Cannot Connect to Internet

W

Woodworker44

New member
Help. I have been working on this for over two weeks and may have done some major damage to my laptop.

Infected August 2nd with fake security warning trojan. After virus was removed, connection to Internet would drop out unexpectedly. Noticed that first Google hits were www.juggle.com, www.adultphoyos.com, www.localmoxie.com, etc. All bogus sites leading to people selling crap...

Cannot connect to the Internet. Cannot ping router/access point. Vista states when attempting to run any browser that the server was not found. When opening Vista Network and Sharing Center, it states that I am connected to IPv4 locally and have limited connect to IPv6. Using Linksys wireless router and until August, system ran for over a year with no problems to four computers. None of the other computers infected.

Runnign Norton 360 and it did not detect trojan.

Since infection have run the following in no particular order:

Registry Mechanic, Glary Registry Repair, Spybot, Bit Defender, AVG Anti-Spyware, CCleaner, Housecall, Panda Active Scan, Ad-Aware, HiJack This, and maybe one or two others I may not have written in my log.

I have run ERUNT not that it will do any good.

I'm ready to buy Windows 7 and start over.......ARGHH!!!

Here are the DDS files:

DDS (Ver_10-03-17.01) - NTFSX64
Run by Cindy at 19:16:37.50 on Tue 08/17/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2044 [GMT -4:00]

SP: AVG Anti-Spyware *disabled* (Updated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Cindy\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~2\common~1\symant~1\ids\IPSBHO.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files (x86)\iwin games\iWinGamesHookIE.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: ~NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files (x86)\freeze.com\my.freeze.com netassistant\NetAssistant.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [UCam_Menu] "c:\program files (x86)\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
mRun: [UpdateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files (x86)\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UpdateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files (x86)\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files (x86)\norton 360\osCheck.exe"
mRun: [SSBkgdUpdate] "c:\program files (x86)\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files (x86)\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [TSMAgent] "c:\program files (x86)\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [DVDAgent] "c:\program files (x86)\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [!AVG Anti-Spyware] "c:\program files (x86)\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
StartupFolder: c:\users\cindy\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE
StartupFolder: c:\users\cindy\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program files (x86)\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files (x86)\winzip\WZQKPICK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\qullnmj.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Zuma/Images/stg_drm.ocx
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Zuma/Images/armhelper.ocx
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files (x86)\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: AVG Anti-Spyware 7.5: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - CShellExecuteHookImpl Object
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB-X64: {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [WrtMon.exe] c:\windows\system32\spool\drivers\x64\3\WrtMon.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\cindy\appdata\roaming\mozilla\firefox\profiles\1xsqmwgx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\cindy\appdata\roaming\mozilla\firefox\profiles\1xsqmwgx.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
FF - component: c:\users\cindy\appdata\roaming\mozilla\firefox\profiles\1xsqmwgx.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPcol308.dll
FF - plugin: c:\program files (x86)\picasa2\npPicasa3.dll
FF - plugin: c:\programdata\realarcade\npraclient.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {A92ADD4B-1A47-402A-8BE6-2447A0923EE0} - c:\windows\system32\config\systemprofile\appdata\local\{A92ADD4B-1A47-402A-8BE6-2447A0923EE0}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files (x86)\grisoft\avg anti-spyware 7.5\guard64.sys [2007-5-30 12024]
R1 AvgAsC64;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsC64.sys [2010-8-17 14072]
R1 IDSvia64;Symantec Intrusion Prevention Driver;c:\progra~3\symantec\defini~1\symcdata\ipsdefs\20100810.001\IDSvia64.sys [2010-8-13 386096]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/08/01 08:51:26];c:\program files (x86)\hewlett-packard\media\dvd\000.fcl [2009-8-1 146928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_bd5387da\AESTSr64.exe [2009-3-5 89088]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files (x86)\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 23040]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files (x86)\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\sminst\BLService.exe [2009-1-20 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2008-11-26 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2008-11-26 116096]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 60928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-1 132656]
R3 Symantec Core LC;Symantec Core LC;c:\progra~2\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-4-4 1245064]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 47664]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-4-4 26168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-15 135664]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iwin games\iwintrusted.exe --> c:\program files (x86)\iwin games\iWinTrusted.exe [?]
S2 StarWindServiceAE;StarWind AE Service;c:\program files (x86)\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S2 TCPIP Pass-through Filter;TCPIP Pass-through Filter;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 27648]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-4-5 25424]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-1-20 222512]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-21 145496]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-5-29 19544]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files (x86)\common files\surething shared\stllssvr.exe [2010-4-2 74392]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-23 89920]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-08-17 16:01:58 0 d-----w- c:\users\cindy\appdata\roaming\Grisoft
2010-08-17 16:01:24 14072 ----a-w- c:\windows\system32\drivers\AvgAsC64.sys
2010-08-17 16:01:23 0 d-----w- c:\programdata\Grisoft
2010-08-17 14:53:41 525824 ----a-w- C:\dds.com
2010-08-15 00:35:57 65536 --sha-w- c:\users\cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TM.blf
2010-08-15 00:35:57 524288 --sha-w- c:\users\cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
2010-08-15 00:35:57 524288 --sha-w- c:\users\cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
2010-08-12 19:25:47 0 d-----w- c:\users\cindy\appdata\roaming\SurfSecret Privacy Suite
2010-08-12 19:23:48 0 d-----w- c:\programdata\Panda Security
2010-08-12 18:49:08 812344 ----a-w- C:\HJTInstall.exe
2010-08-12 18:49:08 3420304 ----a-w- C:\ccsetup234.exe
2010-08-12 18:14:33 0 d-----w- c:\program files (x86)\Trend Micro
2010-08-12 08:15:47 65536 --sha-w- c:\users\cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TM.blf
2010-08-12 08:15:47 524288 --sha-w- c:\users\cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
2010-08-12 08:15:47 524288 --sha-w- c:\users\cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
2010-08-12 03:48:58 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 03:48:58 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 03:48:55 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 03:48:49 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-12 03:48:22 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 03:48:22 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-12 03:48:16 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 03:47:49 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 03:47:48 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-12 03:45:28 274944 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-12 03:45:27 343040 ----a-w- c:\windows\system32\schannel.dll
2010-08-05 01:00:42 8192 ----a-w- c:\windows\syswow64\qullnmj.dll
2010-08-05 01:00:39 19456 ----a-w- c:\windows\syswow64\~msippsth.dll
2010-08-04 12:25:28 524288 --sha-w- c:\users\cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
2010-08-04 12:25:27 65536 --sha-w- c:\users\cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TM.blf
2010-08-04 12:25:27 524288 --sha-w- c:\users\cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
2010-08-03 12:58:28 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-03 12:41:46 0 d-----w- c:\programdata\WindowsSearch
2010-08-02 12:41:21 0 d-----w- c:\users\cindy\appdata\roaming\GlarySoft
2010-08-02 12:41:21 0 d-----w- c:\program files (x86)\Glary Registry Repair
2010-08-02 12:29:08 7 ----a-w- c:\windows\syswow64\Class15
2010-08-02 12:29:08 5 ----a-w- c:\windows\syswow64\Band4
2010-07-31 01:01:55 0 d-----w- c:\programdata\Update
2010-07-26 15:48:54 286720 ----a-w- c:\windows\iun506.exe
2010-07-26 15:48:54 0 d-----w- c:\program files (x86)\Mp3 File Editor
2010-07-26 15:40:18 348160 ----a-w- c:\windows\syswow64\FlatBtn6.ocx
2010-07-26 15:40:17 348160 ----a-w- c:\windows\syswow64\MEnc.ocx
2010-07-26 15:40:17 0 d-----w- c:\program files (x86)\WAV to MP3 Encoder
2010-07-22 12:15:31 65536 --sha-w- c:\users\cindy\NTUSER.DAT{fbdd9b78-9581-11df-bf45-00235a32a429}.TM.blf
2010-07-22 12:15:31 524288 --sha-w- c:\users\cindy\NTUSER.DAT{fbdd9b78-9581-11df-bf45-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
2010-07-22 12:15:31 524288 --sha-w- c:\users\cindy\NTUSER.DAT{fbdd9b78-9581-11df-bf45-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
2010-07-20 15:01:41 0 d-----w- c:\program files (x86)\EA GAMES

