP302: 8/7/2010 1:45:59 PM - Windows Defender Checkpoint
RP303: 8/9/2010 3:09:10 PM - Windows Update
RP304: 8/9/2010 7:39:33 PM - Removed Palm
RP305: 8/9/2010 7:43:40 PM - Removed Documents To Go
RP306: 8/9/2010 7:45:28 PM - Removed Documents To Go
RP307: 8/10/2010 8:04:13 PM - Scheduled Checkpoint
RP308: 8/12/2010 3:00:59 AM - Windows Update
RP309: 8/12/2010 11:22:38 PM - Windows Update
RP310: 8/13/2010 7:35:59 AM - Windows Update
RP311: 8/14/2010 7:45:08 PM - Restore Operation
RP312: 8/15/2010 1:05:59 PM - Scheduled Checkpoint
RP313: 8/16/2010 10:39:53 AM - Restore Operation
==== Installed Programs ======================
1600
1600_Help
1600Trb
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
AMD USB Audio Driver Filter
AppCore
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 10.0.1
ASIO4ALL
Atheros Driver Installation Program
Atlantis (remove only)
Atlantis Sky Patrol™
Autodesk DWF Viewer
AVG Anti-Spyware 7.5
Backup
Belarc Advisor 7.0
Big Fish Games: Game Manager
BitTorrent
BufferChm
Canon MF Toolbox 4.9.1.1.mf04
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ccCommon
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
CyberLink DVD Suite
Das Unit Converter 5.01
Data Lifeguard Diagnostic for Windows
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
DVD Shrink 3.2
EA Download Manager
EA Download Manager UI
ERUNT 1.1j
ESU for Microsoft Vista
eSupportQFolder
Fax
ffdshow
File Recover 7.5
FL Studio 9
GearDrvs
Glary Registry Repair 3.3.0.852
Google Chrome
Google Earth
Google SketchUp 7
Google Update Helper
Hidden Expedition ® - Devil's Triangle
Hidden Expedition ® : Devil's Triangle Strategy Guide
Hidden Expedition Titanic (remove only)
Hidden Expedition: Amazon ™
Hidden Expedition: Titanic ™
Hidden Wonders of the Depths 2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Common Access Service Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart TV
HP MediaSmart Webcam
HP Memories Disc
HP MULTIPLE MODEM INSTALLER for VISTA
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photosmart Essential
HP Quick Launch Buttons 6.40 L1
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0129
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPProductAssistant
HPSSupply
IDT Audio
IL Download Manager
ImagXpress
iWin Games (remove only)
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Jewel Quest: Heritage (remove only)
JMicron JMB38X Flash Media Controller
Juno Preloader
jZip
LabelPrint
Lara Croft Tomb Raider: The Angel Of Darkness
LightScribe System Software
LiveUpdate (Symantec Corporation)
LP Recorder
LP Ripper
Luxor (remove only)
Luxor Amun Rising (remove only)
Macromedia Flash Player 8
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
MailNavigator v.1.11
MarketResearch
MDI2PDF 2.6
Medal of Honor Allied Assault
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Project 2000
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft WSE 3.0 Runtime
Mobipocket Creator 4.2
Mozilla Firefox (3.6.8)
mp3-2-wav converter 1.14
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
My.Freeze.com NetAssistant
MyAshampoo Toolbar
Mystery Case Files ®: Dire Grove ™
Mystery Case Files: Return to Ravenhearst ™
Native Instruments Guitar Rig 3
neroxml
NetZero Preloader
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
PDFCreator
PhotoNow!
Picasa 3
PoiZone
Power2Go
PowerDirector
Presto! PageManager 7.15.14
PuppetShow: Souls of the Innocent
QuickTime
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Safari
Sawer
Scan
ScanSoft OmniPage SE 4.0
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Skins
Skype™ 4.0
Slingbox - Watch Your TV Anywhere
SlingPlayer
SolutionCenter
Status
SureThing CD Labeler Deluxe 5
Symantec Technical Support Controls
The Sims™ 3
Toolbox
Toxic Biohazard
TrayApp
TurboCAD Professional 16
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vacation_Countdown
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
WAV to MP3 Encoder
Wave Corrector DeClick version 1.1
WebReg
WinZip 12.1
Xvid 1.2.2 final uninstall
Zinio Reader 4
Zuma's Revenge!
Zuma Deluxe
==== Event Viewer Messages From Past Week ========
8/17/2010 6:05:51 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The operation completed successfully.
8/17/2010 6:03:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/17/2010 5:59:31 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 2147942402.
8/17/2010 5:35:01 PM, Error: PlugPlayManager [12] - The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0428) disappeared from the system without first being prepared for removal.
8/17/2010 5:35:01 PM, Error: PlugPlayManager [12] - The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0228) disappeared from the system without first being prepared for removal.
8/17/2010 5:35:01 PM, Error: PlugPlayManager [12] - The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0328) disappeared from the system without first being prepared for removal.
8/17/2010 5:35:00 PM, Error: PlugPlayManager [12] - The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0028) disappeared from the system without first being prepared for removal.
8/17/2010 5:31:14 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
8/17/2010 5:31:02 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: The system cannot find the file specified.
8/17/2010 3:41:33 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/17/2010 3:40:23 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/17/2010 3:40:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS ccHP Lbd SymEFA
8/17/2010 3:40:16 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
8/17/2010 3:38:52 PM, Error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
8/17/2010 3:38:52 PM, Error: Service Control Manager [7023] - The TCPIP Pass-through Filter service terminated with the following error: The specified module could not be found.
8/17/2010 3:38:52 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The system cannot find the file specified.
8/17/2010 3:38:52 PM, Error: Service Control Manager [7023] - The IKE and AuthIP IPsec Keying Modules service terminated with the following error: Load failed
8/17/2010 3:38:52 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: One or more arguments are invalid
8/17/2010 12:14:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS AVG Anti-Spyware Driver ccHP eeCtrl Lbd spldr SRTSPX SymEFA SYMTDI Wanarpv6
8/17/2010 12:14:10 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2010 12:14:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/17/2010 12:13:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/17/2010 12:13:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/17/2010 12:13:34 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
8/16/2010 10:33:39 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The dependency service or group failed to start.
8/15/2010 7:55:19 PM, Error: Service Control Manager [7000] - The BANTExt service failed to start due to the following error: This driver has been blocked from loading
8/15/2010 7:55:19 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\Belarc\Advisor\system\BANTExt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/15/2010 7:00:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
8/15/2010 6:58:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
8/15/2010 6:58:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
8/15/2010 6:58:33 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/15/2010 6:37:17 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service has not been started.
8/15/2010 1:34:50 PM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
8/15/2010 1:27:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS ccHP SymEFA
8/14/2010 5:52:46 PM, Error: Service Control Manager [7022] - The Panda Cloud Antivirus Service service hung on starting.
8/14/2010 3:04:49 PM, Error: Service Control Manager [7034] - The TCPIP Pass-through Filter service terminated unexpectedly. It has done this 1 time(s).
8/14/2010 10:39:52 PM, Error: Service Control Manager [7030] - The Panda Security Generic Uninstaller service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/14/2010 10:39:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/14/2010 10:34:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS ccHP eeCtrl PSINKNC spldr SRTSPX SymEFA SYMTDI Wanarpv6
8/12/2010 3:28:07 PM, Error: Service Control Manager [7034] - The iWinTrusted service terminated unexpectedly. It has done this 1 time(s).
8/12/2010 3:24:40 PM, Error: Service Control Manager [7030] - The Panda Cloud Antivirus Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/12/2010 3:03:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/12/2010 3:03:37 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/12/2010 3:03:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/12/2010 2:47:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
8/12/2010 2:47:49 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/12/2010 10:18:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
8/12/2010 10:18:53 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/12/2010 10:18:22 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/12/2010 10:18:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.
8/12/2010 10:18:22 AM, Error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/12/2010 10:17:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
8/12/2010 10:15:30 AM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
8/12/2010 10:14:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
8/12/2010 10:13:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.
8/12/2010 10:13:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
8/12/2010 10:13:05 AM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/12/2010 1:58:53 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/12/2010 1:58:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/12/2010 1:58:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/12/2010 1:58:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/12/2010 1:54:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AFS ccHP DfsC eeCtrl NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymEFA SymIM SYMTDI tdx Wanarpv6
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 1:10:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
==== End Of File ===========================
Thank you in advance,
Joe
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
BitTorrent
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).
After that:
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
Woodworker44
2010-08-25, 02:17
Posted a request for assistance in the General Malware\Malware Removal Forum on 17-Aug.
No answer after over four days, so I posted in the Waiting Room.
Did I do something wrong?
Thanks,
Joe
Woodworker44
2010-08-25, 03:12
Blade81,
First I have to apologize - found out PM means Private Message.
I removed Bit Torrent and Peer Block. Opened OTL. Changed Output to Minimal and copied and pasted the text supplied into the Custom Scan Area. Ran OTL.
