Cannot Connect to Internet

Hi,

I have been doing a lot of investigation between our messages. Some of my findings from yesterday are attached in the Word doc titled Findings Aug 27.
I didn't see any files attached in your previous post.

Anyway, please run dds again and post back dds.txt report. Also, please do this:
Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log in your reply.
 
Hi,

I know what happened. The file didn't go through because it was an invalid format. It's not very big. I saved as text file in Notepad and it's attached.

I'll post the results of the MBRCheck as soon as I get it loaded and completed.

Joe
 
Results

Hi,

Included below are the DDS and MBRCheck logs. Also attached is the DDS file "Attach_Aug 28.txt".

Thanks,
Joe

=======================================================

DDS (Ver_10-03-17.01) - NTFSX64
Run by Cindy at 8:11:02.30 on Sat 08/28/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1883 [GMT -4:00]

SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Cindy\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~2\common~1\symant~1\ids\IPSBHO.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files (x86)\iwin games\iWinGamesHookIE.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: ~NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files (x86)\freeze.com\my.freeze.com netassistant\NetAssistant.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [UCam_Menu] "c:\program files (x86)\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
mRun: [UpdateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files (x86)\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UpdateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files (x86)\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files (x86)\norton 360\osCheck.exe"
mRun: [SSBkgdUpdate] "c:\program files (x86)\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files (x86)\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [TSMAgent] "c:\program files (x86)\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [DVDAgent] "c:\program files (x86)\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: c:\users\cindy\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program files (x86)\hewlett-packard\digital imaging\bin\hpotdd01.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Zuma/Images/stg_drm.ocx
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Zuma/Images/armhelper.ocx
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files (x86)\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB-X64: {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [WrtMon.exe] c:\windows\system32\spool\drivers\x64\3\WrtMon.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\cindy\appdata\roaming\mozilla\firefox\profiles\1xsqmwgx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\cindy\appdata\roaming\mozilla\firefox\profiles\1xsqmwgx.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
FF - component: c:\users\cindy\appdata\roaming\mozilla\firefox\profiles\1xsqmwgx.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPcol308.dll
FF - plugin: c:\program files (x86)\picasa2\npPicasa3.dll
FF - plugin: c:\programdata\realarcade\npraclient.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {A92ADD4B-1A47-402A-8BE6-2447A0923EE0} - c:\windows\system32\config\systemprofile\appdata\local\{A92ADD4B-1A47-402A-8BE6-2447A0923EE0}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 IDSvia64;Symantec Intrusion Prevention Driver;c:\progra~3\symantec\defini~1\symcdata\ipsdefs\20100810.001\IDSvia64.sys [2010-8-13 386096]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/08/01 08:51:26];c:\program files (x86)\hewlett-packard\media\dvd\000.fcl [2009-8-1 146928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_bd5387da\AESTSr64.exe [2009-3-5 89088]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 23040]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files (x86)\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\sminst\BLService.exe [2009-1-20 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2008-11-26 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2008-11-26 116096]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 60928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-1 132656]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 47664]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-4-4 26168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-15 135664]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iwin games\iwintrusted.exe --> c:\program files (x86)\iwin games\iWinTrusted.exe [?]
S2 StarWindServiceAE;StarWind AE Service;c:\program files (x86)\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S2 TCPIP Pass-through Filter;TCPIP Pass-through Filter;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 27648]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-4-5 25424]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-1-20 222512]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-21 145496]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files (x86)\common files\surething shared\stllssvr.exe [2010-4-2 74392]
S3 Symantec Core LC;Symantec Core LC;c:\progra~2\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-4-4 1245064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-23 89920]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-08-25 14:47:56 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-17 16:01:23 0 d-----w- c:\programdata\Grisoft
2010-08-17 14:53:41 525824 ----a-w- C:\dds.com
2010-08-15 00:35:57 65536 --sha-w- c:\users\cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TM.blf
2010-08-15 00:35:57 524288 --sha-w- c:\users\cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
2010-08-15 00:35:57 524288 --sha-w- c:\users\cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
2010-08-12 19:25:47 0 d-----w- c:\users\cindy\appdata\roaming\SurfSecret Privacy Suite
2010-08-12 19:23:48 0 d-----w- c:\programdata\Panda Security
2010-08-12 18:49:08 812344 ----a-w- C:\HJTInstall.exe
2010-08-12 18:49:08 3420304 ----a-w- C:\ccsetup234.exe
2010-08-12 18:14:33 0 d-----w- c:\program files (x86)\Trend Micro
2010-08-12 08:15:47 65536 --sha-w- c:\users\cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TM.blf
2010-08-12 08:15:47 524288 --sha-w- c:\users\cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
2010-08-12 08:15:47 524288 --sha-w- c:\users\cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
2010-08-12 03:48:58 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 03:48:58 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 03:48:55 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 03:48:49 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-12 03:48:22 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 03:48:22 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-12 03:48:16 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 03:47:49 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 03:47:48 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-12 03:45:28 274944 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-12 03:45:27 343040 ----a-w- c:\windows\system32\schannel.dll
2010-08-05 01:00:42 8192 ----a-w- c:\windows\syswow64\qullnmj.dll
2010-08-04 12:25:28 524288 --sha-w- c:\users\cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
2010-08-04 12:25:27 65536 --sha-w- c:\users\cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TM.blf
2010-08-04 12:25:27 524288 --sha-w- c:\users\cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
2010-08-03 12:58:28 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-03 12:41:46 0 d-----w- c:\programdata\WindowsSearch
2010-08-02 12:41:21 0 d-----w- c:\users\cindy\appdata\roaming\GlarySoft
2010-08-02 12:29:08 7 ----a-w- c:\windows\syswow64\Class15
2010-08-02 12:29:08 5 ----a-w- c:\windows\syswow64\Band4
2010-07-31 01:01:55 0 d-----w- c:\programdata\Update