==================== Find3M ====================

2010-07-17 13:38:19 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-17 13:38:19 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-17 13:38:18 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-11 22:17:48 208008 ----a-w- C:\bigfishgames_p77562547_s1_l1.exe
2010-06-30 13:11:04 1704 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-06-29 15:00:23 871408 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-24 12:11:47 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 18:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2009-11-03 12:45:30 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-10 16:38:52 13727048 ----a-w- c:\program files\winzip121.exe
2009-07-03 20:42:16 69641000 ----a-w- c:\program files\iTunes64Setup.exe
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-20 05:18:23 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 19:17:09.38 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/5/2009 12:41:54 AM
System Uptime: 8/17/2010 5:25:11 PM (2 hours ago)

Motherboard: Hewlett-Packard | | 30FC
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-74 | Socket M2/S1G1 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 220 GiB total, 8.833 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 227.099 GiB free.
E: is FIXED (NTFS) - 13 GiB total, 2.037 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is FIXED (FAT32) - 931 GiB total, 556.141 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP295: 7/23/2010 9:53:27 AM - Windows Update
RP296: 7/27/2010 5:56:14 AM - Windows Update
RP297: 7/30/2010 7:50:05 AM - Windows Update
RP298: 8/2/2010 10:38:11 AM - Windows Update
RP299: 8/4/2010 3:00:56 AM - Windows Update
RP300: 8/6/2010 8:57:46 AM - Windows Update
RP302: 8/7/2010 1:45:59 PM - Windows Defender Checkpoint
RP303: 8/9/2010 3:09:10 PM - Windows Update
RP304: 8/9/2010 7:39:33 PM - Removed Palm
RP305: 8/9/2010 7:43:40 PM - Removed Documents To Go
RP306: 8/9/2010 7:45:28 PM - Removed Documents To Go
RP307: 8/10/2010 8:04:13 PM - Scheduled Checkpoint
RP308: 8/12/2010 3:00:59 AM - Windows Update
RP309: 8/12/2010 11:22:38 PM - Windows Update
RP310: 8/13/2010 7:35:59 AM - Windows Update
RP311: 8/14/2010 7:45:08 PM - Restore Operation
RP312: 8/15/2010 1:05:59 PM - Scheduled Checkpoint
RP313: 8/16/2010 10:39:53 AM - Restore Operation

==== Installed Programs ======================

1600
1600_Help
1600Trb
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
AMD USB Audio Driver Filter
AppCore
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 10.0.1
ASIO4ALL
Atheros Driver Installation Program
Atlantis (remove only)
Atlantis Sky Patrol™
Autodesk DWF Viewer
AVG Anti-Spyware 7.5
Backup
Belarc Advisor 7.0
Big Fish Games: Game Manager
BitTorrent
BufferChm
Canon MF Toolbox 4.9.1.1.mf04
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ccCommon
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
CyberLink DVD Suite
Das Unit Converter 5.01
Data Lifeguard Diagnostic for Windows
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
DVD Shrink 3.2
EA Download Manager
EA Download Manager UI
ERUNT 1.1j
ESU for Microsoft Vista
eSupportQFolder
Fax
ffdshow
File Recover 7.5
FL Studio 9
GearDrvs
Glary Registry Repair 3.3.0.852
Google Chrome
Google Earth
Google SketchUp 7
Google Update Helper
Hidden Expedition ® - Devil's Triangle
Hidden Expedition ® : Devil's Triangle Strategy Guide
Hidden Expedition Titanic (remove only)
Hidden Expedition: Amazon ™
Hidden Expedition: Titanic ™
Hidden Wonders of the Depths 2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Common Access Service Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart TV
HP MediaSmart Webcam
HP Memories Disc
HP MULTIPLE MODEM INSTALLER for VISTA
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photosmart Essential
HP Quick Launch Buttons 6.40 L1
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0129
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPProductAssistant
HPSSupply
IDT Audio
IL Download Manager
ImagXpress
iWin Games (remove only)
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Jewel Quest: Heritage (remove only)
JMicron JMB38X Flash Media Controller
Juno Preloader
jZip
LabelPrint
Lara Croft Tomb Raider: The Angel Of Darkness
LightScribe System Software
LiveUpdate (Symantec Corporation)
LP Recorder
LP Ripper
Luxor (remove only)
Luxor Amun Rising (remove only)
Macromedia Flash Player 8
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
MailNavigator v.1.11
MarketResearch
MDI2PDF 2.6
Medal of Honor Allied Assault
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Project 2000
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft WSE 3.0 Runtime
Mobipocket Creator 4.2
Mozilla Firefox (3.6.8)
mp3-2-wav converter 1.14
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
My.Freeze.com NetAssistant
MyAshampoo Toolbar
Mystery Case Files ®: Dire Grove ™
Mystery Case Files: Return to Ravenhearst ™
Native Instruments Guitar Rig 3
neroxml
NetZero Preloader
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
PDFCreator
PhotoNow!
Picasa 3
PoiZone
Power2Go
PowerDirector
Presto! PageManager 7.15.14
PuppetShow: Souls of the Innocent
QuickTime
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Safari
Sawer
Scan
ScanSoft OmniPage SE 4.0
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Skins
Skype™ 4.0
Slingbox - Watch Your TV Anywhere
SlingPlayer
SolutionCenter
Status
SureThing CD Labeler Deluxe 5
Symantec Technical Support Controls
The Sims™ 3
Toolbox
Toxic Biohazard
TrayApp
TurboCAD Professional 16
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vacation_Countdown
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
WAV to MP3 Encoder
Wave Corrector DeClick version 1.1
WebReg
WinZip 12.1
Xvid 1.2.2 final uninstall
Zinio Reader 4
Zuma's Revenge!
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