Results from OTL.text are below:
OTL logfile created on: 8/24/2010 7:46:08 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = H:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.80 Gb Total Space | 9.05 Gb Free Space | 4.12% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 227.10 Gb Free Space | 97.52% Space Free | Partition Type: NTFS
Drive E: | 13.08 Gb Total Space | 2.04 Gb Free Space | 15.57% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 967.22 Mb Total Space | 800.28 Mb Free Space | 82.74% Space Free | Partition Type: FAT
Drive I: | 931.28 Gb Total Space | 556.14 Gb Free Space | 59.72% Space Free | Partition Type: FAT32
Computer Name: CINDY-PC
Current User Name: Cindy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.exe File not found
PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe File not found
PRC - H:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
PRC - C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
========== Modules (SafeList) ==========
MOD - H:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (TCPIP Pass-through Filter) -- C:\Windows\SysNative\msippsth.dll File not found
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (Symantec Core LC) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (hpqcxs08) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (LiveUpdate Notice) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (hpqddsvc) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (AVG Anti-Spyware Guard) -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
========== Driver Services (SafeList) ==========
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SYMEFA64.SYS File not found
DRV:64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\ccHPx64.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\Drivers\SYMFW.SYS (Symantec Corporation)
DRV:64bit: - (SYMREDRV) -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV:64bit: - (SYMDNS) -- C:\Windows\SysNative\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (COH_Mon) -- C:\Windows\SysNative\Drivers\COH_Mon.sys (Symantec Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (NETw3v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (AvgAsC64) -- C:\Windows\SysNative\DRIVERS\AvgAsC64.sys (GRISOFT, s.r.o.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100814.002\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100814.002\ENG64.SYS (Symantec Corporation)
DRV - (IDSvia64) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100810.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (AFS) -- C:\Windows\SysWow64\drivers\AFS.SYS (Oak Technology Inc.)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (AVG Anti-Spyware Driver) -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard64.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {A92ADD4B-1A47-402A-8BE6-2447A0923EE0}:1.9.1
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\ProgramData\iWin Games\firefox [2010/06/24 12:22:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A92ADD4B-1A47-402A-8BE6-2447A0923EE0}: C:\Windows\system32\config\systemprofile\AppData\Local\{A92ADD4B-1A47-402A-8BE6-2447A0923EE0} [2010/07/30 21:03:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/10 11:13:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/12 09:42:34 | 000,000,000 | ---D | M]
[2009/05/02 10:21:35 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Mozilla\Extensions
[2010/08/15 13:37:01 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions
[2009/10/31 08:52:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/14 17:47:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/17 19:35:14 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2010/08/23 20:30:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Mozilla Firefox\components\coFFPlgn.dll
[2009/10/01 14:38:53 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol308.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npraclient.dll
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (~NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [osCheck] C:\Program Files (x86)\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe File not found
O4 - Startup: C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Zuma/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Zuma/Images/armhelper.ocx (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/01/06 14:56:34 | 000,000,000 | ---D | M] - I:\autorun -- [ FAT32 ]
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2010/08/17 19:12:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/17 19:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/08/17 19:10:14 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Cindy\Desktop\erunt-setup.exe
[2010/08/17 12:01:58 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\Grisoft
[2010/08/17 12:01:24 | 000,014,072 | ---- | C] (GRISOFT, s.r.o.) -- C:\Windows\SysNative\drivers\AvgAsC64.sys
[2010/08/17 12:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Grisoft
[2010/08/17 12:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grisoft
[2010/08/12 15:25:47 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\SurfSecret Privacy Suite
[2010/08/12 15:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2010/08/12 15:05:19 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/08/12 14:49:08 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\ccsetup234.exe
[2010/08/12 14:49:08 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2010/08/12 14:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/08/11 23:49:52 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 23:49:44 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 23:49:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/11 23:49:43 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 23:49:43 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/08/11 23:49:43 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/11 23:49:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/11 23:49:43 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/08/11 23:49:42 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/11 23:49:42 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/11 23:49:41 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/11 23:49:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 23:49:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 23:49:41 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/11 23:49:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/11 23:49:41 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/08/11 23:49:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/11 23:49:41 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/08/11 23:49:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/11 23:49:41 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/11 23:49:41 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/11 23:49:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/11 23:49:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 23:48:49 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 23:48:22 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 23:48:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 23:48:16 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/03 08:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/08/02 08:41:21 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\GlarySoft
[2010/08/02 08:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Registry Repair
[2010/07/30 21:18:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/07/30 21:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/07/26 11:48:54 | 000,286,720 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun506.exe
[2010/07/26 11:48:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3 File Editor
[2010/07/26 11:40:18 | 000,348,160 | ---- | C] (DevPower Development Tools) -- C:\Windows\SysWow64\FlatBtn6.ocx
[2010/07/26 11:40:17 | 000,348,160 | ---- | C] (DGP) -- C:\Windows\SysWow64\MEnc.ocx
[2010/07/26 11:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WAV to MP3 Encoder
[2009/07/10 12:53:32 | 069,641,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes64Setup.exe
========== Files - Modified Within 30 Days ==========
[2010/08/24 19:46:19 | 002,097,152 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT
[2010/08/24 19:45:25 | 000,002,423 | ---- | M] () -- C:\Users\Cindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/08/24 19:36:01 | 000,000,272 | ---- | M] () -- C:\Users\Cindy\Desktop\OTL.exe - Shortcut.lnk
[2010/08/24 19:32:52 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/24 19:27:16 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/24 19:26:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/24 12:04:57 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 12:04:57 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 08:29:09 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/24 08:29:09 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TM.blf
[2010/08/23 22:57:53 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/08/23 20:45:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/23 20:44:49 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 20:42:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/23 20:31:06 | 003,408,003 | -H-- | M] () -- C:\Users\Cindy\AppData\Local\IconCache.db
[2010/08/21 09:40:38 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2010/08/18 09:11:47 | 000,002,411 | ---- | M] () -- C:\Users\Cindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2010/08/17 19:10:59 | 000,000,945 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/17 19:10:52 | 000,000,746 | ---- | M] () -- C:\Users\Cindy\Desktop\ERUNT.lnk
[2010/08/17 17:55:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Cindy\Desktop\erunt-setup.exe
[2010/08/17 12:17:07 | 000,001,930 | ---- | M] () -- C:\Users\Cindy\Desktop\HijackThis.lnk
[2010/08/17 12:01:47 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\AVG Anti-Spyware.lnk
[2010/08/17 10:54:13 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/17 10:54:13 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/17 10:54:13 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/16 10:33:24 | 000,007,168 | ---- | M] () -- C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/16 08:59:00 | 000,525,824 | ---- | M] () -- C:\Users\Cindy\Desktop\dds.com
[2010/08/16 08:59:00 | 000,525,824 | ---- | M] () -- C:\dds.com
[2010/08/14 20:35:58 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/14 19:46:42 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 19:46:42 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TM.blf
[2010/08/14 18:13:20 | 000,000,036 | ---- | M] () -- C:\Users\Cindy\AppData\Local\housecall.guid.cache
[2010/08/12 13:36:38 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\ccsetup234.exe
[2010/08/12 13:34:49 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2010/08/12 04:15:48 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 03:45:56 | 000,445,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/12 03:40:18 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 03:40:18 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TM.blf
[2010/08/12 03:16:01 | 000,000,295 | ---- | M] () -- C:\Windows\win.ini
[2010/08/10 11:06:14 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/08 13:39:35 | 000,137,504 | ---- | M] () -- C:\Users\Cindy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/04 21:00:42 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\qullnmj.dll
[2010/08/04 08:25:28 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/08/04 08:21:26 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{fbdd9b78-9581-11df-bf45-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/04 08:21:26 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{fbdd9b78-9581-11df-bf45-00235a32a429}.TM.blf
[2010/08/02 08:41:23 | 000,000,854 | ---- | M] () -- C:\Users\Cindy\Desktop\Glary Registry Repair.lnk
[2010/08/02 08:29:08 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\Class15
[2010/08/02 08:29:08 | 000,000,005 | ---- | M] () -- C:\Windows\SysWow64\Band4
[2010/07/26 11:48:44 | 000,286,720 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun506.exe
========== Files Created - No Company Name ==========
[2010/08/24 19:36:01 | 000,000,272 | ---- | C] () -- C:\Users\Cindy\Desktop\OTL.exe - Shortcut.lnk
[2010/08/17 19:13:50 | 000,525,824 | ---- | C] () -- C:\Users\Cindy\Desktop\dds.com
[2010/08/17 19:10:59 | 000,000,945 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/17 19:10:52 | 000,000,746 | ---- | C] () -- C:\Users\Cindy\Desktop\ERUNT.lnk
[2010/08/17 15:38:10 | 4024,262,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/17 12:06:55 | 000,001,930 | ---- | C] () -- C:\Users\Cindy\Desktop\HijackThis.lnk
[2010/08/17 12:01:47 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\AVG Anti-Spyware.lnk
[2010/08/17 10:53:41 | 000,525,824 | ---- | C] () -- C:\dds.com
[2010/08/14 20:35:57 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/14 20:35:57 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 20:35:57 | 000,065,536 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TM.blf
[2010/08/14 18:13:20 | 000,000,036 | ---- | C] () -- C:\Users\Cindy\AppData\Local\housecall.guid.cache
[2010/08/12 04:15:47 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 04:15:47 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 04:15:47 | 000,065,536 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TM.blf
[2010/08/10 11:06:14 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/04 21:00:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\qullnmj.dll
[2010/08/04 08:25:28 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/08/04 08:25:27 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/08/04 08:25:27 | 000,065,536 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TM.blf