==================== Find3M ====================

2010-07-26 15:48:44 286720 ----a-w- c:\windows\iun506.exe
2010-07-17 13:38:19 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-17 13:38:19 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-17 13:38:18 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-11 22:17:48 208008 ----a-w- C:\bigfishgames_p77562547_s1_l1.exe
2010-06-30 13:11:04 1704 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-06-29 15:00:23 871408 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-11-03 12:45:30 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-10 16:38:52 13727048 ----a-w- c:\program files\winzip121.exe
2009-07-03 20:42:16 69641000 ----a-w- c:\program files\iTunes64Setup.exe
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-20 05:18:23 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 8:13:00.55 ===============



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv7 Notebook PC
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 214):
0x0225B000 \SystemRoot\system32\ntoskrnl.exe
0x02215000 \SystemRoot\system32\hal.dll
0x00604000 \SystemRoot\system32\kdcom.dll
0x0060E000 \SystemRoot\system32\PSHED.dll
0x00622000 \SystemRoot\system32\CLFS.SYS
0x0067F000 \SystemRoot\system32\CI.dll
0x00809000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00A0F000 \SystemRoot\System32\Drivers\spas.sys
0x00B43000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00B4C000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00B7A000 \SystemRoot\system32\drivers\acpi.sys
0x00BD0000 \SystemRoot\system32\drivers\msisadrv.sys
0x008F1000 \SystemRoot\system32\drivers\pci.sys
0x00BDA000 \SystemRoot\system32\drivers\isapnp.sys
0x00921000 \SystemRoot\system32\drivers\mpio.sys
0x00BE3000 \SystemRoot\System32\drivers\partmgr.sys
0x00BF8000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00A00000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00943000 \SystemRoot\system32\drivers\volmgr.sys
0x00957000 \SystemRoot\System32\drivers\volmgrx.sys
0x009BD000 \SystemRoot\system32\drivers\intelide.sys
0x009C5000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009D5000 \SystemRoot\system32\drivers\pciide.sys
0x009DC000 \SystemRoot\system32\drivers\aliide.sys
0x009E3000 \SystemRoot\system32\drivers\amdide.sys
0x009EA000 \SystemRoot\system32\drivers\cmdide.sys
0x00731000 \SystemRoot\System32\drivers\mountmgr.sys
0x00744000 \SystemRoot\system32\drivers\msdsm.sys
0x00762000 \SystemRoot\system32\drivers\nvraid.sys
0x00785000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x009F2000 \SystemRoot\system32\drivers\viaide.sys
0x00C01000 \SystemRoot\system32\drivers\iastorv.sys
0x00CC8000 \SystemRoot\system32\drivers\atapi.sys
0x00CD0000 \SystemRoot\system32\drivers\ataport.SYS
0x00CF4000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x00D12000 \SystemRoot\system32\drivers\storport.sys
0x00D6F000 \SystemRoot\system32\drivers\msahci.sys
0x00D79000 \SystemRoot\system32\drivers\hpcisss.sys
0x00D87000 \SystemRoot\system32\drivers\adp94xx.sys
0x00E0B000 \SystemRoot\system32\drivers\adpahci.sys
0x00E61000 \SystemRoot\system32\drivers\adpu160m.sys
0x00E82000 \SystemRoot\system32\drivers\adpu320.sys
0x00EB1000 \SystemRoot\system32\drivers\djsvs.sys
0x00EC9000 \SystemRoot\system32\drivers\arc.sys
0x00EE2000 \SystemRoot\system32\drivers\arcsas.sys
0x00EFB000 \SystemRoot\system32\drivers\elxstor.sys
0x00F9E000 \SystemRoot\system32\drivers\i2omp.sys
0x00FA9000 \SystemRoot\system32\drivers\iirsp.sys
0x00FBA000 \SystemRoot\system32\drivers\iteatapi.sys
0x00FC7000 \SystemRoot\system32\drivers\iteraid.sys
0x00FD4000 \SystemRoot\system32\drivers\lsi_fc.sys
0x007B1000 \SystemRoot\system32\drivers\lsi_sas.sys
0x00FF2000 \SystemRoot\system32\drivers\megasas.sys
0x01005000 \SystemRoot\system32\drivers\megasr.sys
0x010CC000 \SystemRoot\system32\drivers\mraid35x.sys
0x010D9000 \SystemRoot\system32\drivers\nfrd960.sys
0x010E9000 \SystemRoot\system32\drivers\nvstor.sys
0x01200000 \SystemRoot\system32\drivers\ql2300.sys
0x01352000 \SystemRoot\system32\drivers\ql40xx.sys
0x013B0000 \SystemRoot\system32\drivers\sisraid2.sys
0x013BE000 \SystemRoot\system32\drivers\sisraid4.sys
0x013D4000 \SystemRoot\system32\drivers\symc8xx.sys
0x013E2000 \SystemRoot\system32\drivers\sym_hi.sys
0x013EF000 \SystemRoot\system32\drivers\sym_u3.sys
0x010F9000 \SystemRoot\system32\drivers\uliahci.sys
0x01142000 \SystemRoot\system32\drivers\ulsata.sys
0x01171000 \SystemRoot\system32\drivers\ulsata2.sys
0x011B3000 \SystemRoot\system32\drivers\vsmraid.sys
0x01405000 \SystemRoot\system32\drivers\fltmgr.sys
0x0144C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01460000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0160A000 \SystemRoot\system32\drivers\ndis.sys
0x014E7000 \SystemRoot\system32\drivers\msrpc.sys
0x01537000 \SystemRoot\system32\drivers\NETIO.SYS
0x0180A000 \SystemRoot\System32\drivers\tcpip.sys
0x01980000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A00000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01B80000 \SystemRoot\system32\drivers\wd.sys
0x01B88000 \SystemRoot\system32\drivers\volsnap.sys
0x01BCC000 \SystemRoot\System32\Drivers\spldr.sys
0x01BD4000 \SystemRoot\system32\drivers\sbp2port.sys
0x01BED000 \SystemRoot\System32\Drivers\mup.sys
0x019AC000 \SystemRoot\System32\drivers\ecache.sys
0x019D8000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x019E2000 \SystemRoot\system32\drivers\disk.sys
0x019F6000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x01800000 \SystemRoot\system32\drivers\crcdisk.sys
0x017F1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01600000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x01590000 \SystemRoot\system32\DRIVERS\processr.sys
0x12A00000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x130B3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x13196000 \SystemRoot\System32\drivers\watchdog.sys
0x13206000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x1340E000 \SystemRoot\system32\DRIVERS\athrx.sys