8/17/2010 6:05:51 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The operation completed successfully.
8/17/2010 6:03:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/17/2010 5:59:31 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 2147942402.
8/17/2010 5:35:01 PM, Error: PlugPlayManager [12] - The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0428) disappeared from the system without first being prepared for removal.
8/17/2010 5:35:01 PM, Error: PlugPlayManager [12] - The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0228) disappeared from the system without first being prepared for removal.
8/17/2010 5:35:01 PM, Error: PlugPlayManager [12] - The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0328) disappeared from the system without first being prepared for removal.
8/17/2010 5:35:00 PM, Error: PlugPlayManager [12] - The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0028) disappeared from the system without first being prepared for removal.
8/17/2010 5:31:14 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
8/17/2010 5:31:02 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: The system cannot find the file specified.
8/17/2010 3:41:33 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/17/2010 3:40:23 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/17/2010 3:40:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS ccHP Lbd SymEFA
8/17/2010 3:40:16 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
8/17/2010 3:38:52 PM, Error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
8/17/2010 3:38:52 PM, Error: Service Control Manager [7023] - The TCPIP Pass-through Filter service terminated with the following error: The specified module could not be found.
8/17/2010 3:38:52 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The system cannot find the file specified.
8/17/2010 3:38:52 PM, Error: Service Control Manager [7023] - The IKE and AuthIP IPsec Keying Modules service terminated with the following error: Load failed
8/17/2010 3:38:52 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: One or more arguments are invalid
8/17/2010 12:14:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS AVG Anti-Spyware Driver ccHP eeCtrl Lbd spldr SRTSPX SymEFA SYMTDI Wanarpv6
8/17/2010 12:14:10 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2010 12:14:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/17/2010 12:13:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/17/2010 12:13:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/17/2010 12:13:34 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
8/16/2010 10:33:39 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The dependency service or group failed to start.
8/15/2010 7:55:19 PM, Error: Service Control Manager [7000] - The BANTExt service failed to start due to the following error: This driver has been blocked from loading
8/15/2010 7:55:19 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\Belarc\Advisor\system\BANTExt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/15/2010 7:00:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
8/15/2010 6:58:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
8/15/2010 6:58:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
8/15/2010 6:58:33 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/15/2010 6:37:17 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service has not been started.
8/15/2010 1:34:50 PM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
8/15/2010 1:27:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS ccHP SymEFA
8/14/2010 5:52:46 PM, Error: Service Control Manager [7022] - The Panda Cloud Antivirus Service service hung on starting.
8/14/2010 3:04:49 PM, Error: Service Control Manager [7034] - The TCPIP Pass-through Filter service terminated unexpectedly. It has done this 1 time(s).
8/14/2010 10:39:52 PM, Error: Service Control Manager [7030] - The Panda Security Generic Uninstaller service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/14/2010 10:39:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/14/2010 10:34:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS ccHP eeCtrl PSINKNC spldr SRTSPX SymEFA SYMTDI Wanarpv6
8/12/2010 3:28:07 PM, Error: Service Control Manager [7034] - The iWinTrusted service terminated unexpectedly. It has done this 1 time(s).
8/12/2010 3:24:40 PM, Error: Service Control Manager [7030] - The Panda Cloud Antivirus Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/12/2010 3:03:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/12/2010 3:03:37 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/12/2010 3:03:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/12/2010 2:47:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
8/12/2010 2:47:49 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/12/2010 10:18:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
8/12/2010 10:18:53 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/12/2010 10:18:22 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/12/2010 10:18:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.
8/12/2010 10:18:22 AM, Error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/12/2010 10:17:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
8/12/2010 10:15:30 AM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
8/12/2010 10:14:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
8/12/2010 10:13:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.
8/12/2010 10:13:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
8/12/2010 10:13:05 AM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/12/2010 1:58:53 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/12/2010 1:58:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/12/2010 1:58:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/12/2010 1:58:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/12/2010 1:54:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AFS ccHP DfsC eeCtrl NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymEFA SymIM SYMTDI tdx Wanarpv6
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 1:54:25 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/12/2010 1:10:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

==== End Of File ===========================

Thank you in advance,
Joe
 
Last edited by a moderator:
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent


I'd like you to read this thread.

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).


After that:


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Copy-paste following contents into custom scan -area:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
 
What Did I Do Wrong?

Posted a request for assistance in the General Malware\Malware Removal Forum on 17-Aug.

No answer after over four days, so I posted in the Waiting Room.

Did I do something wrong?

Thanks,
Joe
 
OTL Log Files

Blade81,

First I have to apologize - found out PM means Private Message.

I removed Bit Torrent and Peer Block. Opened OTL. Changed Output to Minimal and copied and pasted the text supplied into the Custom Scan Area. Ran OTL.

Results from OTL.text are below:

OTL logfile created on: 8/24/2010 7:46:08 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = H:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.80 Gb Total Space | 9.05 Gb Free Space | 4.12% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 227.10 Gb Free Space | 97.52% Space Free | Partition Type: NTFS
Drive E: | 13.08 Gb Total Space | 2.04 Gb Free Space | 15.57% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 967.22 Mb Total Space | 800.28 Mb Free Space | 82.74% Space Free | Partition Type: FAT
Drive I: | 931.28 Gb Total Space | 556.14 Gb Free Space | 59.72% Space Free | Partition Type: FAT32

Computer Name: CINDY-PC
Current User Name: Cindy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.exe File not found
PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe File not found
PRC - H:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
PRC - C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - H:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TCPIP Pass-through Filter) -- C:\Windows\SysNative\msippsth.dll File not found
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (Symantec Core LC) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (hpqcxs08) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (LiveUpdate Notice) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (hpqddsvc) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (AVG Anti-Spyware Guard) -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SYMEFA64.SYS File not found
DRV:64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\ccHPx64.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\Drivers\SYMFW.SYS (Symantec Corporation)
DRV:64bit: - (SYMREDRV) -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV:64bit: - (SYMDNS) -- C:\Windows\SysNative\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (COH_Mon) -- C:\Windows\SysNative\Drivers\COH_Mon.sys (Symantec Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (NETw3v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (AvgAsC64) -- C:\Windows\SysNative\DRIVERS\AvgAsC64.sys (GRISOFT, s.r.o.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100814.002\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100814.002\ENG64.SYS (Symantec Corporation)
DRV - (IDSvia64) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100810.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (AFS) -- C:\Windows\SysWow64\drivers\AFS.SYS (Oak Technology Inc.)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (AVG Anti-Spyware Driver) -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard64.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {A92ADD4B-1A47-402A-8BE6-2447A0923EE0}:1.9.1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\ProgramData\iWin Games\firefox [2010/06/24 12:22:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A92ADD4B-1A47-402A-8BE6-2447A0923EE0}: C:\Windows\system32\config\systemprofile\AppData\Local\{A92ADD4B-1A47-402A-8BE6-2447A0923EE0} [2010/07/30 21:03:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/10 11:13:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/12 09:42:34 | 000,000,000 | ---D | M]