[2010/08/02 08:41:23 | 000,000,854 | ---- | C] () -- C:\Users\Cindy\Desktop\Glary Registry Repair.lnk
[2010/08/02 08:29:08 | 000,000,007 | ---- | C] () -- C:\Windows\SysWow64\Class15
[2010/08/02 08:29:08 | 000,000,005 | ---- | C] () -- C:\Windows\SysWow64\Band4
[2010/07/30 08:10:43 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/07/02 20:42:24 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/24 06:07:19 | 000,010,554 | ---- | C] () -- C:\Users\Cindy\AppData\Local\dd_vcredistUI7F0A.txt
[2010/06/24 06:07:11 | 000,433,684 | ---- | C] () -- C:\Users\Cindy\AppData\Local\dd_vcredistMSI7EF0.txt
[2010/06/24 06:07:09 | 000,011,414 | ---- | C] () -- C:\Users\Cindy\AppData\Local\dd_vcredistUI7EF0.txt
[2010/04/09 08:30:26 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/04/09 08:30:25 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/04/01 22:07:44 | 000,076,407 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\Smiley.ico
[2010/02/01 09:00:00 | 000,003,840 | ---- | C] () -- C:\Windows\SysWow64\drivers\BANTExt.sys
[2009/12/25 19:32:51 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2009/09/23 19:01:50 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 19:00:28 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 17:09:35 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2009/07/14 14:35:38 | 000,152,368 | ---- | C] () -- C:\Windows\SysWow64\WIN2PDFS.DLL
[2009/07/14 14:35:37 | 000,000,002 | ---- | C] () -- C:\Windows\1way.ini
[2009/07/10 12:52:16 | 013,727,048 | ---- | C] () -- C:\Program Files\winzip121.exe
[2009/06/09 11:35:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/13 14:28:32 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/05/13 14:27:03 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/05/13 14:22:09 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/04/27 22:28:33 | 000,003,146 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/04/24 15:43:34 | 000,007,168 | ---- | C] () -- C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/24 13:45:39 | 000,000,680 | ---- | C] () -- C:\Users\Cindy\AppData\Local\d3d9caps.dat
[2009/04/20 17:27:48 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/04/19 16:45:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/04 12:46:40 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\AppData\Local\QSwitch.txt
[2009/04/04 12:46:40 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\AppData\Local\DSwitch.txt
[2009/04/04 12:46:40 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\AppData\Local\AtStart.txt
[2009/04/04 12:46:39 | 000,020,635 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/03/05 03:07:29 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/03/05 03:07:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/03/05 03:06:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/03/05 03:05:55 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/03/05 03:03:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/01/20 01:45:49 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/01/20 01:36:56 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/01/20 01:34:18 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/01/20 01:32:19 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2000/02/24 01:03:04 | 000,061,502 | ---- | C] () -- C:\Windows\SysWow64\ODBCMON.DLL
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/08/15 13:24:58 | 000,007,185 | ---- | M] () -- C:\aaw7boot.log
[2010/08/17 19:17:47 | 000,025,627 | ---- | M] () -- C:\Attach.txt
[2010/08/17 11:15:36 | 000,025,379 | ---- | M] () -- C:\Attach_Cindy_PC.txt
[2010/07/11 18:17:48 | 000,208,008 | ---- | M] (Big Fish Games) -- C:\bigfishgames_p77562547_s1_l1.exe
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/08/12 13:36:38 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\ccsetup234.exe
[2010/08/16 08:59:00 | 000,525,824 | ---- | M] () -- C:\dds.com
[2010/08/17 19:17:57 | 000,034,445 | ---- | M] () -- C:\DDS.txt
[2010/08/17 11:15:10 | 000,033,279 | ---- | M] () -- C:\DDS_Cindy_PC.txt
[2010/08/23 20:44:49 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/12 13:34:49 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2006/12/02 03:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/08/23 20:44:47 | 042,881,023 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/10 10:41:38 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 17:35:48 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008/01/20 23:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:24051EFF
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:C5E4F943
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:3B4DA230
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:AD7183FA
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:E51234A9
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:85C3B823
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:E1D6C864
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:A1D3FEF0
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:1BFE92CC
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:D667795F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:99671BE2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7B2BB690
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:BE40C8A2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:FD34FE88
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:2EF63291
< End of report >
Woodworker44
2010-08-25, 03:14
OTL Extras logfile created on: 8/24/2010 7:46:08 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = H:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.80 Gb Total Space | 9.05 Gb Free Space | 4.12% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 227.10 Gb Free Space | 97.52% Space Free | Partition Type: NTFS
Drive E: | 13.08 Gb Total Space | 2.04 Gb Free Space | 15.57% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 967.22 Mb Total Space | 800.28 Mb Free Space | 82.74% Space Free | Partition Type: FAT
Drive I: | 931.28 Gb Total Space | 556.14 Gb Free Space | 59.72% Space Free | Partition Type: FAT32
Computer Name: CINDY-PC
Current User Name: Cindy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 27 A2 AF 91 BC 49 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C8FC14-450A-4DD9-AFB3-CFC67C6C5B0A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{272FD7E1-9A61-4DA3-8852-2A8EB34A2C3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3422AA51-8196-4ECC-8831-EECDF8F2D727}" = lport=139 | protocol=6 | dir=in | app=system |
"{34E133B7-59EF-4B8A-A6F6-98C2739F0BD3}" = rport=139 | protocol=6 | dir=out | app=system |
"{411D8B49-C4AA-4803-BEBB-E22097A3369A}" = lport=138 | protocol=17 | dir=in | app=system |
"{5C11CCF3-399F-41F2-8EE1-31A3B8B2C92B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5DE914D1-668B-43E3-99DA-FB50B853CB40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{609F0F28-A61F-4AF7-B4C6-6638E409D94B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{725F95CB-B7C6-4711-9DB3-23798333D825}" = lport=137 | protocol=17 | dir=in | app=system |
"{893E3F8B-035A-4940-A1B7-69028F439FCE}" = rport=138 | protocol=17 | dir=out | app=system |
"{9D181C53-0FD7-4545-BB02-74B02D66A79A}" = rport=137 | protocol=17 | dir=out | app=system |
"{D5970321-A0F4-488F-9385-4CF9962BEC00}" = rport=445 | protocol=6 | dir=out | app=system |
"{DC415AEA-29E9-4276-BCF7-AA3DC5AA1E36}" = lport=445 | protocol=6 | dir=in | app=system |
"{F2A80D1F-47A2-4A27-863C-6B9B50E46EEE}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0825925C-0920-47F7-9311-A84659458763}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{15160731-787A-496D-A33B-7BCC85C0F4C3}" = protocol=6 | dir=out | app=system |
"{1D5A5AFF-604B-41BC-ABB0-5B7FC9BD0B5D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{21018EE4-3FAC-40C5-A5C2-35D3A3BBD745}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
"{217BAAC0-3E13-4839-823D-675EAE567F45}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{23E8FC8C-3A8B-44DB-9ED6-A4E4663ED82B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{27E51CC7-31E8-4103-8588-C4AC95710870}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{281FD4DA-89A8-4DE4-952C-F9650FBF7FC7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2D4CF3A1-97C7-4830-B216-A12BB3A9814E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{472307A7-3408-444C-A983-F89D6F2CFA3C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{4B49EC41-6E22-4889-B3EA-C5D89607F60E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{521128D9-042C-43AF-837D-58782553B5D1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{5F7825C6-235F-4671-B064-F372CC33A0ED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5F91A188-8384-407A-89D0-7CAFC3C0A560}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{64A5F1DD-201E-40F8-8AC1-D4D7C2A2B0C3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7503C1E4-730C-462D-9127-F9CC253948E6}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
"{7C3E9E70-F6DA-48B2-8B4E-4D3275A7E6FA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{7C9EF56D-AF2E-438A-A312-283AC6F908D5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{83647325-C22B-4190-B815-35A06A96D940}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{933E2F1A-8CC5-447F-BFD9-F64566DE6046}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9AA72662-B1B7-4FFA-A808-7B15D1978541}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
"{A404CF99-D4F4-4019-B700-EF9A4E6E52E8}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
"{ACAFE62E-6708-4F46-BBF8-8CA1EFAA9E83}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{BEFC3B87-EBFE-467B-A08D-814156493D76}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BF532C29-80C5-4796-9AA1-8DECB434A1DB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{BFBFE4EA-DAAF-44EB-B762-C2F166198D57}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{CC953F42-3359-4D58-8390-C173BD801189}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{D2B97BAE-D156-48AB-8DC0-4592967EF893}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{E083387E-D006-4271-82F8-D5CBC3E9009E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{E3FF101D-1262-43B3-A7D7-B0E9C9C5DBB3}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F1F499F6-D63E-4714-A9BE-1921AF08CC6D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{FD129EDA-B95C-4D6A-8FE0-2846CC8A39A6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"TCP Query User{4BAA50F9-338F-4F25-A674-4B483360701A}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{6FD7CB83-F94A-4A64-9383-454413AD9E3A}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64
"{239A8D60-270B-42e8-82D3-60D70A2942E0}" = Canon MF4100 Series
"{2B8AD1EE-28D4-42FF-AE4B-856E5862D583}" = ccCommon64
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
"{A416E9AE-DCA7-4B55-AA17-40FA9EDDD54F}" = SymNet x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B87BB2A8-5921-9B18-BBB5-D9A42F9CD3E1}" = ccc-utility64
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{BD927EB7-78D3-4DC4-9325-7CBD89D8F0E5}" = GearDrvs
"{C6CFAF5A-12F9-485E-EAD7-7FA1D3E5B943}" = ATI Catalyst Install Manager
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D75B1A1F-BBEC-4DF2-ACE4-9B166438A621}" = Symantec Real Time Storage Protection Component (x64)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Win2PDF_is1" = Win2PDF 3.40.1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002471C5-6F62-D6CD-D6E5-A0F20F079B8B}" = Catalyst Control Center Localization Polish
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03819281-0870-65EE-24B0-A7DEDE9F796A}" = Catalyst Control Center Localization Chinese Traditional
"{04F66470-CEA7-BF9A-1885-8E1A3474825A}" = CCC Help Danish
"{08062F2F-926A-D7EC-57E9-AB97AA0D7FDA}" = CCC Help Finnish
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{0BF16321-63EC-8ABE-8720-60A63BFF4A17}" = Zinio Reader 4
"{0CAB8CDF-232E-F28F-A017-B388F41FACCB}" = CCC Help Portuguese
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{150FE68F-EE0C-4867-150A-D74FECBB8448}" = Catalyst Control Center Graphics Light
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{2680244D-0FBA-4856-EBE3-9D67E61EB46F}" = Catalyst Control Center Localization Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2BDFE775-48C0-3E1C-895C-DACC33CC52F0}" = Catalyst Control Center Localization Greek
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DAD2930-DFC1-AD0F-E63D-B3E95451CD68}" = CCC Help Greek
"{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}" = Microsoft Project 2000
"{2F59397E-50B1-3CA6-2F8C-03773D40BE3B}" = Catalyst Control Center Graphics Full New
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{35CC44E6-5916-89DC-16B6-7ADE609211CE}" = Catalyst Control Center Localization Finnish
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3A9C19FE-D61C-50DA-6FAF-7FB941B538A0}" = Catalyst Control Center Localization French
"{3BAB23A6-5272-F52D-1AF0-29419F1362B4}" = Catalyst Control Center Localization Italian
"{3BDDF462-8A95-4C50-86DA-4D41F3483EA5}" = Canon MF Toolbox 4.9.1.1.mf04
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{445F6483-40DC-61B5-849D-35274D96DBA3}" = Catalyst Control Center Localization Czech
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A239818-F5F7-7AE8-9FD3-08F435ED88D0}" = Skins
"{4C17CE6E-4838-819F-01BE-7EEE6181914A}" = Catalyst Control Center Localization Norwegian
"{4C4EA31F-AE29-2517-5E92-3EFB1FD7B896}" = CCC Help Hungarian
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe 5
"{527CF1CA-D98B-504D-833B-69DA9A8A5AD6}" = CCC Help Czech
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5B99A0A7-0B21-2CD6-474D-8D67177BD4D6}" = Catalyst Control Center Localization Dutch
"{5CFE0191-1ECE-7BD5-8AEF-069ED59A01BB}" = Catalyst Control Center Localization Korean
"{61CC67B1-6FE9-433F-93B2-32D2BCC76990}" = TurboCAD Professional 16