0x13531000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x1355C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x13578000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x13585000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x13590000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x135D6000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x135E0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x135E2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x1331A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x135F3000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x13400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x13330000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x13385000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x13391000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x13396000 \SystemRoot\System32\Drivers\a64e01d4.SYS
0x133D8000 \SystemRoot\system32\DRIVERS\enecir.sys
0x133F4000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x131A6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x131AF000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x131E8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x015A3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x015C6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x007CD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x015D2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x015E2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x011DA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x1360C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x1361F000 \SystemRoot\system32\DRIVERS\swenum.sys
0x13621000 \SystemRoot\system32\DRIVERS\ks.sys
0x13655000 \SystemRoot\system32\DRIVERS\circlass.sys
0x13666000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x13671000 \SystemRoot\system32\DRIVERS\umbus.sys
0x13681000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x136C9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x136DD000 \SystemRoot\system32\drivers\HdAudio.sys
0x13726000 \SystemRoot\system32\drivers\portcls.sys
0x13761000 \SystemRoot\system32\drivers\drmk.sys
0x13784000 \SystemRoot\system32\drivers\ksthunk.sys
0x14803000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x1487A000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x149B6000 \SystemRoot\system32\drivers\modem.sys
0x149C5000 \SystemRoot\system32\DRIVERS\hidir.sys
0x149D0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x149E2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x149EA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x149F5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x1378A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x13794000 \SystemRoot\System32\Drivers\Null.SYS
0x1379D000 \SystemRoot\System32\drivers\vga.sys
0x137AB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x137D0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x137D9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x137F5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x13600000 \SystemRoot\system32\drivers\rdpencdd.sys
0x131F5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x14A03000 \SystemRoot\System32\Drivers\Npfs.SYS
0x14A14000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x14A1D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x14A47000 \SystemRoot\system32\DRIVERS\tdx.sys
0x14A64000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x14AAD000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x14AE3000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x14AEE000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0x14AF7000 \SystemRoot\System32\Drivers\SYMNDISV.SYS
0x14B05000 \SystemRoot\System32\Drivers\SYMFW.SYS
0x14B2D000 \SystemRoot\system32\DRIVERS\smb.sys
0x14B48000 \SystemRoot\system32\drivers\afd.sys
0x14BB3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x14C03000 \SystemRoot\system32\DRIVERS\pacer.sys
0x14C21000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x14C2B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x14C3A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x14C55000 \SystemRoot\System32\Drivers\SRTSPX64.SYS
0x14C69000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x14CB6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x14CC2000 \??\C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20100810.001\IDSvia64.sys
0x14D25000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x14D9B000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x14DC0000 \SystemRoot\System32\Drivers\dfsc.sys
0x14DDD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x14DEB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x017CD000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x017D7000 \SystemRoot\System32\drivers\Dxapi.sys
0x15808000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x1581B000 \SystemRoot\system32\drivers\luafv.sys
0x1583D000 \SystemRoot\system32\drivers\spsys.sys
0x158D7000 \SystemRoot\system32\DRIVERS\RMCAST.sys
0x1590F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x15923000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x15957000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x15962000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x16A05000 \SystemRoot\system32\drivers\HTTP.sys
0x16AA8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x16AD1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x16AEF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x16B09000 \SystemRoot\system32\drivers\mrxdav.sys
0x16B30000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x16B59000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x16BA2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x16BC1000 \SystemRoot\System32\DRIVERS\srv2.sys
0x17408000 \SystemRoot\System32\DRIVERS\srv.sys
0x1749D000 \SystemRoot\system32\drivers\peauth.sys
0x17553000 \SystemRoot\System32\Drivers\secdrv.SYS
0x1755E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x1756E000 \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
0x1759B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x1597A000 \SystemRoot\System32\Drivers\SRTSP64.SYS
0x15A0F000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20100814.002\EX64.SYS
0x15BC9000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20100814.002\ENG64.SYS
0x15BE9000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x13C0E000 \SystemRoot\System32\Drivers\fastfat.SYS
0x13CC7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x13CDF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x13CFF000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x771B0000 \Windows\System32\ntdll.dll