[2009/05/02 10:21:35 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Mozilla\Extensions
[2010/08/15 13:37:01 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions
[2009/10/31 08:52:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/14 17:47:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/17 19:35:14 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2010/08/23 20:30:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Mozilla Firefox\components\coFFPlgn.dll
[2009/10/01 14:38:53 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol308.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npraclient.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (~NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [osCheck] C:\Program Files (x86)\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe File not found
O4 - Startup: C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Zuma/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Zuma/Images/armhelper.ocx (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/01/06 14:56:34 | 000,000,000 | ---D | M] - I:\autorun -- [ FAT32 ]
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/08/17 19:12:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/17 19:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/08/17 19:10:14 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Cindy\Desktop\erunt-setup.exe
[2010/08/17 12:01:58 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\Grisoft
[2010/08/17 12:01:24 | 000,014,072 | ---- | C] (GRISOFT, s.r.o.) -- C:\Windows\SysNative\drivers\AvgAsC64.sys
[2010/08/17 12:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Grisoft
[2010/08/17 12:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grisoft
[2010/08/12 15:25:47 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\SurfSecret Privacy Suite
[2010/08/12 15:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2010/08/12 15:05:19 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/08/12 14:49:08 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\ccsetup234.exe
[2010/08/12 14:49:08 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2010/08/12 14:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/08/11 23:49:52 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 23:49:44 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 23:49:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/11 23:49:43 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 23:49:43 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/08/11 23:49:43 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/11 23:49:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/11 23:49:43 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/08/11 23:49:42 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/11 23:49:42 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/11 23:49:41 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/11 23:49:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 23:49:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 23:49:41 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/11 23:49:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/11 23:49:41 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/08/11 23:49:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/11 23:49:41 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/08/11 23:49:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/11 23:49:41 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/11 23:49:41 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/11 23:49:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/11 23:49:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 23:48:49 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 23:48:22 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 23:48:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 23:48:16 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/03 08:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/08/02 08:41:21 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\GlarySoft
[2010/08/02 08:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Registry Repair
[2010/07/30 21:18:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/07/30 21:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/07/26 11:48:54 | 000,286,720 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun506.exe
[2010/07/26 11:48:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3 File Editor
[2010/07/26 11:40:18 | 000,348,160 | ---- | C] (DevPower Development Tools) -- C:\Windows\SysWow64\FlatBtn6.ocx
[2010/07/26 11:40:17 | 000,348,160 | ---- | C] (DGP) -- C:\Windows\SysWow64\MEnc.ocx
[2010/07/26 11:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WAV to MP3 Encoder
[2009/07/10 12:53:32 | 069,641,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes64Setup.exe

========== Files - Modified Within 30 Days ==========

[2010/08/24 19:46:19 | 002,097,152 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT
[2010/08/24 19:45:25 | 000,002,423 | ---- | M] () -- C:\Users\Cindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/08/24 19:36:01 | 000,000,272 | ---- | M] () -- C:\Users\Cindy\Desktop\OTL.exe - Shortcut.lnk
[2010/08/24 19:32:52 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/24 19:27:16 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/24 19:26:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/24 12:04:57 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 12:04:57 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 08:29:09 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/24 08:29:09 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TM.blf
[2010/08/23 22:57:53 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/08/23 20:45:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/23 20:44:49 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 20:42:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/23 20:31:06 | 003,408,003 | -H-- | M] () -- C:\Users\Cindy\AppData\Local\IconCache.db
[2010/08/21 09:40:38 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2010/08/18 09:11:47 | 000,002,411 | ---- | M] () -- C:\Users\Cindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2010/08/17 19:10:59 | 000,000,945 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/17 19:10:52 | 000,000,746 | ---- | M] () -- C:\Users\Cindy\Desktop\ERUNT.lnk
[2010/08/17 17:55:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Cindy\Desktop\erunt-setup.exe
[2010/08/17 12:17:07 | 000,001,930 | ---- | M] () -- C:\Users\Cindy\Desktop\HijackThis.lnk
[2010/08/17 12:01:47 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\AVG Anti-Spyware.lnk
[2010/08/17 10:54:13 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/17 10:54:13 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/17 10:54:13 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/16 10:33:24 | 000,007,168 | ---- | M] () -- C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/16 08:59:00 | 000,525,824 | ---- | M] () -- C:\Users\Cindy\Desktop\dds.com
[2010/08/16 08:59:00 | 000,525,824 | ---- | M] () -- C:\dds.com
[2010/08/14 20:35:58 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/14 19:46:42 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 19:46:42 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TM.blf
[2010/08/14 18:13:20 | 000,000,036 | ---- | M] () -- C:\Users\Cindy\AppData\Local\housecall.guid.cache
[2010/08/12 13:36:38 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\ccsetup234.exe
[2010/08/12 13:34:49 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2010/08/12 04:15:48 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 03:45:56 | 000,445,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/12 03:40:18 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 03:40:18 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TM.blf
[2010/08/12 03:16:01 | 000,000,295 | ---- | M] () -- C:\Windows\win.ini
[2010/08/10 11:06:14 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/08 13:39:35 | 000,137,504 | ---- | M] () -- C:\Users\Cindy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/04 21:00:42 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\qullnmj.dll
[2010/08/04 08:25:28 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/08/04 08:21:26 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{fbdd9b78-9581-11df-bf45-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/04 08:21:26 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{fbdd9b78-9581-11df-bf45-00235a32a429}.TM.blf
[2010/08/02 08:41:23 | 000,000,854 | ---- | M] () -- C:\Users\Cindy\Desktop\Glary Registry Repair.lnk
[2010/08/02 08:29:08 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\Class15
[2010/08/02 08:29:08 | 000,000,005 | ---- | M] () -- C:\Windows\SysWow64\Band4
[2010/07/26 11:48:44 | 000,286,720 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun506.exe