"{6244BAF3-F26D-A695-1EF6-D9A3C0A6DAA1}" = Catalyst Control Center Graphics Previews Common
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{6570A194-A52D-9F23-EA48-90D7C6F20BE9}" = Catalyst Control Center Localization Swedish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{666F0B45-78DA-FAA3-AB14-43CAEEA3D475}" = Catalyst Control Center Localization Russian
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66B6555E-07BF-3FCB-191F-BCD75650F1F2}" = CCC Help Italian
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67F6A6BA-E225-4BF5-8E7C-BB4AE25EDCBC}" = Catalyst Control Center InstallProxy
"{69E1907C-E9EA-7A5A-79ED-47FF2B5BFDFB}" = Catalyst Control Center Localization Danish
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{75D0438A-55FB-DD38-0745-5D370179CAC7}" = CCC Help French
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793C0C7E-7977-C9B5-B427-FDF95F2D1636}" = Catalyst Control Center Localization Hungarian
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{7CA1269D-86E6-91A8-DD66-9CF6838821BF}" = Catalyst Control Center Localization Portuguese
"{812C53D9-39EC-0511-04E4-5430A4747FB5}" = CCC Help German
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{93656878-FF8B-4935-99BB-F3F260037C57}" = Lara Croft Tomb Raider: The Angel Of Darkness
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A1940302-F0F9-132F-C521-A5D0E24FAC1D}" = CCC Help Thai
"{A2315CF8-E14F-FA46-B1F1-20E0E5483ADB}" = Catalyst Control Center Localization Thai
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A8411EDB-6A00-8D1A-584B-7A932F44A0C9}" = CCC Help Japanese
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5CD4CF-3802-623E-AD97-D188785EF411}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B9275904-9237-94A3-2144-E3D6A62B57E9}" = CCC Help Turkish
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C48EB957-0CCB-D590-AB3F-B3F8A14ECC2F}" = Catalyst Control Center Graphics Full Existing
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CBA7FD59-19A7-5724-5646-CF307326CC18}" = Catalyst Control Center Core Implementation
"{CC7A4274-E6F2-2351-DA6A-07AB73896609}" = CCC Help Norwegian
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CD7D2C01-F3C8-4127-325D-49853FCCDB62}" = Catalyst Control Center Localization German
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1E7EA15-5F96-728C-AF32-E1CFF8F9CE44}" = CCC Help Swedish
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D47419B2-62BD-6B53-A96F-7E2F6F3D50C0}" = Catalyst Control Center Localization Turkish
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D62C79B5-44E0-DEC0-AF01-6A1404E093E9}" = CCC Help Spanish
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E12F2B78-CF64-2438-391F-3D3411A6E193}" = CCC Help English
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E5C3A144-0F9B-8F3E-F1A3-2BB7B26014A6}" = ccc-core-static
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E7B100D8-98A5-42AA-830F-16D6BD5351F1}" = My.Freeze.com NetAssistant
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8B11A27-5CA6-748E-0F68-159CCF789DF3}" = CCC Help Dutch
"{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED65A382-3F80-D5A8-CCE0-DAB59D85CA91}" = CCC Help Russian
"{EDBB71B2-3C17-4EA5-ED91-E2EA5C2305CF}" = CCC Help Korean
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F250EA7A-F117-2CCE-03E7-BB62C2BF476C}" = Catalyst Control Center Graphics Previews Vista
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F38CC586-4703-CE3C-F466-D7821E87926A}" = Catalyst Control Center Localization Chinese Standard
"{F62F62BD-E5C5-56E3-6CF6-00407B743E32}" = CCC Help Chinese Traditional
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FAF7448B-7AB8-8C58-745E-1551CB481C3D}" = CCC Help Chinese Standard
"{FDE3DBB7-AA79-AA91-ABE9-3696883FAB20}" = Catalyst Control Center Localization Japanese
"{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.1
"ASIO4ALL" = ASIO4ALL
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"Belarc Advisor 2.0" = Belarc Advisor 7.0
"BFG-Atlantis" = Atlantis (remove only)
"BFG-Atlantis Sky Patrol" = Atlantis Sky Patrol™
"BFGC" = Big Fish Games: Game Manager
"BFG-Hidden Expedition - Amazon" = Hidden Expedition: Amazon ™
"BFG-Hidden Expedition - Devils Triangle" = Hidden Expedition ® - Devil's Triangle
"BFG-Hidden Expedition - Devil's Triangle Strategy Guide" = Hidden Expedition ® : Devil's Triangle Strategy Guide
"BFG-Hidden Expedition - Titanic" = Hidden Expedition: Titanic ™
"BFG-Hidden Wonders of the Depths 2" = Hidden Wonders of the Depths 2
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files ®: Dire Grove ™
"BFG-Mystery Case Files - Return to Ravenhearst" = Mystery Case Files: Return to Ravenhearst ™
"BFG-PuppetShow - Souls of the Innocent" = PuppetShow: Souls of the Innocent
"BFG-Zuma Deluxe" = Zuma Deluxe
"BitTorrent" = BitTorrent
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Das Unit Converter_is1" = Das Unit Converter 5.01
"DVD Shrink_is1" = DVD Shrink 3.2
"EA Download Manager" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow
"File Recover_is1" = File Recover 7.5
"FL Studio 9" = FL Studio 9
"Glary Registry Repair_is1" = Glary Registry Repair 3.3.0.852
"Google Chrome" = Google Chrome
"Hidden Expedition Titanic" = Hidden Expedition Titanic (remove only)
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
"IL Download Manager" = IL Download Manager
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{93656878-FF8B-4935-99BB-F3F260037C57}" = Lara Croft Tomb Raider: The Angel Of Darkness
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"iWinArcade" = iWin Games (remove only)
"Jewel Quest: Heritage" = Jewel Quest: Heritage (remove only)
"jZip" = jZip
"LP Recorder" = LP Recorder
"LP Ripper" = LP Ripper
"Luxor" = Luxor (remove only)
"Luxor AR" = Luxor Amun Rising (remove only)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MailNavigator v.1.11" = MailNavigator v.1.11
"MDI2PDF Converter_is1" = MDI2PDF 2.6
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"mp3-2-wav" = mp3-2-wav converter 1.14
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"N360" = Norton 360
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Picasa 3" = Picasa 3
"PoiZone" = PoiZone
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Sawer" = Sawer
"ShockwaveFlash" = Macromedia Flash Player 8
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VLC media player 0.9.9
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"Wave Corrector DeClick_is1" = Wave Corrector DeClick version 1.1
"WildTangent hp Master Uninstall" = My HP Games
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zuma's Revenge!" = Zuma's Revenge!
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Vacation Countdown v1" = Vacation_Countdown
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/23/2010 8:47:54 PM | Computer Name = Cindy-PC | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031
Description =
Error - 8/23/2010 8:49:55 PM | Computer Name = Cindy-PC | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031
Description =
Error - 8/23/2010 10:57:58 PM | Computer Name = Cindy-PC | Source = Google Update | ID = 20
Description =
Error - 8/24/2010 8:05:23 AM | Computer Name = Cindy-PC | Source = Google Update | ID = 20
Description =
Error - 8/24/2010 8:13:05 AM | Computer Name = Cindy-PC | Source = Google Update | ID = 20
Description =
Error - 8/24/2010 9:13:05 AM | Computer Name = Cindy-PC | Source = Google Update | ID = 20
Description =
Error - 8/24/2010 10:13:05 AM | Computer Name = Cindy-PC | Source = Google Update | ID = 20
Description =
Error - 8/24/2010 11:52:00 AM | Computer Name = Cindy-PC | Source = Google Update | ID = 20
Description =
Error - 8/24/2010 7:27:16 PM | Computer Name = Cindy-PC | Source = Google Update | ID = 20
Description =
Error - 8/24/2010 7:45:15 PM | Computer Name = Cindy-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.10.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 15f8 Start Time: 01cb43e5689cc760 Termination Time: 0
[ System Events ]
Error - 8/23/2010 8:46:33 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 8/23/2010 8:46:35 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 8/23/2010 8:47:54 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 8/23/2010 8:48:43 PM | Computer Name = Cindy-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0028)
disappeared from the system without first being prepared for removal.
Error - 8/23/2010 8:48:43 PM | Computer Name = Cindy-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0228)
disappeared from the system without first being prepared for removal.
Error - 8/23/2010 8:48:43 PM | Computer Name = Cindy-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0328)
disappeared from the system without first being prepared for removal.
Error - 8/23/2010 8:48:43 PM | Computer Name = Cindy-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0428)
disappeared from the system without first being prepared for removal.
Error - 8/23/2010 8:49:55 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 8/24/2010 7:35:41 PM | Computer Name = Cindy-PC | Source = DCOM | ID = 10005
Description =
Error - 8/24/2010 7:35:41 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
Thank you,
Joe
Hi Joe,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
BitTorrent
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).
After that:
1. Click on Start button.
2. Type Cmd in the Start Search text box.
3. Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator. Allow elevation request.
4. Type netsh winsock reset in the Command Prompt shell, and then press the Enter key.
5. Restart the computer.
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Please post contents of that file + fresh OTL.txt contents in your next reply.
Woodworker44
2010-08-25, 17:53
Blade81,
How do I go about installing the update from version 4052 to 4475 on my flash drive? I use the browser on a desktop and then transfer the files to my laptop via a flash drive. It states that updates were installed but then when I check on the laptop, it shows the older 4052 version.
Joe
Woodworker44
2010-08-25, 18:09
I removed BitTorrent via Control Panel Add/Remove/Uninstall Program a second time.
Rebooted.
cmd.exe => entered "netsh winsock reset" and got response "The system cannot find the file specified."
What now?
Hi,
Does this command work: Netsh int ip reset resetlog.txt?
Woodworker44
2010-08-25, 20:59
RESULTS:
"Resetting Echo Request, failed.
Access is denied.
Resetting Interface, OK.
A reboot is required to complete this action."
Rebooted.
Ran Malwarebytes Anti-Malware without the updated database. No infections or malicious items detected.
Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the quote box into a new file:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
ping -n 2 google.com
route print
)
start Log1.txt
del %0
Go to the File menu at the top of the Notepad and select Save as.
Select save in: desktop
Fill in File name: test.bat
Save as type: All file types (*.*)
Click save.
Close the Notepad.
Locate and double-click test.bat on the desktop.
A notepad opens, copy and paste the content it (log1.txt) to your reply.
Woodworker44
2010-08-26, 00:34
Windows IP Configuration
Host Name . . . . . . . . . . . . : Cindy-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5009 802.11a/g/n WiFi Adapter
Physical Address. . . . . . . . . : 00-23-4E-78-ED-47
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4cd9:d1fd:1f40:3abe%11(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.58.190(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 234890062
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-41-1F-FF-00-23-4E-78-ED-47
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-23-5A-32-A4-29
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 15:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{50BFC0D6-FC53-4C29-9D7C-56042F8FE96D}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 16:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{99ED3094-1223-478A-AD43-14EF7753D436}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1
Ping request could not find host google.com. Please check the name and try again.
===========================================================================
Interface List
11 ...00 23 4e 78 ed 47 ...... Atheros AR5009 802.11a/g/n WiFi Adapter
10 ...00 23 5a 32 a4 29 ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
21 ...00 00 00 00 00 00 00 e0 isatap.{50BFC0D6-FC53-4C29-9D7C-56042F8FE96D}
12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
22 ...00 00 00 00 00 00 00 e0 isatap.{99ED3094-1223-478A-AD43-14EF7753D436}
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.58.190 281
169.254.58.190 255.255.255.255 On-link 169.254.58.190 281
169.254.255.255 255.255.255.255 On-link 169.254.58.190 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.58.190 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.58.190 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::4cd9:d1fd:1f40:3abe/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Hi,
You seem to have WLAN adapter in use. Have you tried to connect with wired ethernet connection instead?
Woodworker44
2010-08-26, 15:38
Good afternoon
Yes, I tried a hard wire Ethernet connection directly to the router/switch. Same results: "Server Not Found".
Hi,
Let's try to get your wired connection working first since it usually has less adjustments to make than wireless connection has.
Open Internet explorer and do the following steps there:
1. Click tools->internet options
2. click on connections and then LAN settings. Make sure there are no proxy settings ticked at all.
When verified click start->type ncpa.cpl and hit enter to open network connections
Let's disable wireless adapter first: right click Wireless Network Connection and select disable.