Processes (total 86):
0 System Idle Process
4 System
452 C:\Windows\System32\smss.exe
584 csrss.exe
648 C:\Windows\System32\wininit.exe
660 csrss.exe
696 C:\Windows\System32\services.exe
712 C:\Windows\System32\lsass.exe
720 C:\Windows\System32\lsm.exe
796 C:\Windows\System32\winlogon.exe
900 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
288 C:\Windows\System32\Ati2evxx.exe
344 C:\Windows\System32\svchost.exe
388 C:\Windows\System32\svchost.exe
552 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\audiodg.exe
1260 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\SLsvc.exe
1320 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\Ati2evxx.exe
1444 C:\Windows\System32\hpservice.exe
1520 C:\Windows\System32\svchost.exe
1660 C:\Windows\System32\wlanext.exe
1824 C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
1960 C:\Windows\System32\svchost.exe
2184 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
2208 C:\Windows\System32\agr64svc.exe
2272 C:\Windows\System32\svchost.exe
2344 C:\Windows\SysWOW64\svchost.exe
2468 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2512 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
2548 C:\Windows\System32\svchost.exe
2604 C:\Windows\System32\svchost.exe
2652 C:\Program Files (x86)\SMINST\BLService.exe
2684 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2768 C:\Windows\System32\svchost.exe
2812 C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
2832 C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
2856 C:\Windows\System32\svchost.exe
2884 C:\Windows\System32\SearchIndexer.exe
2152 C:\Windows\System32\taskeng.exe
2060 C:\Windows\System32\dwm.exe
1240 C:\Windows\System32\taskeng.exe
3096 C:\Windows\explorer.exe
3408 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3416 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
3428 C:\Program Files\Windows Defender\MSASCui.exe
3444 C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
3452 C:\Program Files\IDT\WDM\sttray64.exe
3460 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
3476 C:\Windows\ehome\ehtray.exe
3496 C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
3528 C:\Windows\ehome\ehmsas.exe
3552 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3588 C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
3680 C:\Program Files (x86)\Java\jre6\bin\jusched.exe
3688 C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
3696 C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
3708 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3740 C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
3764 C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
3776 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
3792 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
3812 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
3872 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3264 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2936 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3960 C:\Program Files (x86)\iPod\bin\iPodService.exe
2460 C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
4108 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
4616 C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
4632 C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
4760 WmiPrvSE.exe
4540 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4736 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
4408 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5028 C:\Windows\System32\wbem\unsecapp.exe
3620 C:\Windows\System32\svchost.exe
576 WUDFHost.exe
1044 WmiPrvSE.exe
3976 <unknown>
4712 C:\Windows\System32\SearchProtocolHost.exe
5024 C:\Windows\System32\SearchFilterHost.exe
3852 H:\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000036`f3100000 (NTFS)

PhysicalDrive0 Model Number: ST9250320AS, Rev: HP07
PhysicalDrive1 Model Number: ST9250320AS, Rev: HP07

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6DF26AE7D6663DFFFF5602BEDE5BE4683120D56C
232 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
Hi,

Let's run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    FF - HKLM\software\mozilla\Firefox\Extensions\\{A92ADD4B-1A47-402A-8BE6-2447A0923EE0}: C:\Windows\system32\config\systemprofile\AppData\Local\{A92ADD4B-1A47-402A-8BE6-2447A0923EE0} [2010/07/30 21:03:10 | 000,000,000 | ---D | M]
    [2010/08/23 22:57:53 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At1.job
    [2010/08/04 21:00:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\qullnmj.dll
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log


Did you create a new user account? Asking cos this latest log was taken under same account as earlier (at least same account name).