========== Files Created - No Company Name ==========

[2010/08/24 19:36:01 | 000,000,272 | ---- | C] () -- C:\Users\Cindy\Desktop\OTL.exe - Shortcut.lnk
[2010/08/17 19:13:50 | 000,525,824 | ---- | C] () -- C:\Users\Cindy\Desktop\dds.com
[2010/08/17 19:10:59 | 000,000,945 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/17 19:10:52 | 000,000,746 | ---- | C] () -- C:\Users\Cindy\Desktop\ERUNT.lnk
[2010/08/17 15:38:10 | 4024,262,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/17 12:06:55 | 000,001,930 | ---- | C] () -- C:\Users\Cindy\Desktop\HijackThis.lnk
[2010/08/17 12:01:47 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\AVG Anti-Spyware.lnk
[2010/08/17 10:53:41 | 000,525,824 | ---- | C] () -- C:\dds.com
[2010/08/14 20:35:57 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/14 20:35:57 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 20:35:57 | 000,065,536 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TM.blf
[2010/08/14 18:13:20 | 000,000,036 | ---- | C] () -- C:\Users\Cindy\AppData\Local\housecall.guid.cache
[2010/08/12 04:15:47 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 04:15:47 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 04:15:47 | 000,065,536 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TM.blf
[2010/08/10 11:06:14 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/04 21:00:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\qullnmj.dll
[2010/08/04 08:25:28 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/08/04 08:25:27 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/08/04 08:25:27 | 000,065,536 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TM.blf
[2010/08/02 08:41:23 | 000,000,854 | ---- | C] () -- C:\Users\Cindy\Desktop\Glary Registry Repair.lnk
[2010/08/02 08:29:08 | 000,000,007 | ---- | C] () -- C:\Windows\SysWow64\Class15
[2010/08/02 08:29:08 | 000,000,005 | ---- | C] () -- C:\Windows\SysWow64\Band4
[2010/07/30 08:10:43 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/07/02 20:42:24 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/24 06:07:19 | 000,010,554 | ---- | C] () -- C:\Users\Cindy\AppData\Local\dd_vcredistUI7F0A.txt
[2010/06/24 06:07:11 | 000,433,684 | ---- | C] () -- C:\Users\Cindy\AppData\Local\dd_vcredistMSI7EF0.txt
[2010/06/24 06:07:09 | 000,011,414 | ---- | C] () -- C:\Users\Cindy\AppData\Local\dd_vcredistUI7EF0.txt
[2010/04/09 08:30:26 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/04/09 08:30:25 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/04/01 22:07:44 | 000,076,407 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\Smiley.ico
[2010/02/01 09:00:00 | 000,003,840 | ---- | C] () -- C:\Windows\SysWow64\drivers\BANTExt.sys
[2009/12/25 19:32:51 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2009/09/23 19:01:50 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 19:00:28 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 17:09:35 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2009/07/14 14:35:38 | 000,152,368 | ---- | C] () -- C:\Windows\SysWow64\WIN2PDFS.DLL
[2009/07/14 14:35:37 | 000,000,002 | ---- | C] () -- C:\Windows\1way.ini
[2009/07/10 12:52:16 | 013,727,048 | ---- | C] () -- C:\Program Files\winzip121.exe
[2009/06/09 11:35:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/13 14:28:32 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/05/13 14:27:03 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/05/13 14:22:09 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/04/27 22:28:33 | 000,003,146 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/04/24 15:43:34 | 000,007,168 | ---- | C] () -- C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/24 13:45:39 | 000,000,680 | ---- | C] () -- C:\Users\Cindy\AppData\Local\d3d9caps.dat
[2009/04/20 17:27:48 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/04/19 16:45:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/04 12:46:40 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\AppData\Local\QSwitch.txt
[2009/04/04 12:46:40 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\AppData\Local\DSwitch.txt
[2009/04/04 12:46:40 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\AppData\Local\AtStart.txt
[2009/04/04 12:46:39 | 000,020,635 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/03/05 03:07:29 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/03/05 03:07:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/03/05 03:06:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/03/05 03:05:55 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/03/05 03:03:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/01/20 01:45:49 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/01/20 01:36:56 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/01/20 01:34:18 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/01/20 01:32:19 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2000/02/24 01:03:04 | 000,061,502 | ---- | C] () -- C:\Windows\SysWow64\ODBCMON.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/15 13:24:58 | 000,007,185 | ---- | M] () -- C:\aaw7boot.log
[2010/08/17 19:17:47 | 000,025,627 | ---- | M] () -- C:\Attach.txt
[2010/08/17 11:15:36 | 000,025,379 | ---- | M] () -- C:\Attach_Cindy_PC.txt
[2010/07/11 18:17:48 | 000,208,008 | ---- | M] (Big Fish Games) -- C:\bigfishgames_p77562547_s1_l1.exe
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/08/12 13:36:38 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\ccsetup234.exe
[2010/08/16 08:59:00 | 000,525,824 | ---- | M] () -- C:\dds.com
[2010/08/17 19:17:57 | 000,034,445 | ---- | M] () -- C:\DDS.txt
[2010/08/17 11:15:10 | 000,033,279 | ---- | M] () -- C:\DDS_Cindy_PC.txt
[2010/08/23 20:44:49 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/12 13:34:49 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2006/12/02 03:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/08/23 20:44:47 | 042,881,023 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/10 10:41:38 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:35:48 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 23:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:24051EFF
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:C5E4F943
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:3B4DA230
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:AD7183FA
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:E51234A9
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:85C3B823
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:E1D6C864
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:A1D3FEF0
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:1BFE92CC
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:D667795F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:99671BE2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7B2BB690
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:BE40C8A2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:FD34FE88
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:2EF63291
< End of report >
 
Results from OTL Extras.txt File

OTL Extras logfile created on: 8/24/2010 7:46:08 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = H:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.80 Gb Total Space | 9.05 Gb Free Space | 4.12% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 227.10 Gb Free Space | 97.52% Space Free | Partition Type: NTFS
Drive E: | 13.08 Gb Total Space | 2.04 Gb Free Space | 15.57% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 967.22 Mb Total Space | 800.28 Mb Free Space | 82.74% Space Free | Partition Type: FAT
Drive I: | 931.28 Gb Total Space | 556.14 Gb Free Space | 59.72% Space Free | Partition Type: FAT32