When done, right click Local Area Connection and select properties.
Double click Internet Protocol Version 6 and verify that both have option to obtain address automatically selected and click ok. Repeat with Internet Protocol Version 4.
When both have correct options click Ok on Local Area Connection properties window.
See if you're able to access internet after that.
If not repeat steps in post #11 (http://forums.spybot.info/showpost.php?p=381727&postcount=11). Make sure to right click test.bat file and select run as administrator option.
Woodworker44
2010-08-27, 00:01
In IE\Tools\Internet Options\Connections\LAN Settings: Proxies NOT ticked and automatically detect settings checked.
Have already run every Windows Networking diagnostic I could find on my laptop and online via the Windows Help Desk.
Ran "ncpa.cpl". Turned off wireless on laptop. Plugged in hard wired cable.
All IPV4 and IPV6 set to automatic.
No connection to Internet.
Here is the Log1a.txt.
----------------------------
Windows IP Configuration
Host Name . . . . . . . . . . . . : Cindy-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-23-5A-32-A4-29
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 15:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{50BFC0D6-FC53-4C29-9D7C-56042F8FE96D}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host google.com. Please check the name and try again.
===========================================================================
Interface List
10 ...00 23 5a 32 a4 29 ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
21 ...00 00 00 00 00 00 00 e0 isatap.{50BFC0D6-FC53-4C29-9D7C-56042F8FE96D}
12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Hi,
Let's try earlier command again.
Click Start->All Programs->Accessories, right-click Command Prompt, and then click Run as administrator.
In command prompt type: netsh winsock reset
Reboot if successful.
If not successful, go to device manager and look for Realtek RTL8102E Family PCI-E Fast Ethernet NIC. Right click it and choose uninstall. Then reboot. Windows should detect new device automatically. Follow steps given to reinstall the NIC.
Woodworker44
2010-08-27, 14:14
Competed as requested.
I am sorry but still have no connection to the Internet.
I remember uninstalling the NIC previously.
Hi,
Did it give you same error as earlier when you ran that netsh winsock reset command?
Does the system have any other user accounts? Please try to log in with a different account (create a new one if current one is the only existing account) and see if connection problem happens on that.
Woodworker44
2010-08-28, 14:24
Good afternoon.
Good news. There was no error with cmd => netsh winsock reset.
Results: "Successfully reset the Winsock catalog. You must restart the computer in order to complete the reset."
Tried to initiate an Internet connection with both user accounts (one is administrator account) with all four browsers. Same result: No server found.
A window also popped up this morning.
"IDT PC Audio stopped working and was closed. problem caused the application to stop working correctly. Windows will notify you when a solution is available."
There is no sound from my PC speakers or output jack even after reboot.
I have been doing a lot of investigation between our messages. Some of my findings from yesterday are attached in the Word doc titled Findings Aug 27.
Hi,
I have been doing a lot of investigation between our messages. Some of my findings from yesterday are attached in the Word doc titled Findings Aug 27.
I didn't see any files attached in your previous post.
Anyway, please run dds again and post back dds.txt report. Also, please do this:
Please download MBRCheck (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log in your reply.
Woodworker44
2010-08-28, 15:00
Hi,
I know what happened. The file didn't go through because it was an invalid format. It's not very big. I saved as text file in Notepad and it's attached.
I'll post the results of the MBRCheck as soon as I get it loaded and completed.
Joe
Woodworker44
2010-08-28, 15:23
Hi,
Included below are the DDS and MBRCheck logs. Also attached is the DDS file "Attach_Aug 28.txt".
Thanks,
Joe
=======================================================
DDS (Ver_10-03-17.01) - NTFSX64
Run by Cindy at 8:11:02.30 on Sat 08/28/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1883 [GMT -4:00]
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Cindy\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.aol.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~2\common~1\symant~1\ids\IPSBHO.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files (x86)\iwin games\iWinGamesHookIE.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: ~NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files (x86)\freeze.com\my.freeze.com netassistant\NetAssistant.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [UCam_Menu] "c:\program files (x86)\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
mRun: [UpdateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files (x86)\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UpdateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files (x86)\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files (x86)\norton 360\osCheck.exe"
mRun: [SSBkgdUpdate] "c:\program files (x86)\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files (x86)\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [TSMAgent] "c:\program files (x86)\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [DVDAgent] "c:\program files (x86)\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: c:\users\cindy\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program files (x86)\hewlett-packard\digital imaging\bin\hpotdd01.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Zuma/Images/stg_drm.ocx
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Zuma/Images/armhelper.ocx
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files (x86)\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB-X64: {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [WrtMon.exe] c:\windows\system32\spool\drivers\x64\3\WrtMon.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
================= FIREFOX ===================
FF - ProfilePath - c:\users\cindy\appdata\roaming\mozilla\firefox\profiles\1xsqmwgx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\cindy\appdata\roaming\mozilla\firefox\profiles\1xsqmwgx.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
FF - component: c:\users\cindy\appdata\roaming\mozilla\firefox\profiles\1xsqmwgx.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPcol308.dll
FF - plugin: c:\program files (x86)\picasa2\npPicasa3.dll
FF - plugin: c:\programdata\realarcade\npraclient.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {A92ADD4B-1A47-402A-8BE6-2447A0923EE0} - c:\windows\system32\config\systemprofile\appdata\local\{A92ADD4B-1A47-402A-8BE6-2447A0923EE0}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 IDSvia64;Symantec Intrusion Prevention Driver;c:\progra~3\symantec\defini~1\symcdata\ipsdefs\20100810.001\IDSvia64.sys [2010-8-13 386096]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/08/01 08:51:26];c:\program files (x86)\hewlett-packard\media\dvd\000.fcl [2009-8-1 146928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_bd5387da\AESTSr64.exe [2009-3-5 89088]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 23040]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files (x86)\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\sminst\BLService.exe [2009-1-20 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2008-11-26 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2008-11-26 116096]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 60928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-1 132656]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 47664]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-4-4 26168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-15 135664]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iwin games\iwintrusted.exe --> c:\program files (x86)\iwin games\iWinTrusted.exe [?]
S2 StarWindServiceAE;StarWind AE Service;c:\program files (x86)\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S2 TCPIP Pass-through Filter;TCPIP Pass-through Filter;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 27648]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-4-5 25424]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-1-20 222512]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-21 145496]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files (x86)\common files\surething shared\stllssvr.exe [2010-4-2 74392]
S3 Symantec Core LC;Symantec Core LC;c:\progra~2\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-4-4 1245064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-23 89920]
============== File Associations ===============
JSEFile=c:\windows\syswow64\WScript.exe "%1" %*
=============== Created Last 30 ================
2010-08-25 14:47:56 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-17 16:01:23 0 d-----w- c:\programdata\Grisoft
2010-08-17 14:53:41 525824 ----a-w- C:\dds.com
2010-08-15 00:35:57 65536 --sha-w- c:\users\cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TM.blf
2010-08-15 00:35:57 524288 --sha-w- c:\users\cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
2010-08-15 00:35:57 524288 --sha-w- c:\users\cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
2010-08-12 19:25:47 0 d-----w- c:\users\cindy\appdata\roaming\SurfSecret Privacy Suite
2010-08-12 19:23:48 0 d-----w- c:\programdata\Panda Security
2010-08-12 18:49:08 812344 ----a-w- C:\HJTInstall.exe
2010-08-12 18:49:08 3420304 ----a-w- C:\ccsetup234.exe
2010-08-12 18:14:33 0 d-----w- c:\program files (x86)\Trend Micro
2010-08-12 08:15:47 65536 --sha-w- c:\users\cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TM.blf
2010-08-12 08:15:47 524288 --sha-w- c:\users\cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
2010-08-12 08:15:47 524288 --sha-w- c:\users\cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
2010-08-12 03:48:58 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 03:48:58 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 03:48:55 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 03:48:49 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-12 03:48:22 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 03:48:22 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-12 03:48:16 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 03:47:49 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 03:47:48 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-12 03:45:28 274944 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-12 03:45:27 343040 ----a-w- c:\windows\system32\schannel.dll
2010-08-05 01:00:42 8192 ----a-w- c:\windows\syswow64\qullnmj.dll
2010-08-04 12:25:28 524288 --sha-w- c:\users\cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
2010-08-04 12:25:27 65536 --sha-w- c:\users\cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TM.blf
2010-08-04 12:25:27 524288 --sha-w- c:\users\cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
2010-08-03 12:58:28 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-03 12:41:46 0 d-----w- c:\programdata\WindowsSearch
2010-08-02 12:41:21 0 d-----w- c:\users\cindy\appdata\roaming\GlarySoft
2010-08-02 12:29:08 7 ----a-w- c:\windows\syswow64\Class15
2010-08-02 12:29:08 5 ----a-w- c:\windows\syswow64\Band4
2010-07-31 01:01:55 0 d-----w- c:\programdata\Update
==================== Find3M ====================
2010-07-26 15:48:44 286720 ----a-w- c:\windows\iun506.exe
2010-07-17 13:38:19 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-17 13:38:19 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-17 13:38:18 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-11 22:17:48 208008 ----a-w- C:\bigfishgames_p77562547_s1_l1.exe
2010-06-30 13:11:04 1704 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-06-29 15:00:23 871408 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-11-03 12:45:30 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-10 16:38:52 13727048 ----a-w- c:\program files\winzip121.exe
2009-07-03 20:42:16 69641000 ----a-w- c:\program files\iTunes64Setup.exe
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-20 05:18:23 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 8:13:00.55 ===============
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv7 Notebook PC
Logical Drives Mask: 0x000000fc
Kernel Drivers (total 214):
0x0225B000 \SystemRoot\system32\ntoskrnl.exe
0x02215000 \SystemRoot\system32\hal.dll
0x00604000 \SystemRoot\system32\kdcom.dll
0x0060E000 \SystemRoot\system32\PSHED.dll
0x00622000 \SystemRoot\system32\CLFS.SYS
0x0067F000 \SystemRoot\system32\CI.dll
0x00809000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00A0F000 \SystemRoot\System32\Drivers\spas.sys
0x00B43000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00B4C000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00B7A000 \SystemRoot\system32\drivers\acpi.sys
0x00BD0000 \SystemRoot\system32\drivers\msisadrv.sys
0x008F1000 \SystemRoot\system32\drivers\pci.sys
0x00BDA000 \SystemRoot\system32\drivers\isapnp.sys
0x00921000 \SystemRoot\system32\drivers\mpio.sys
0x00BE3000 \SystemRoot\System32\drivers\partmgr.sys
0x00BF8000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00A00000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00943000 \SystemRoot\system32\drivers\volmgr.sys
0x00957000 \SystemRoot\System32\drivers\volmgrx.sys
0x009BD000 \SystemRoot\system32\drivers\intelide.sys
0x009C5000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009D5000 \SystemRoot\system32\drivers\pciide.sys
0x009DC000 \SystemRoot\system32\drivers\aliide.sys
0x009E3000 \SystemRoot\system32\drivers\amdide.sys
0x009EA000 \SystemRoot\system32\drivers\cmdide.sys
0x00731000 \SystemRoot\System32\drivers\mountmgr.sys
0x00744000 \SystemRoot\system32\drivers\msdsm.sys
0x00762000 \SystemRoot\system32\drivers\nvraid.sys
0x00785000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x009F2000 \SystemRoot\system32\drivers\viaide.sys