Winsock 2 file(s) missing
Could you elaborate that?

Start => Run => Msinfo32 => OK
Expand Components, expand Network, clicked on Protocol
Do you have any other items behind Protocol section than those two you listed in attached .txt file?

Please grab a screenshot of Local Area Connection properties window.
 
Hi,

I did not create an account - there are two on the laptop: "Cindy" (admin) and "Guest". Because a few of the programs and searches would only allow someone with administrator privileges, I've been running everything through that account.

Winsock information missing from Registry. I don't remember where, but I can check again and post later.

How and what info did you want me to take a screenshot of?

Here is the OTL log:

OTL logfile created on: 8/28/2010 11:17:54 AM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = H:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.80 Gb Total Space | 11.17 Gb Free Space | 5.08% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 227.10 Gb Free Space | 97.52% Space Free | Partition Type: NTFS
Drive E: | 13.08 Gb Total Space | 2.04 Gb Free Space | 15.57% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 967.22 Mb Total Space | 937.53 Mb Free Space | 96.93% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: CINDY-PC
Current User Name: Cindy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.exe File not found
PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe File not found
PRC - H:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - H:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TCPIP Pass-through Filter) -- C:\Windows\SysNative\msippsth.dll File not found
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (Symantec Core LC) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (hpqcxs08) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (LiveUpdate Notice) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (hpqddsvc) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SYMEFA64.SYS File not found
DRV:64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\ccHPx64.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RMCAST) RMCAST (Pgm) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\Drivers\SYMFW.SYS (Symantec Corporation)
DRV:64bit: - (SYMREDRV) -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV:64bit: - (SYMDNS) -- C:\Windows\SysNative\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (COH_Mon) -- C:\Windows\SysNative\Drivers\COH_Mon.sys (Symantec Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (NETw3v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100814.002\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100814.002\ENG64.SYS (Symantec Corporation)
DRV - (IDSvia64) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100810.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (AFS) -- C:\Windows\SysWow64\drivers\AFS.SYS (Oak Technology Inc.)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {A92ADD4B-1A47-402A-8BE6-2447A0923EE0}:1.9.1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\ProgramData\iWin Games\firefox [2010/06/24 12:22:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/10 11:13:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/12 09:42:34 | 000,000,000 | ---D | M]

[2009/05/02 10:21:35 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Mozilla\Extensions
[2010/08/15 13:37:01 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions
[2009/10/31 08:52:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/14 17:47:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/17 19:35:14 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2010/08/28 07:05:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Mozilla Firefox\components\coFFPlgn.dll
[2009/10/01 14:38:53 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol308.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npraclient.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (~NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [osCheck] C:\Program Files (x86)\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe File not found
O4 - Startup: C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Zuma/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Zuma/Images/armhelper.ocx (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/25 10:47:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/25 10:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/25 10:28:01 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Cindy\Documents\spybotsd162.exe
[2010/08/25 10:28:00 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Cindy\Documents\mbam-setup-1.46.exe
[2010/08/25 10:28:00 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Cindy\Documents\HJTInstall.exe
[2010/08/25 10:28:00 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Cindy\Documents\erunt-setup.exe
[2010/08/25 10:28:00 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Cindy\Documents\OTL.exe
[2010/08/25 10:27:59 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Users\Cindy\Documents\ccsetup234.exe
[2010/08/25 10:27:58 | 128,750,008 | ---- | C] (Lavasoft ) -- C:\Users\Cindy\Documents\Ad-AwareInstall.exe
[2010/08/25 10:27:58 | 002,133,536 | ---- | C] (AVG Technologies) -- C:\Users\Cindy\Documents\avg_free_stb_all_9_115_cnet.exe
[2010/08/25 10:27:57 | 001,413,120 | ---- | C] (Option^Explicit Software Solutions) -- C:\Users\Cindy\Documents\winsockfix.exe
[2010/08/17 19:12:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/17 19:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/08/17 19:10:14 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Cindy\Desktop\erunt-setup.exe
[2010/08/17 12:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Grisoft
[2010/08/17 12:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grisoft
[2010/08/12 15:25:47 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\SurfSecret Privacy Suite
[2010/08/12 15:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2010/08/12 15:05:19 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/08/12 14:49:08 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\ccsetup234.exe
[2010/08/12 14:49:08 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2010/08/12 14:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/08/11 23:49:52 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 23:49:44 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 23:49:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/11 23:49:43 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 23:49:43 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/08/11 23:49:43 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/11 23:49:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/11 23:49:43 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/08/11 23:49:42 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/11 23:49:42 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/11 23:49:41 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/11 23:49:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 23:49:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 23:49:41 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/11 23:49:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/11 23:49:41 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/08/11 23:49:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/11 23:49:41 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/08/11 23:49:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/11 23:49:41 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/11 23:49:41 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/11 23:49:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/11 23:49:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 23:48:49 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 23:48:22 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 23:48:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 23:48:16 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/03 08:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/08/02 08:41:21 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\GlarySoft
[2010/07/30 21:18:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/07/30 21:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2009/07/10 12:53:32 | 069,641,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes64Setup.exe