Computer Name: CINDY-PC
Current User Name: Cindy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 27 A2 AF 91 BC 49 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C8FC14-450A-4DD9-AFB3-CFC67C6C5B0A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{272FD7E1-9A61-4DA3-8852-2A8EB34A2C3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3422AA51-8196-4ECC-8831-EECDF8F2D727}" = lport=139 | protocol=6 | dir=in | app=system |
"{34E133B7-59EF-4B8A-A6F6-98C2739F0BD3}" = rport=139 | protocol=6 | dir=out | app=system |
"{411D8B49-C4AA-4803-BEBB-E22097A3369A}" = lport=138 | protocol=17 | dir=in | app=system |
"{5C11CCF3-399F-41F2-8EE1-31A3B8B2C92B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5DE914D1-668B-43E3-99DA-FB50B853CB40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{609F0F28-A61F-4AF7-B4C6-6638E409D94B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{725F95CB-B7C6-4711-9DB3-23798333D825}" = lport=137 | protocol=17 | dir=in | app=system |
"{893E3F8B-035A-4940-A1B7-69028F439FCE}" = rport=138 | protocol=17 | dir=out | app=system |
"{9D181C53-0FD7-4545-BB02-74B02D66A79A}" = rport=137 | protocol=17 | dir=out | app=system |
"{D5970321-A0F4-488F-9385-4CF9962BEC00}" = rport=445 | protocol=6 | dir=out | app=system |
"{DC415AEA-29E9-4276-BCF7-AA3DC5AA1E36}" = lport=445 | protocol=6 | dir=in | app=system |
"{F2A80D1F-47A2-4A27-863C-6B9B50E46EEE}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0825925C-0920-47F7-9311-A84659458763}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{15160731-787A-496D-A33B-7BCC85C0F4C3}" = protocol=6 | dir=out | app=system |
"{1D5A5AFF-604B-41BC-ABB0-5B7FC9BD0B5D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{21018EE4-3FAC-40C5-A5C2-35D3A3BBD745}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
"{217BAAC0-3E13-4839-823D-675EAE567F45}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{23E8FC8C-3A8B-44DB-9ED6-A4E4663ED82B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{27E51CC7-31E8-4103-8588-C4AC95710870}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{281FD4DA-89A8-4DE4-952C-F9650FBF7FC7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2D4CF3A1-97C7-4830-B216-A12BB3A9814E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{472307A7-3408-444C-A983-F89D6F2CFA3C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{4B49EC41-6E22-4889-B3EA-C5D89607F60E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{521128D9-042C-43AF-837D-58782553B5D1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{5F7825C6-235F-4671-B064-F372CC33A0ED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5F91A188-8384-407A-89D0-7CAFC3C0A560}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{64A5F1DD-201E-40F8-8AC1-D4D7C2A2B0C3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7503C1E4-730C-462D-9127-F9CC253948E6}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
"{7C3E9E70-F6DA-48B2-8B4E-4D3275A7E6FA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{7C9EF56D-AF2E-438A-A312-283AC6F908D5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{83647325-C22B-4190-B815-35A06A96D940}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{933E2F1A-8CC5-447F-BFD9-F64566DE6046}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9AA72662-B1B7-4FFA-A808-7B15D1978541}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
"{A404CF99-D4F4-4019-B700-EF9A4E6E52E8}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
"{ACAFE62E-6708-4F46-BBF8-8CA1EFAA9E83}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{BEFC3B87-EBFE-467B-A08D-814156493D76}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BF532C29-80C5-4796-9AA1-8DECB434A1DB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{BFBFE4EA-DAAF-44EB-B762-C2F166198D57}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{CC953F42-3359-4D58-8390-C173BD801189}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{D2B97BAE-D156-48AB-8DC0-4592967EF893}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{E083387E-D006-4271-82F8-D5CBC3E9009E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{E3FF101D-1262-43B3-A7D7-B0E9C9C5DBB3}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F1F499F6-D63E-4714-A9BE-1921AF08CC6D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{FD129EDA-B95C-4D6A-8FE0-2846CC8A39A6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"TCP Query User{4BAA50F9-338F-4F25-A674-4B483360701A}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{6FD7CB83-F94A-4A64-9383-454413AD9E3A}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64
"{239A8D60-270B-42e8-82D3-60D70A2942E0}" = Canon MF4100 Series
"{2B8AD1EE-28D4-42FF-AE4B-856E5862D583}" = ccCommon64
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
"{A416E9AE-DCA7-4B55-AA17-40FA9EDDD54F}" = SymNet x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B87BB2A8-5921-9B18-BBB5-D9A42F9CD3E1}" = ccc-utility64
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{BD927EB7-78D3-4DC4-9325-7CBD89D8F0E5}" = GearDrvs
"{C6CFAF5A-12F9-485E-EAD7-7FA1D3E5B943}" = ATI Catalyst Install Manager
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D75B1A1F-BBEC-4DF2-ACE4-9B166438A621}" = Symantec Real Time Storage Protection Component (x64)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Win2PDF_is1" = Win2PDF 3.40.1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002471C5-6F62-D6CD-D6E5-A0F20F079B8B}" = Catalyst Control Center Localization Polish
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03819281-0870-65EE-24B0-A7DEDE9F796A}" = Catalyst Control Center Localization Chinese Traditional
"{04F66470-CEA7-BF9A-1885-8E1A3474825A}" = CCC Help Danish
"{08062F2F-926A-D7EC-57E9-AB97AA0D7FDA}" = CCC Help Finnish
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{0BF16321-63EC-8ABE-8720-60A63BFF4A17}" = Zinio Reader 4
"{0CAB8CDF-232E-F28F-A017-B388F41FACCB}" = CCC Help Portuguese
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{150FE68F-EE0C-4867-150A-D74FECBB8448}" = Catalyst Control Center Graphics Light
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{2680244D-0FBA-4856-EBE3-9D67E61EB46F}" = Catalyst Control Center Localization Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2BDFE775-48C0-3E1C-895C-DACC33CC52F0}" = Catalyst Control Center Localization Greek
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DAD2930-DFC1-AD0F-E63D-B3E95451CD68}" = CCC Help Greek
"{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}" = Microsoft Project 2000
"{2F59397E-50B1-3CA6-2F8C-03773D40BE3B}" = Catalyst Control Center Graphics Full New
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{35CC44E6-5916-89DC-16B6-7ADE609211CE}" = Catalyst Control Center Localization Finnish
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3A9C19FE-D61C-50DA-6FAF-7FB941B538A0}" = Catalyst Control Center Localization French
"{3BAB23A6-5272-F52D-1AF0-29419F1362B4}" = Catalyst Control Center Localization Italian
"{3BDDF462-8A95-4C50-86DA-4D41F3483EA5}" = Canon MF Toolbox 4.9.1.1.mf04
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{445F6483-40DC-61B5-849D-35274D96DBA3}" = Catalyst Control Center Localization Czech
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A239818-F5F7-7AE8-9FD3-08F435ED88D0}" = Skins
"{4C17CE6E-4838-819F-01BE-7EEE6181914A}" = Catalyst Control Center Localization Norwegian
"{4C4EA31F-AE29-2517-5E92-3EFB1FD7B896}" = CCC Help Hungarian
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe 5
"{527CF1CA-D98B-504D-833B-69DA9A8A5AD6}" = CCC Help Czech
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5B99A0A7-0B21-2CD6-474D-8D67177BD4D6}" = Catalyst Control Center Localization Dutch
"{5CFE0191-1ECE-7BD5-8AEF-069ED59A01BB}" = Catalyst Control Center Localization Korean
"{61CC67B1-6FE9-433F-93B2-32D2BCC76990}" = TurboCAD Professional 16
"{6244BAF3-F26D-A695-1EF6-D9A3C0A6DAA1}" = Catalyst Control Center Graphics Previews Common
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{6570A194-A52D-9F23-EA48-90D7C6F20BE9}" = Catalyst Control Center Localization Swedish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{666F0B45-78DA-FAA3-AB14-43CAEEA3D475}" = Catalyst Control Center Localization Russian
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66B6555E-07BF-3FCB-191F-BCD75650F1F2}" = CCC Help Italian
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67F6A6BA-E225-4BF5-8E7C-BB4AE25EDCBC}" = Catalyst Control Center InstallProxy
"{69E1907C-E9EA-7A5A-79ED-47FF2B5BFDFB}" = Catalyst Control Center Localization Danish
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{75D0438A-55FB-DD38-0745-5D370179CAC7}" = CCC Help French
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793C0C7E-7977-C9B5-B427-FDF95F2D1636}" = Catalyst Control Center Localization Hungarian
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{7CA1269D-86E6-91A8-DD66-9CF6838821BF}" = Catalyst Control Center Localization Portuguese
"{812C53D9-39EC-0511-04E4-5430A4747FB5}" = CCC Help German
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{93656878-FF8B-4935-99BB-F3F260037C57}" = Lara Croft Tomb Raider: The Angel Of Darkness
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A1940302-F0F9-132F-C521-A5D0E24FAC1D}" = CCC Help Thai
"{A2315CF8-E14F-FA46-B1F1-20E0E5483ADB}" = Catalyst Control Center Localization Thai
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A8411EDB-6A00-8D1A-584B-7A932F44A0C9}" = CCC Help Japanese
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5CD4CF-3802-623E-AD97-D188785EF411}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B9275904-9237-94A3-2144-E3D6A62B57E9}" = CCC Help Turkish
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C48EB957-0CCB-D590-AB3F-B3F8A14ECC2F}" = Catalyst Control Center Graphics Full Existing
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CBA7FD59-19A7-5724-5646-CF307326CC18}" = Catalyst Control Center Core Implementation
"{CC7A4274-E6F2-2351-DA6A-07AB73896609}" = CCC Help Norwegian
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CD7D2C01-F3C8-4127-325D-49853FCCDB62}" = Catalyst Control Center Localization German
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1E7EA15-5F96-728C-AF32-E1CFF8F9CE44}" = CCC Help Swedish
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D47419B2-62BD-6B53-A96F-7E2F6F3D50C0}" = Catalyst Control Center Localization Turkish
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D62C79B5-44E0-DEC0-AF01-6A1404E093E9}" = CCC Help Spanish
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E12F2B78-CF64-2438-391F-3D3411A6E193}" = CCC Help English
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E5C3A144-0F9B-8F3E-F1A3-2BB7B26014A6}" = ccc-core-static
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E7B100D8-98A5-42AA-830F-16D6BD5351F1}" = My.Freeze.com NetAssistant
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8B11A27-5CA6-748E-0F68-159CCF789DF3}" = CCC Help Dutch
"{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED65A382-3F80-D5A8-CCE0-DAB59D85CA91}" = CCC Help Russian
"{EDBB71B2-3C17-4EA5-ED91-E2EA5C2305CF}" = CCC Help Korean
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F250EA7A-F117-2CCE-03E7-BB62C2BF476C}" = Catalyst Control Center Graphics Previews Vista
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F38CC586-4703-CE3C-F466-D7821E87926A}" = Catalyst Control Center Localization Chinese Standard
"{F62F62BD-E5C5-56E3-6CF6-00407B743E32}" = CCC Help Chinese Traditional
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FAF7448B-7AB8-8C58-745E-1551CB481C3D}" = CCC Help Chinese Standard
"{FDE3DBB7-AA79-AA91-ABE9-3696883FAB20}" = Catalyst Control Center Localization Japanese
"{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.1
"ASIO4ALL" = ASIO4ALL
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"Belarc Advisor 2.0" = Belarc Advisor 7.0
"BFG-Atlantis" = Atlantis (remove only)
"BFG-Atlantis Sky Patrol" = Atlantis Sky Patrol™
"BFGC" = Big Fish Games: Game Manager
"BFG-Hidden Expedition - Amazon" = Hidden Expedition: Amazon ™
"BFG-Hidden Expedition - Devils Triangle" = Hidden Expedition ® - Devil's Triangle
"BFG-Hidden Expedition - Devil's Triangle Strategy Guide" = Hidden Expedition ® : Devil's Triangle Strategy Guide
"BFG-Hidden Expedition - Titanic" = Hidden Expedition: Titanic ™
"BFG-Hidden Wonders of the Depths 2" = Hidden Wonders of the Depths 2
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files ®: Dire Grove ™
"BFG-Mystery Case Files - Return to Ravenhearst" = Mystery Case Files: Return to Ravenhearst ™
"BFG-PuppetShow - Souls of the Innocent" = PuppetShow: Souls of the Innocent
"BFG-Zuma Deluxe" = Zuma Deluxe
"BitTorrent" = BitTorrent
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Das Unit Converter_is1" = Das Unit Converter 5.01
"DVD Shrink_is1" = DVD Shrink 3.2
"EA Download Manager" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow
"File Recover_is1" = File Recover 7.5
"FL Studio 9" = FL Studio 9
"Glary Registry Repair_is1" = Glary Registry Repair 3.3.0.852
"Google Chrome" = Google Chrome
"Hidden Expedition Titanic" = Hidden Expedition Titanic (remove only)
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
"IL Download Manager" = IL Download Manager
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{93656878-FF8B-4935-99BB-F3F260037C57}" = Lara Croft Tomb Raider: The Angel Of Darkness
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"iWinArcade" = iWin Games (remove only)
"Jewel Quest: Heritage" = Jewel Quest: Heritage (remove only)
"jZip" = jZip
"LP Recorder" = LP Recorder
"LP Ripper" = LP Ripper
"Luxor" = Luxor (remove only)
"Luxor AR" = Luxor Amun Rising (remove only)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MailNavigator v.1.11" = MailNavigator v.1.11
"MDI2PDF Converter_is1" = MDI2PDF 2.6
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"mp3-2-wav" = mp3-2-wav converter 1.14
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"N360" = Norton 360
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Picasa 3" = Picasa 3
"PoiZone" = PoiZone
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Sawer" = Sawer
"ShockwaveFlash" = Macromedia Flash Player 8
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VLC media player 0.9.9
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"Wave Corrector DeClick_is1" = Wave Corrector DeClick version 1.1
"WildTangent hp Master Uninstall" = My HP Games
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zuma's Revenge!" = Zuma's Revenge!