0x00C01000 \SystemRoot\system32\drivers\iastorv.sys
0x00CC8000 \SystemRoot\system32\drivers\atapi.sys
0x00CD0000 \SystemRoot\system32\drivers\ataport.SYS
0x00CF4000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x00D12000 \SystemRoot\system32\drivers\storport.sys
0x00D6F000 \SystemRoot\system32\drivers\msahci.sys
0x00D79000 \SystemRoot\system32\drivers\hpcisss.sys
0x00D87000 \SystemRoot\system32\drivers\adp94xx.sys
0x00E0B000 \SystemRoot\system32\drivers\adpahci.sys
0x00E61000 \SystemRoot\system32\drivers\adpu160m.sys
0x00E82000 \SystemRoot\system32\drivers\adpu320.sys
0x00EB1000 \SystemRoot\system32\drivers\djsvs.sys
0x00EC9000 \SystemRoot\system32\drivers\arc.sys
0x00EE2000 \SystemRoot\system32\drivers\arcsas.sys
0x00EFB000 \SystemRoot\system32\drivers\elxstor.sys
0x00F9E000 \SystemRoot\system32\drivers\i2omp.sys
0x00FA9000 \SystemRoot\system32\drivers\iirsp.sys
0x00FBA000 \SystemRoot\system32\drivers\iteatapi.sys
0x00FC7000 \SystemRoot\system32\drivers\iteraid.sys
0x00FD4000 \SystemRoot\system32\drivers\lsi_fc.sys
0x007B1000 \SystemRoot\system32\drivers\lsi_sas.sys
0x00FF2000 \SystemRoot\system32\drivers\megasas.sys
0x01005000 \SystemRoot\system32\drivers\megasr.sys
0x010CC000 \SystemRoot\system32\drivers\mraid35x.sys
0x010D9000 \SystemRoot\system32\drivers\nfrd960.sys
0x010E9000 \SystemRoot\system32\drivers\nvstor.sys
0x01200000 \SystemRoot\system32\drivers\ql2300.sys
0x01352000 \SystemRoot\system32\drivers\ql40xx.sys
0x013B0000 \SystemRoot\system32\drivers\sisraid2.sys
0x013BE000 \SystemRoot\system32\drivers\sisraid4.sys
0x013D4000 \SystemRoot\system32\drivers\symc8xx.sys
0x013E2000 \SystemRoot\system32\drivers\sym_hi.sys
0x013EF000 \SystemRoot\system32\drivers\sym_u3.sys
0x010F9000 \SystemRoot\system32\drivers\uliahci.sys
0x01142000 \SystemRoot\system32\drivers\ulsata.sys
0x01171000 \SystemRoot\system32\drivers\ulsata2.sys
0x011B3000 \SystemRoot\system32\drivers\vsmraid.sys
0x01405000 \SystemRoot\system32\drivers\fltmgr.sys
0x0144C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01460000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0160A000 \SystemRoot\system32\drivers\ndis.sys
0x014E7000 \SystemRoot\system32\drivers\msrpc.sys
0x01537000 \SystemRoot\system32\drivers\NETIO.SYS
0x0180A000 \SystemRoot\System32\drivers\tcpip.sys
0x01980000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A00000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01B80000 \SystemRoot\system32\drivers\wd.sys
0x01B88000 \SystemRoot\system32\drivers\volsnap.sys
0x01BCC000 \SystemRoot\System32\Drivers\spldr.sys
0x01BD4000 \SystemRoot\system32\drivers\sbp2port.sys
0x01BED000 \SystemRoot\System32\Drivers\mup.sys
0x019AC000 \SystemRoot\System32\drivers\ecache.sys
0x019D8000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x019E2000 \SystemRoot\system32\drivers\disk.sys
0x019F6000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x01800000 \SystemRoot\system32\drivers\crcdisk.sys
0x017F1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01600000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x01590000 \SystemRoot\system32\DRIVERS\processr.sys
0x12A00000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x130B3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x13196000 \SystemRoot\System32\drivers\watchdog.sys
0x13206000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x1340E000 \SystemRoot\system32\DRIVERS\athrx.sys
0x13531000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x1355C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x13578000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x13585000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x13590000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x135D6000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x135E0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x135E2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x1331A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x135F3000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x13400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x13330000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x13385000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x13391000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x13396000 \SystemRoot\System32\Drivers\a64e01d4.SYS
0x133D8000 \SystemRoot\system32\DRIVERS\enecir.sys
0x133F4000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x131A6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x131AF000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x131E8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x015A3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x015C6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x007CD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x015D2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x015E2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x011DA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x1360C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x1361F000 \SystemRoot\system32\DRIVERS\swenum.sys
0x13621000 \SystemRoot\system32\DRIVERS\ks.sys
0x13655000 \SystemRoot\system32\DRIVERS\circlass.sys
0x13666000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x13671000 \SystemRoot\system32\DRIVERS\umbus.sys
0x13681000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x136C9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x136DD000 \SystemRoot\system32\drivers\HdAudio.sys
0x13726000 \SystemRoot\system32\drivers\portcls.sys
0x13761000 \SystemRoot\system32\drivers\drmk.sys
0x13784000 \SystemRoot\system32\drivers\ksthunk.sys
0x14803000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x1487A000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x149B6000 \SystemRoot\system32\drivers\modem.sys
0x149C5000 \SystemRoot\system32\DRIVERS\hidir.sys
0x149D0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x149E2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x149EA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x149F5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x1378A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x13794000 \SystemRoot\System32\Drivers\Null.SYS
0x1379D000 \SystemRoot\System32\drivers\vga.sys
0x137AB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x137D0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x137D9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x137F5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x13600000 \SystemRoot\system32\drivers\rdpencdd.sys
0x131F5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x14A03000 \SystemRoot\System32\Drivers\Npfs.SYS
0x14A14000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x14A1D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x14A47000 \SystemRoot\system32\DRIVERS\tdx.sys
0x14A64000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x14AAD000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x14AE3000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x14AEE000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0x14AF7000 \SystemRoot\System32\Drivers\SYMNDISV.SYS
0x14B05000 \SystemRoot\System32\Drivers\SYMFW.SYS
0x14B2D000 \SystemRoot\system32\DRIVERS\smb.sys
0x14B48000 \SystemRoot\system32\drivers\afd.sys
0x14BB3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x14C03000 \SystemRoot\system32\DRIVERS\pacer.sys
0x14C21000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x14C2B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x14C3A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x14C55000 \SystemRoot\System32\Drivers\SRTSPX64.SYS
0x14C69000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x14CB6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x14CC2000 \??\C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20100810.001\IDSvia64.sys
0x14D25000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x14D9B000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x14DC0000 \SystemRoot\System32\Drivers\dfsc.sys
0x14DDD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x14DEB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x017CD000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x017D7000 \SystemRoot\System32\drivers\Dxapi.sys
0x15808000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x1581B000 \SystemRoot\system32\drivers\luafv.sys
0x1583D000 \SystemRoot\system32\drivers\spsys.sys
0x158D7000 \SystemRoot\system32\DRIVERS\RMCAST.sys
0x1590F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x15923000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x15957000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x15962000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x16A05000 \SystemRoot\system32\drivers\HTTP.sys
0x16AA8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x16AD1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x16AEF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x16B09000 \SystemRoot\system32\drivers\mrxdav.sys
0x16B30000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x16B59000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x16BA2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x16BC1000 \SystemRoot\System32\DRIVERS\srv2.sys
0x17408000 \SystemRoot\System32\DRIVERS\srv.sys
0x1749D000 \SystemRoot\system32\drivers\peauth.sys
0x17553000 \SystemRoot\System32\Drivers\secdrv.SYS
0x1755E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x1756E000 \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
0x1759B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x1597A000 \SystemRoot\System32\Drivers\SRTSP64.SYS
0x15A0F000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20100814.002\EX64.SYS
0x15BC9000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20100814.002\ENG64.SYS
0x15BE9000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x13C0E000 \SystemRoot\System32\Drivers\fastfat.SYS
0x13CC7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x13CDF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x13CFF000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x771B0000 \Windows\System32\ntdll.dll
Processes (total 86):
0 System Idle Process
4 System
452 C:\Windows\System32\smss.exe
584 csrss.exe
648 C:\Windows\System32\wininit.exe
660 csrss.exe
696 C:\Windows\System32\services.exe
712 C:\Windows\System32\lsass.exe
720 C:\Windows\System32\lsm.exe
796 C:\Windows\System32\winlogon.exe
900 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
288 C:\Windows\System32\Ati2evxx.exe
344 C:\Windows\System32\svchost.exe
388 C:\Windows\System32\svchost.exe
552 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\audiodg.exe
1260 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\SLsvc.exe
1320 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\Ati2evxx.exe
1444 C:\Windows\System32\hpservice.exe
1520 C:\Windows\System32\svchost.exe
1660 C:\Windows\System32\wlanext.exe
1824 C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
1960 C:\Windows\System32\svchost.exe
2184 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
2208 C:\Windows\System32\agr64svc.exe
2272 C:\Windows\System32\svchost.exe
2344 C:\Windows\SysWOW64\svchost.exe
2468 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2512 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
2548 C:\Windows\System32\svchost.exe
2604 C:\Windows\System32\svchost.exe
2652 C:\Program Files (x86)\SMINST\BLService.exe
2684 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2768 C:\Windows\System32\svchost.exe
2812 C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
2832 C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
2856 C:\Windows\System32\svchost.exe
2884 C:\Windows\System32\SearchIndexer.exe
2152 C:\Windows\System32\taskeng.exe
2060 C:\Windows\System32\dwm.exe
1240 C:\Windows\System32\taskeng.exe
3096 C:\Windows\explorer.exe
3408 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3416 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
3428 C:\Program Files\Windows Defender\MSASCui.exe
3444 C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
3452 C:\Program Files\IDT\WDM\sttray64.exe
3460 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
3476 C:\Windows\ehome\ehtray.exe
3496 C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
3528 C:\Windows\ehome\ehmsas.exe
3552 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3588 C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
3680 C:\Program Files (x86)\Java\jre6\bin\jusched.exe
3688 C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
3696 C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
3708 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3740 C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
3764 C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
3776 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
3792 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
3812 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
3872 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3264 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2936 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3960 C:\Program Files (x86)\iPod\bin\iPodService.exe
2460 C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
4108 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
4616 C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
4632 C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
4760 WmiPrvSE.exe
4540 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4736 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
4408 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5028 C:\Windows\System32\wbem\unsecapp.exe
3620 C:\Windows\System32\svchost.exe
576 WUDFHost.exe
1044 WmiPrvSE.exe
3976 <unknown>
4712 C:\Windows\System32\SearchProtocolHost.exe
5024 C:\Windows\System32\SearchFilterHost.exe
3852 H:\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000036`f3100000 (NTFS)
PhysicalDrive0 Model Number: ST9250320AS, Rev: HP07
PhysicalDrive1 Model Number: ST9250320AS, Rev: HP07
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6DF26AE7D6663DFFFF5602BEDE5BE4683120D56C
232 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Hi,
Let's run OTL.
Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
FF - HKLM\software\mozilla\Firefox\Extensions\\{A92ADD4B-1A47-402A-8BE6-2447A0923EE0}: C:\Windows\system32\config\systemprofile\AppData\Local\{A92ADD4B-1A47-402A-8BE6-2447A0923EE0} [2010/07/30 21:03:10 | 000,000,000 | ---D | M]
[2010/08/23 22:57:53 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/08/04 21:00:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\qullnmj.dll
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log
Did you create a new user account? Asking cos this latest log was taken under same account as earlier (at least same account name).
Winsock 2 file(s) missing
Could you elaborate that?
Start => Run => Msinfo32 => OK
Expand Components, expand Network, clicked on Protocol
Do you have any other items behind Protocol section than those two you listed in attached .txt file?
Please grab a screenshot of Local Area Connection properties window.
Woodworker44
2010-08-28, 18:35
Hi,
I did not create an account - there are two on the laptop: "Cindy" (admin) and "Guest". Because a few of the programs and searches would only allow someone with administrator privileges, I've been running everything through that account.
Winsock information missing from Registry. I don't remember where, but I can check again and post later.
How and what info did you want me to take a screenshot of?
Here is the OTL log:
OTL logfile created on: 8/28/2010 11:17:54 AM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = H:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.80 Gb Total Space | 11.17 Gb Free Space | 5.08% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 227.10 Gb Free Space | 97.52% Space Free | Partition Type: NTFS
Drive E: | 13.08 Gb Total Space | 2.04 Gb Free Space | 15.57% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 967.22 Mb Total Space | 937.53 Mb Free Space | 96.93% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
Computer Name: CINDY-PC
Current User Name: Cindy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.exe File not found
PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe File not found
PRC - H:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
========== Modules (SafeList) ==========
MOD - H:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (TCPIP Pass-through Filter) -- C:\Windows\SysNative\msippsth.dll File not found
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (Symantec Core LC) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (hpqcxs08) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (LiveUpdate Notice) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (hpqddsvc) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
========== Driver Services (SafeList) ==========
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SYMEFA64.SYS File not found
DRV:64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\ccHPx64.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RMCAST) RMCAST (Pgm) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\Drivers\SYMFW.SYS (Symantec Corporation)
DRV:64bit: - (SYMREDRV) -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV:64bit: - (SYMDNS) -- C:\Windows\SysNative\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (COH_Mon) -- C:\Windows\SysNative\Drivers\COH_Mon.sys (Symantec Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (NETw3v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100814.002\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100814.002\ENG64.SYS (Symantec Corporation)
DRV - (IDSvia64) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100810.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (AFS) -- C:\Windows\SysWow64\drivers\AFS.SYS (Oak Technology Inc.)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {A92ADD4B-1A47-402A-8BE6-2447A0923EE0}:1.9.1
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\ProgramData\iWin Games\firefox [2010/06/24 12:22:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/10 11:13:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/12 09:42:34 | 000,000,000 | ---D | M]
[2009/05/02 10:21:35 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Mozilla\Extensions
[2010/08/15 13:37:01 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions
[2009/10/31 08:52:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/14 17:47:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/17 19:35:14 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2010/08/28 07:05:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Mozilla Firefox\components\coFFPlgn.dll
[2009/10/01 14:38:53 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol308.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npraclient.dll
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (~NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [osCheck] C:\Program Files (x86)\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe File not found
O4 - Startup: C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Zuma/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Zuma/Images/armhelper.ocx (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/08/25 10:47:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/25 10:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/25 10:28:01 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Cindy\Documents\spybotsd162.exe
[2010/08/25 10:28:00 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Cindy\Documents\mbam-setup-1.46.exe
[2010/08/25 10:28:00 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Cindy\Documents\HJTInstall.exe
[2010/08/25 10:28:00 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Cindy\Documents\erunt-setup.exe
[2010/08/25 10:28:00 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Cindy\Documents\OTL.exe
[2010/08/25 10:27:59 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Users\Cindy\Documents\ccsetup234.exe
[2010/08/25 10:27:58 | 128,750,008 | ---- | C] (Lavasoft ) -- C:\Users\Cindy\Documents\Ad-AwareInstall.exe
[2010/08/25 10:27:58 | 002,133,536 | ---- | C] (AVG Technologies) -- C:\Users\Cindy\Documents\avg_free_stb_all_9_115_cnet.exe
[2010/08/25 10:27:57 | 001,413,120 | ---- | C] (Option^Explicit Software Solutions) -- C:\Users\Cindy\Documents\winsockfix.exe
[2010/08/17 19:12:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/17 19:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/08/17 19:10:14 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Cindy\Desktop\erunt-setup.exe
[2010/08/17 12:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Grisoft
[2010/08/17 12:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grisoft
[2010/08/12 15:25:47 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\SurfSecret Privacy Suite
[2010/08/12 15:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2010/08/12 15:05:19 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/08/12 14:49:08 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\ccsetup234.exe
[2010/08/12 14:49:08 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2010/08/12 14:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/08/11 23:49:52 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 23:49:44 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 23:49:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/11 23:49:43 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 23:49:43 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/08/11 23:49:43 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/11 23:49:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/11 23:49:43 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/08/11 23:49:42 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/11 23:49:42 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/11 23:49:41 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/11 23:49:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 23:49:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 23:49:41 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/11 23:49:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/11 23:49:41 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/08/11 23:49:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/11 23:49:41 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/08/11 23:49:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/11 23:49:41 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/11 23:49:41 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/11 23:49:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/11 23:49:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 23:48:49 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 23:48:22 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 23:48:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 23:48:16 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/03 08:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/08/02 08:41:21 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\GlarySoft
[2010/07/30 21:18:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/07/30 21:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2009/07/10 12:53:32 | 069,641,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes64Setup.exe
========== Files - Modified Within 30 Days ==========
[2010/08/28 11:20:19 | 002,097,152 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT
[2010/08/28 11:14:51 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/28 11:13:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/28 11:13:49 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/28 11:13:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/28 11:13:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/28 11:13:32 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/28 11:12:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/28 11:12:30 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/28 11:12:30 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TM.blf
[2010/08/28 11:12:24 | 004,385,881 | -H-- | M] () -- C:\Users\Cindy\AppData\Local\IconCache.db
[2010/08/28 11:09:23 | 000,000,272 | ---- | M] () -- C:\Users\Cindy\Desktop\OTL.exe - Shortcut (2).lnk
[2010/08/28 10:13:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/28 08:03:30 | 000,000,293 | ---- | M] () -- C:\Users\Cindy\Desktop\MBRCheck.exe - Shortcut.lnk
[2010/08/28 07:05:34 | 000,002,423 | ---- | M] () -- C:\Users\Cindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/08/28 07:02:57 | 000,000,680 | ---- | M] () -- C:\Users\Cindy\AppData\Local\d3d9caps.dat
[2010/08/28 06:59:58 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2010/08/27 17:10:11 | 000,000,386 | ---- | M] () -- C:\Windows\win.ini
[2010/08/27 16:09:31 | 000,002,411 | ---- | M] () -- C:\Users\Cindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2010/08/25 10:48:01 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 10:42:04 | 000,000,890 | ---- | M] () -- C:\Users\Cindy\Desktop\Malwarebytes' Anti-Malware - Shortcut.lnk
[2010/08/25 09:49:20 | 000,017,920 | ---- | M] () -- C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 20:06:10 | 000,099,840 | ---- | M] () -- C:\Users\Cindy\Documents\OTL Extras logfile created on 24 Aug 2010.doc
[2010/08/24 20:04:23 | 000,115,712 | ---- | M] () -- C:\Users\Cindy\Documents\OTL logfile created on Aug 24 2010.doc
[2010/08/24 19:34:56 | 000,028,160 | ---- | M] () -- C:\Users\Cindy\Documents\Spybot Forum - Response 1 - Blade81.doc
[2010/08/24 19:32:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Documents\OTL.exe
[2010/08/23 20:39:24 | 001,413,120 | ---- | M] (Option^Explicit Software Solutions) -- C:\Users\Cindy\Documents\winsockfix.exe
[2010/08/17 19:10:59 | 000,000,945 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/17 19:10:52 | 000,000,746 | ---- | M] () -- C:\Users\Cindy\Desktop\ERUNT.lnk
[2010/08/17 17:55:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Cindy\Documents\erunt-setup.exe
[2010/08/17 17:55:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Cindy\Desktop\erunt-setup.exe
[2010/08/17 12:17:07 | 000,001,930 | ---- | M] () -- C:\Users\Cindy\Desktop\HijackThis.lnk
[2010/08/17 11:54:46 | 012,413,440 | ---- | M] () -- C:\Users\Cindy\Documents\avgas-setup-7.5.1.43.exe
[2010/08/17 10:54:13 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/17 10:54:13 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/17 10:54:13 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/16 09:36:18 | 128,750,008 | ---- | M] (Lavasoft ) -- C:\Users\Cindy\Documents\Ad-AwareInstall.exe
[2010/08/16 09:29:26 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Cindy\Documents\mbam-setup-1.46.exe
[2010/08/16 09:28:48 | 002,133,536 | ---- | M] (AVG Technologies) -- C:\Users\Cindy\Documents\avg_free_stb_all_9_115_cnet.exe
[2010/08/16 09:16:34 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Users\Cindy\Documents\ccsetup234.exe
[2010/08/16 09:14:58 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Cindy\Documents\spybotsd162.exe
[2010/08/16 09:13:20 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Cindy\Documents\HJTInstall.exe
[2010/08/16 08:59:00 | 000,525,824 | ---- | M] () -- C:\Users\Cindy\Documents\dds.com