========== Files - Modified Within 30 Days ==========

[2010/08/28 11:20:19 | 002,097,152 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT
[2010/08/28 11:14:51 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/28 11:13:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/28 11:13:49 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/28 11:13:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/28 11:13:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/28 11:13:32 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/28 11:12:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/28 11:12:30 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/28 11:12:30 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TM.blf
[2010/08/28 11:12:24 | 004,385,881 | -H-- | M] () -- C:\Users\Cindy\AppData\Local\IconCache.db
[2010/08/28 11:09:23 | 000,000,272 | ---- | M] () -- C:\Users\Cindy\Desktop\OTL.exe - Shortcut (2).lnk
[2010/08/28 10:13:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/28 08:03:30 | 000,000,293 | ---- | M] () -- C:\Users\Cindy\Desktop\MBRCheck.exe - Shortcut.lnk
[2010/08/28 07:05:34 | 000,002,423 | ---- | M] () -- C:\Users\Cindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/08/28 07:02:57 | 000,000,680 | ---- | M] () -- C:\Users\Cindy\AppData\Local\d3d9caps.dat
[2010/08/28 06:59:58 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2010/08/27 17:10:11 | 000,000,386 | ---- | M] () -- C:\Windows\win.ini
[2010/08/27 16:09:31 | 000,002,411 | ---- | M] () -- C:\Users\Cindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2010/08/25 10:48:01 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 10:42:04 | 000,000,890 | ---- | M] () -- C:\Users\Cindy\Desktop\Malwarebytes' Anti-Malware - Shortcut.lnk
[2010/08/25 09:49:20 | 000,017,920 | ---- | M] () -- C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 20:06:10 | 000,099,840 | ---- | M] () -- C:\Users\Cindy\Documents\OTL Extras logfile created on 24 Aug 2010.doc
[2010/08/24 20:04:23 | 000,115,712 | ---- | M] () -- C:\Users\Cindy\Documents\OTL logfile created on Aug 24 2010.doc
[2010/08/24 19:34:56 | 000,028,160 | ---- | M] () -- C:\Users\Cindy\Documents\Spybot Forum - Response 1 - Blade81.doc
[2010/08/24 19:32:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Documents\OTL.exe
[2010/08/23 20:39:24 | 001,413,120 | ---- | M] (Option^Explicit Software Solutions) -- C:\Users\Cindy\Documents\winsockfix.exe
[2010/08/17 19:10:59 | 000,000,945 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/17 19:10:52 | 000,000,746 | ---- | M] () -- C:\Users\Cindy\Desktop\ERUNT.lnk
[2010/08/17 17:55:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Cindy\Documents\erunt-setup.exe
[2010/08/17 17:55:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Cindy\Desktop\erunt-setup.exe
[2010/08/17 12:17:07 | 000,001,930 | ---- | M] () -- C:\Users\Cindy\Desktop\HijackThis.lnk
[2010/08/17 11:54:46 | 012,413,440 | ---- | M] () -- C:\Users\Cindy\Documents\avgas-setup-7.5.1.43.exe
[2010/08/17 10:54:13 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/17 10:54:13 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/17 10:54:13 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/16 09:36:18 | 128,750,008 | ---- | M] (Lavasoft ) -- C:\Users\Cindy\Documents\Ad-AwareInstall.exe
[2010/08/16 09:29:26 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Cindy\Documents\mbam-setup-1.46.exe
[2010/08/16 09:28:48 | 002,133,536 | ---- | M] (AVG Technologies) -- C:\Users\Cindy\Documents\avg_free_stb_all_9_115_cnet.exe
[2010/08/16 09:16:34 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Users\Cindy\Documents\ccsetup234.exe
[2010/08/16 09:14:58 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Cindy\Documents\spybotsd162.exe
[2010/08/16 09:13:20 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Cindy\Documents\HJTInstall.exe
[2010/08/16 08:59:00 | 000,525,824 | ---- | M] () -- C:\Users\Cindy\Documents\dds.com
[2010/08/16 08:59:00 | 000,525,824 | ---- | M] () -- C:\Users\Cindy\Desktop\dds.com
[2010/08/16 08:59:00 | 000,525,824 | ---- | M] () -- C:\dds.com
[2010/08/15 11:20:04 | 000,033,280 | ---- | M] () -- C:\Users\Cindy\Documents\No Internet Connection - Windows Vista_2.doc
[2010/08/14 20:35:58 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/14 19:46:42 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 19:46:42 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TM.blf
[2010/08/14 18:13:20 | 000,000,036 | ---- | M] () -- C:\Users\Cindy\AppData\Local\housecall.guid.cache
[2010/08/12 13:36:38 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\ccsetup234.exe
[2010/08/12 13:34:49 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2010/08/12 04:15:48 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 03:45:56 | 000,445,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/12 03:40:18 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 03:40:18 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TM.blf
[2010/08/10 11:06:14 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/08 13:39:35 | 000,137,504 | ---- | M] () -- C:\Users\Cindy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/04 08:25:28 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/08/04 08:21:26 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{fbdd9b78-9581-11df-bf45-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/04 08:21:26 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{fbdd9b78-9581-11df-bf45-00235a32a429}.TM.blf
[2010/08/02 08:29:08 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\Class15
[2010/08/02 08:29:08 | 000,000,005 | ---- | M] () -- C:\Windows\SysWow64\Band4