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Vacation Countdown v1" = Vacation_Countdown

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/23/2010 8:47:54 PM | Computer Name = Cindy-PC | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031
Description =

Error - 8/23/2010 8:49:55 PM | Computer Name = Cindy-PC | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031
Description =

Error - 8/23/2010 10:57:58 PM | Computer Name = Cindy-PC | Source = Google Update | ID = 20
Description =

Error - 8/24/2010 8:05:23 AM | Computer Name = Cindy-PC | Source = Google Update | ID = 20
Description =

Error - 8/24/2010 8:13:05 AM | Computer Name = Cindy-PC | Source = Google Update | ID = 20
Description =

Error - 8/24/2010 9:13:05 AM | Computer Name = Cindy-PC | Source = Google Update | ID = 20
Description =

Error - 8/24/2010 10:13:05 AM | Computer Name = Cindy-PC | Source = Google Update | ID = 20
Description =

Error - 8/24/2010 11:52:00 AM | Computer Name = Cindy-PC | Source = Google Update | ID = 20
Description =

Error - 8/24/2010 7:27:16 PM | Computer Name = Cindy-PC | Source = Google Update | ID = 20
Description =

Error - 8/24/2010 7:45:15 PM | Computer Name = Cindy-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.10.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 15f8 Start Time: 01cb43e5689cc760 Termination Time: 0

[ System Events ]
Error - 8/23/2010 8:46:33 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/23/2010 8:46:35 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 8/23/2010 8:47:54 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 8/23/2010 8:48:43 PM | Computer Name = Cindy-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0028)
disappeared from the system without first being prepared for removal.