[2010/08/16 08:59:00 | 000,525,824 | ---- | M] () -- C:\Users\Cindy\Desktop\dds.com
[2010/08/16 08:59:00 | 000,525,824 | ---- | M] () -- C:\dds.com
[2010/08/15 11:20:04 | 000,033,280 | ---- | M] () -- C:\Users\Cindy\Documents\No Internet Connection - Windows Vista_2.doc
[2010/08/14 20:35:58 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/14 19:46:42 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 19:46:42 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TM.blf
[2010/08/14 18:13:20 | 000,000,036 | ---- | M] () -- C:\Users\Cindy\AppData\Local\housecall.guid.cache
[2010/08/12 13:36:38 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\ccsetup234.exe
[2010/08/12 13:34:49 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2010/08/12 04:15:48 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 03:45:56 | 000,445,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/12 03:40:18 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 03:40:18 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TM.blf
[2010/08/10 11:06:14 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/08 13:39:35 | 000,137,504 | ---- | M] () -- C:\Users\Cindy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/04 08:25:28 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/08/04 08:21:26 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{fbdd9b78-9581-11df-bf45-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/04 08:21:26 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{fbdd9b78-9581-11df-bf45-00235a32a429}.TM.blf
[2010/08/02 08:29:08 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\Class15
[2010/08/02 08:29:08 | 000,000,005 | ---- | M] () -- C:\Windows\SysWow64\Band4
========== Files Created - No Company Name ==========
[2010/08/28 11:09:23 | 000,000,272 | ---- | C] () -- C:\Users\Cindy\Desktop\OTL.exe - Shortcut (2).lnk
[2010/08/28 08:03:30 | 000,000,293 | ---- | C] () -- C:\Users\Cindy\Desktop\MBRCheck.exe - Shortcut.lnk
[2010/08/25 10:48:01 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 10:41:59 | 000,000,890 | ---- | C] () -- C:\Users\Cindy\Desktop\Malwarebytes' Anti-Malware - Shortcut.lnk
[2010/08/25 10:28:00 | 001,020,805 | ---- | C] () -- C:\Users\Cindy\Documents\fr.exe
[2010/08/25 10:27:58 | 012,413,440 | ---- | C] () -- C:\Users\Cindy\Documents\avgas-setup-7.5.1.43.exe
[2010/08/25 10:27:57 | 000,525,824 | ---- | C] () -- C:\Users\Cindy\Documents\dds.com
[2010/08/25 10:27:57 | 000,033,280 | ---- | C] () -- C:\Users\Cindy\Documents\No Internet Connection - Windows Vista_2.doc
[2010/08/25 10:27:57 | 000,028,160 | ---- | C] () -- C:\Users\Cindy\Documents\Spybot Forum - Response 1 - Blade81.doc
[2010/08/24 20:06:10 | 000,099,840 | ---- | C] () -- C:\Users\Cindy\Documents\OTL Extras logfile created on 24 Aug 2010.doc
[2010/08/24 20:04:22 | 000,115,712 | ---- | C] () -- C:\Users\Cindy\Documents\OTL logfile created on Aug 24 2010.doc
[2010/08/17 19:13:50 | 000,525,824 | ---- | C] () -- C:\Users\Cindy\Desktop\dds.com
[2010/08/17 19:10:59 | 000,000,945 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/17 19:10:52 | 000,000,746 | ---- | C] () -- C:\Users\Cindy\Desktop\ERUNT.lnk
[2010/08/17 15:38:10 | 4024,262,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/17 12:06:55 | 000,001,930 | ---- | C] () -- C:\Users\Cindy\Desktop\HijackThis.lnk
[2010/08/17 10:53:41 | 000,525,824 | ---- | C] () -- C:\dds.com
[2010/08/14 20:35:57 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/14 20:35:57 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 20:35:57 | 000,065,536 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TM.blf
[2010/08/14 18:13:20 | 000,000,036 | ---- | C] () -- C:\Users\Cindy\AppData\Local\housecall.guid.cache
[2010/08/12 04:15:47 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 04:15:47 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 04:15:47 | 000,065,536 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TM.blf
[2010/08/10 11:06:14 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/04 08:25:28 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/08/04 08:25:27 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/08/04 08:25:27 | 000,065,536 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TM.blf
[2010/08/02 08:29:08 | 000,000,007 | ---- | C] () -- C:\Windows\SysWow64\Class15
[2010/08/02 08:29:08 | 000,000,005 | ---- | C] () -- C:\Windows\SysWow64\Band4
[2010/07/02 20:42:24 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/24 06:07:19 | 000,010,554 | ---- | C] () -- C:\Users\Cindy\AppData\Local\dd_vcredistUI7F0A.txt
[2010/06/24 06:07:11 | 000,433,684 | ---- | C] () -- C:\Users\Cindy\AppData\Local\dd_vcredistMSI7EF0.txt
[2010/06/24 06:07:09 | 000,011,414 | ---- | C] () -- C:\Users\Cindy\AppData\Local\dd_vcredistUI7EF0.txt
[2010/04/09 08:30:26 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/04/09 08:30:25 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/04/01 22:07:44 | 000,076,407 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\Smiley.ico
[2010/02/01 09:00:00 | 000,003,840 | ---- | C] () -- C:\Windows\SysWow64\drivers\BANTExt.sys
[2009/12/25 19:32:51 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2009/09/23 19:01:50 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 19:00:28 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 17:09:35 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2009/07/14 14:35:38 | 000,152,368 | ---- | C] () -- C:\Windows\SysWow64\WIN2PDFS.DLL
[2009/07/14 14:35:37 | 000,000,002 | ---- | C] () -- C:\Windows\1way.ini
[2009/07/10 12:52:16 | 013,727,048 | ---- | C] () -- C:\Program Files\winzip121.exe
[2009/06/09 11:35:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/13 14:28:32 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/05/13 14:27:03 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/05/13 14:22:09 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/04/27 22:28:33 | 000,003,146 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/04/24 15:43:34 | 000,017,920 | ---- | C] () -- C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/24 13:45:39 | 000,000,680 | ---- | C] () -- C:\Users\Cindy\AppData\Local\d3d9caps.dat
[2009/04/20 17:27:48 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/04/19 16:45:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/04 12:46:40 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\AppData\Local\QSwitch.txt
[2009/04/04 12:46:40 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\AppData\Local\DSwitch.txt
[2009/04/04 12:46:40 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\AppData\Local\AtStart.txt
[2009/04/04 12:46:39 | 000,009,045 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/03/05 03:07:29 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/03/05 03:07:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/03/05 03:06:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/03/05 03:05:55 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/03/05 03:03:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/01/20 01:45:49 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/01/20 01:36:56 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/01/20 01:34:18 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/01/20 01:32:19 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2000/02/24 01:03:04 | 000,061,502 | ---- | C] () -- C:\Windows\SysWow64\ODBCMON.DLL
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:24051EFF
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:C5E4F943
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:3B4DA230
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:AD7183FA
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:E51234A9
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:85C3B823
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:E1D6C864
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:A1D3FEF0
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:1BFE92CC
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:D667795F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:99671BE2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7B2BB690
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:BE40C8A2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:FD34FE88
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:2EF63291
< End of report >
Hi,
I did not create an account - there are two on the laptop: "Cindy" (admin) and "Guest". Because a few of the programs and searches would only allow someone with administrator privileges, I've been running everything through that account.
Try to create another user account and see how it works behind it.
How and what info did you want me to take a screenshot of?
I want to see what items connection has installed and active (networking tab on local area connection properties window). You can grab the screenshot for example like this:
1. Activate local area connection properties window and press alt+print screen buttons.
2. Open MS Paint and copy-paste screenshot in.
3. Save as .jpg or .png file.
4. Attach the file to your post.
Woodworker44
2010-08-28, 22:24
Hello,
It must be getting pretty late in the day for you.
I created another user account on the damaged laptop as you recommended. Took a while to get things up and running. Here are the results:
Internet Explorer: http://click.w3i.com/?Programid=173&Elementname=ErrorPage&q=ie.redirect.hp.com%20svs%20rdr%3FTYPE=3%26tp=iehome%26locale=en_us%26c=91%26bd=Pavilion%26pf=cnnb&applicationid={EEA4B19D-ED04-4AEC-AAD3-3F75FC6EA710}&version=3.8.2&vintage=20100727&Defaultbrowserid=6&Productid=1704&Vendorid=3662&Offerid=6684&sc=-2146697211
Internet Explorer cannot display the webpage
===============================================================
Firefox: http://www.mozilla.com/en-US/firefox/3.6.8/firstrun/
Server not found
Firefox can't find the server at www.mozilla.com.
===============================================================
Network Discovery was turned off. Could not turn it on. Tried to turn it on via Network and Sharing Center. Was busy for 10 minutes and then when I tried I could not close the window. Opened Task Manager and ended process that way. Got warning that Explorer quit working and then all the open windows closed.
===============================================================
Sound works with new user account.
Also included are some pictures of the Local Area Connection windows. I'll have to send the next two JPEGs in a separate post.
Thank you,
Joe
Woodworker44
2010-08-28, 22:25
Last two JPEG files attached.
Hi,
It must be getting pretty late in the day for you.
Yes, but trying to stay up for a few more hours :)
In Network Connections window.JPG picture I see that wired connection appears like ethernet cable wasn't connected. Is that so? Please have the cable connected.
What firewall do you have currently active? Please try to disable it temporarily to see if it helps.
Woodworker44
2010-08-29, 01:47
The ethernet cable is plugged into the laptop and router/switch but the router is not seeing the laptop. The activity light is flashing on/off about once a second. I even tried another cable thinking I may have a bad cable. Same result.
The red X was flashing yesterday and today it is solid red.
Running with Windows firewall, not Norton 360. Firewall is turned off, but I'll recheck and post if that is not the case.
Hi,
Two more things that could be tried.
1) Norton has in some case in the past caused network connection issue. You could try to uninstall it with this removal tool (http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN) to see if it has any effect (can be reinstalled after that).
2) Router reset
Woodworker44
2010-08-29, 21:33
Removed Norton 360 as instructed.
Rebooted and ran netsh winsock reset.
"Server Not Found" or similar with both IE8 and Firefox.
Just for the fun of it I downloaded and installed the latest audio, video and networking drivers from the HP help site (maker of my damaged laptop).
No change.
Next?
I'm just about ready to reformat the HD and install Windows 7 (I really don't like Vista even though most experts say it's better than XP). This has been driving me crazy for over 3 1/2 weeks. I am usually pretty adept at computer issues and have helped several of the guys I work with. I have never seen a trojan like this that has caused so much damage to the internal command structure.
Hi,
I'm afraid we're out of options here :sad:. Probably best to backup important stuff and then reformat & install Windows 7.
Woodworker44
2010-08-30, 13:52
Blade81,
Thank you so much for all the time spent on this problem. At least I don't feel too bad. From what I've seen on several dozen posts here and on other sites (CNET, ZDNET, MSN), this virus seems to have affected thousands and possibly hundreds of thousand computers.
I've already started a full back up of my laptop and will either re-image the Vista OS or break down and buy Windows 7 and install that OS.
Good luck to you.
Bye.
:greeting:
You're welcome and I wish you safe computing in the future :)