========== Files Created - No Company Name ==========

[2010/08/28 11:09:23 | 000,000,272 | ---- | C] () -- C:\Users\Cindy\Desktop\OTL.exe - Shortcut (2).lnk
[2010/08/28 08:03:30 | 000,000,293 | ---- | C] () -- C:\Users\Cindy\Desktop\MBRCheck.exe - Shortcut.lnk
[2010/08/25 10:48:01 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 10:41:59 | 000,000,890 | ---- | C] () -- C:\Users\Cindy\Desktop\Malwarebytes' Anti-Malware - Shortcut.lnk
[2010/08/25 10:28:00 | 001,020,805 | ---- | C] () -- C:\Users\Cindy\Documents\fr.exe
[2010/08/25 10:27:58 | 012,413,440 | ---- | C] () -- C:\Users\Cindy\Documents\avgas-setup-7.5.1.43.exe
[2010/08/25 10:27:57 | 000,525,824 | ---- | C] () -- C:\Users\Cindy\Documents\dds.com
[2010/08/25 10:27:57 | 000,033,280 | ---- | C] () -- C:\Users\Cindy\Documents\No Internet Connection - Windows Vista_2.doc
[2010/08/25 10:27:57 | 000,028,160 | ---- | C] () -- C:\Users\Cindy\Documents\Spybot Forum - Response 1 - Blade81.doc
[2010/08/24 20:06:10 | 000,099,840 | ---- | C] () -- C:\Users\Cindy\Documents\OTL Extras logfile created on 24 Aug 2010.doc
[2010/08/24 20:04:22 | 000,115,712 | ---- | C] () -- C:\Users\Cindy\Documents\OTL logfile created on Aug 24 2010.doc
[2010/08/17 19:13:50 | 000,525,824 | ---- | C] () -- C:\Users\Cindy\Desktop\dds.com
[2010/08/17 19:10:59 | 000,000,945 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/17 19:10:52 | 000,000,746 | ---- | C] () -- C:\Users\Cindy\Desktop\ERUNT.lnk
[2010/08/17 15:38:10 | 4024,262,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/17 12:06:55 | 000,001,930 | ---- | C] () -- C:\Users\Cindy\Desktop\HijackThis.lnk
[2010/08/17 10:53:41 | 000,525,824 | ---- | C] () -- C:\dds.com
[2010/08/14 20:35:57 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/14 20:35:57 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 20:35:57 | 000,065,536 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TM.blf
[2010/08/14 18:13:20 | 000,000,036 | ---- | C] () -- C:\Users\Cindy\AppData\Local\housecall.guid.cache
[2010/08/12 04:15:47 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 04:15:47 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 04:15:47 | 000,065,536 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TM.blf
[2010/08/10 11:06:14 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/04 08:25:28 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/08/04 08:25:27 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/08/04 08:25:27 | 000,065,536 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TM.blf
[2010/08/02 08:29:08 | 000,000,007 | ---- | C] () -- C:\Windows\SysWow64\Class15
[2010/08/02 08:29:08 | 000,000,005 | ---- | C] () -- C:\Windows\SysWow64\Band4
[2010/07/02 20:42:24 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/24 06:07:19 | 000,010,554 | ---- | C] () -- C:\Users\Cindy\AppData\Local\dd_vcredistUI7F0A.txt
[2010/06/24 06:07:11 | 000,433,684 | ---- | C] () -- C:\Users\Cindy\AppData\Local\dd_vcredistMSI7EF0.txt
[2010/06/24 06:07:09 | 000,011,414 | ---- | C] () -- C:\Users\Cindy\AppData\Local\dd_vcredistUI7EF0.txt
[2010/04/09 08:30:26 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/04/09 08:30:25 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/04/01 22:07:44 | 000,076,407 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\Smiley.ico
[2010/02/01 09:00:00 | 000,003,840 | ---- | C] () -- C:\Windows\SysWow64\drivers\BANTExt.sys
[2009/12/25 19:32:51 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2009/09/23 19:01:50 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 19:00:28 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 17:09:35 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2009/07/14 14:35:38 | 000,152,368 | ---- | C] () -- C:\Windows\SysWow64\WIN2PDFS.DLL
[2009/07/14 14:35:37 | 000,000,002 | ---- | C] () -- C:\Windows\1way.ini
[2009/07/10 12:52:16 | 013,727,048 | ---- | C] () -- C:\Program Files\winzip121.exe
[2009/06/09 11:35:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/13 14:28:32 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/05/13 14:27:03 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/05/13 14:22:09 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/04/27 22:28:33 | 000,003,146 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/04/24 15:43:34 | 000,017,920 | ---- | C] () -- C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/24 13:45:39 | 000,000,680 | ---- | C] () -- C:\Users\Cindy\AppData\Local\d3d9caps.dat
[2009/04/20 17:27:48 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/04/19 16:45:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/04 12:46:40 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\AppData\Local\QSwitch.txt
[2009/04/04 12:46:40 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\AppData\Local\DSwitch.txt
[2009/04/04 12:46:40 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\AppData\Local\AtStart.txt
[2009/04/04 12:46:39 | 000,009,045 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/03/05 03:07:29 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/03/05 03:07:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/03/05 03:06:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/03/05 03:05:55 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/03/05 03:03:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/01/20 01:45:49 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/01/20 01:36:56 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/01/20 01:34:18 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/01/20 01:32:19 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2000/02/24 01:03:04 | 000,061,502 | ---- | C] () -- C:\Windows\SysWow64\ODBCMON.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:24051EFF
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:C5E4F943
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:3B4DA230
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:AD7183FA
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:E51234A9
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:85C3B823
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:E1D6C864
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:A1D3FEF0
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:1BFE92CC
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:D667795F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:99671BE2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7B2BB690
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:BE40C8A2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:FD34FE88
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:2EF63291
< End of report >
 