Error - 8/23/2010 8:48:43 PM | Computer Name = Cindy-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0228)
disappeared from the system without first being prepared for removal.

Error - 8/23/2010 8:48:43 PM | Computer Name = Cindy-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0328)
disappeared from the system without first being prepared for removal.

Error - 8/23/2010 8:48:43 PM | Computer Name = Cindy-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0428)
disappeared from the system without first being prepared for removal.

Error - 8/23/2010 8:49:55 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 8/24/2010 7:35:41 PM | Computer Name = Cindy-PC | Source = DCOM | ID = 10005
Description =

Error - 8/24/2010 7:35:41 PM | Computer Name = Cindy-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >

Thank you,
Joe
 
Hi Joe,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent


I'd like you to read this thread.

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).


After that:

1. Click on Start button.
2. Type Cmd in the Start Search text box.
3. Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator. Allow elevation request.
4. Type netsh winsock reset in the Command Prompt shell, and then press the Enter key.
5. Restart the computer.


Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • Please post contents of that file + fresh OTL.txt contents in your next reply.
 
Malwarebytes Update

Blade81,

How do I go about installing the update from version 4052 to 4475 on my flash drive? I use the browser on a desktop and then transfer the files to my laptop via a flash drive. It states that updates were installed but then when I check on the laptop, it shows the older 4052 version.

Joe
 
Winsock Reset

I removed BitTorrent via Control Panel Add/Remove/Uninstall Program a second time.

Rebooted.

cmd.exe => entered "netsh winsock reset" and got response "The system cannot find the file specified."

What now?
 
Hi,

Does this command work: Netsh int ip reset resetlog.txt?
 
Winsock Reset

RESULTS:

"Resetting Echo Request, failed.
Access is denied.

Resetting Interface, OK.
A reboot is required to complete this action."

Rebooted.

Ran Malwarebytes Anti-Malware without the updated database. No infections or malicious items detected.
 
Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the quote box into a new file:

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
ping -n 2 google.com
route print
)
start Log1.txt
del %0
Click to expand...

  • Go to the File menu at the top of the Notepad and select Save as.
  • Select save in: desktop
  • Fill in File name: test.bat
  • Save as type: All file types (*.*)
  • Click save.
  • Close the Notepad.
  • Locate and double-click test.bat on the desktop.
  • A notepad opens, copy and paste the content it (log1.txt) to your reply.
 
Here's The Log1.txt

Windows IP Configuration

Host Name . . . . . . . . . . . . : Cindy-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5009 802.11a/g/n WiFi Adapter
Physical Address. . . . . . . . . : 00-23-4E-78-ED-47
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4cd9:d1fd:1f40:3abe%11(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.58.190(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 234890062
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-41-1F-FF-00-23-4E-78-ED-47
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-23-5A-32-A4-29
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{50BFC0D6-FC53-4C29-9D7C-56042F8FE96D}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{99ED3094-1223-478A-AD43-14EF7753D436}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.

===========================================================================
Interface List
11 ...00 23 4e 78 ed 47 ...... Atheros AR5009 802.11a/g/n WiFi Adapter
10 ...00 23 5a 32 a4 29 ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
21 ...00 00 00 00 00 00 00 e0 isatap.{50BFC0D6-FC53-4C29-9D7C-56042F8FE96D}
12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
22 ...00 00 00 00 00 00 00 e0 isatap.{99ED3094-1223-478A-AD43-14EF7753D436}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.58.190 281
169.254.58.190 255.255.255.255 On-link 169.254.58.190 281
169.254.255.255 255.255.255.255 On-link 169.254.58.190 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.58.190 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.58.190 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::4cd9:d1fd:1f40:3abe/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
 
Hi,

You seem to have WLAN adapter in use. Have you tried to connect with wired ethernet connection instead?
 
Hi,

Let's try to get your wired connection working first since it usually has less adjustments to make than wireless connection has.

Open Internet explorer and do the following steps there:
1. Click tools->internet options
2. click on connections and then LAN settings. Make sure there are no proxy settings ticked at all.

When verified click start->type ncpa.cpl and hit enter to open network connections
Let's disable wireless adapter first: right click Wireless Network Connection and select disable.

When done, right click Local Area Connection and select properties.

Double click Internet Protocol Version 6 and verify that both have option to obtain address automatically selected and click ok. Repeat with Internet Protocol Version 4.

When both have correct options click Ok on Local Area Connection properties window.

See if you're able to access internet after that.


If not repeat steps in post #11. Make sure to right click test.bat file and select run as administrator option.
 
In IE\Tools\Internet Options\Connections\LAN Settings: Proxies NOT ticked and automatically detect settings checked.

Have already run every Windows Networking diagnostic I could find on my laptop and online via the Windows Help Desk.

Ran "ncpa.cpl". Turned off wireless on laptop. Plugged in hard wired cable.

All IPV4 and IPV6 set to automatic.

No connection to Internet.

Here is the Log1a.txt.

----------------------------
Windows IP Configuration

Host Name . . . . . . . . . . . . : Cindy-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-23-5A-32-A4-29
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{50BFC0D6-FC53-4C29-9D7C-56042F8FE96D}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

===========================================================================
Interface List
10 ...00 23 5a 32 a4 29 ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
21 ...00 00 00 00 00 00 00 e0 isatap.{50BFC0D6-FC53-4C29-9D7C-56042F8FE96D}
12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
 
Hi,


Let's try earlier command again.

Click Start->All Programs->Accessories, right-click Command Prompt, and then click Run as administrator.

In command prompt type: netsh winsock reset

Reboot if successful.

If not successful, go to device manager and look for Realtek RTL8102E Family PCI-E Fast Ethernet NIC. Right click it and choose uninstall. Then reboot. Windows should detect new device automatically. Follow steps given to reinstall the NIC.
 
Hi,

Did it give you same error as earlier when you ran that netsh winsock reset command?

Does the system have any other user accounts? Please try to log in with a different account (create a new one if current one is the only existing account) and see if connection problem happens on that.
 
Good afternoon.

Good news. There was no error with cmd => netsh winsock reset.

Results: "Successfully reset the Winsock catalog. You must restart the computer in order to complete the reset."

Tried to initiate an Internet connection with both user accounts (one is administrator account) with all four browsers. Same result: No server found.

A window also popped up this morning.

"IDT PC Audio stopped working and was closed. problem caused the application to stop working correctly. Windows will notify you when a solution is available."

There is no sound from my PC speakers or output jack even after reboot.

I have been doing a lot of investigation between our messages. Some of my findings from yesterday are attached in the Word doc titled Findings Aug 27.
 
You must log in or register to reply here.
Back
Top