Hi,

I did not create an account - there are two on the laptop: "Cindy" (admin) and "Guest". Because a few of the programs and searches would only allow someone with administrator privileges, I've been running everything through that account.
Try to create another user account and see how it works behind it.

How and what info did you want me to take a screenshot of?
I want to see what items connection has installed and active (networking tab on local area connection properties window). You can grab the screenshot for example like this:
1. Activate local area connection properties window and press alt+print screen buttons.
2. Open MS Paint and copy-paste screenshot in.
3. Save as .jpg or .png file.
4. Attach the file to your post.
 
Hello,

It must be getting pretty late in the day for you.

I created another user account on the damaged laptop as you recommended. Took a while to get things up and running. Here are the results:

Internet Explorer: http://click.w3i.com/?Programid=173&Elementname=ErrorPage&q=ie.redirect.hp.com%20svs%20rdr%3FTYPE=3%26tp=iehome%26locale=en_us%26c=91%26bd=Pavilion%26pf=cnnb&applicationid={EEA4B19D-ED04-4AEC-AAD3-3F75FC6EA710}&version=3.8.2&vintage=20100727&Defaultbrowserid=6&Productid=1704&Vendorid=3662&Offerid=6684&sc=-2146697211

Internet Explorer cannot display the webpage
===============================================================

Firefox: http://www.mozilla.com/en-US/firefox/3.6.8/firstrun/

Server not found

Firefox can't find the server at www.mozilla.com.

===============================================================

Network Discovery was turned off. Could not turn it on. Tried to turn it on via Network and Sharing Center. Was busy for 10 minutes and then when I tried I could not close the window. Opened Task Manager and ended process that way. Got warning that Explorer quit working and then all the open windows closed.

===============================================================

Sound works with new user account.

Also included are some pictures of the Local Area Connection windows. I'll have to send the next two JPEGs in a separate post.

Thank you,
Joe
 
Hi,

It must be getting pretty late in the day for you.
Yes, but trying to stay up for a few more hours :)

In Network Connections window.JPG picture I see that wired connection appears like ethernet cable wasn't connected. Is that so? Please have the cable connected.

What firewall do you have currently active? Please try to disable it temporarily to see if it helps.
 
The ethernet cable is plugged into the laptop and router/switch but the router is not seeing the laptop. The activity light is flashing on/off about once a second. I even tried another cable thinking I may have a bad cable. Same result.

The red X was flashing yesterday and today it is solid red.

Running with Windows firewall, not Norton 360. Firewall is turned off, but I'll recheck and post if that is not the case.
 
Hi,

Two more things that could be tried.

1) Norton has in some case in the past caused network connection issue. You could try to uninstall it with this removal tool to see if it has any effect (can be reinstalled after that).

2) Router reset
 
Removed Norton 360 as instructed.

Rebooted and ran netsh winsock reset.

"Server Not Found" or similar with both IE8 and Firefox.

Just for the fun of it I downloaded and installed the latest audio, video and networking drivers from the HP help site (maker of my damaged laptop).

No change.

Next?

I'm just about ready to reformat the HD and install Windows 7 (I really don't like Vista even though most experts say it's better than XP). This has been driving me crazy for over 3 1/2 weeks. I am usually pretty adept at computer issues and have helped several of the guys I work with. I have never seen a trojan like this that has caused so much damage to the internal command structure.
 
Hi,

I'm afraid we're out of options here :sad:. Probably best to backup important stuff and then reformat & install Windows 7.
 
Blade81,

Thank you so much for all the time spent on this problem. At least I don't feel too bad. From what I've seen on several dozen posts here and on other sites (CNET, ZDNET, MSN), this virus seems to have affected thousands and possibly hundreds of thousand computers.

I've already started a full back up of my laptop and will either re-image the Vista OS or break down and buy Windows 7 and install that OS.

Good luck to you.

Bye.
:greeting:
 
Back
Top