Hi,
I did not create an account - there are two on the laptop: "Cindy" (admin) and "Guest". Because a few of the programs and searches would only allow someone with administrator privileges, I've been running everything through that account.
Winsock information missing from Registry. I don't remember where, but I can check again and post later.
How and what info did you want me to take a screenshot of?
Here is the OTL log:
OTL logfile created on: 8/28/2010 11:17:54 AM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = H:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.80 Gb Total Space | 11.17 Gb Free Space | 5.08% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 227.10 Gb Free Space | 97.52% Space Free | Partition Type: NTFS
Drive E: | 13.08 Gb Total Space | 2.04 Gb Free Space | 15.57% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 967.22 Mb Total Space | 937.53 Mb Free Space | 96.93% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
Computer Name: CINDY-PC
Current User Name: Cindy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.exe File not found
PRC - C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe File not found
PRC - H:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
========== Modules (SafeList) ==========
MOD - H:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:
64bit: - (TCPIP Pass-through Filter) -- C:\Windows\SysNative\msippsth.dll File not found
SRV:
64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:
64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe (IDT, Inc.)
SRV:
64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe (Andrea Electronics Corporation)
SRV:
64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation)
SRV:
64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:
64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (Symantec Core LC) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (hpqcxs08) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (LiveUpdate Notice) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (hpqddsvc) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
========== Driver Services (SafeList) ==========
DRV:
64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SYMEFA64.SYS File not found
DRV:
64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys File not found
DRV:
64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:
64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:
64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys File not found
DRV:
64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:
64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\ccHPx64.sys File not found
DRV:
64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:
64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:
64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:
64bit: - (RMCAST) RMCAST (Pgm) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys (Microsoft Corporation)
DRV:
64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:
64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:
64bit: - (SYMNDISV) -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV:
64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV:
64bit: - (SYMFW) -- C:\Windows\SysNative\Drivers\SYMFW.SYS (Symantec Corporation)
DRV:
64bit: - (SYMREDRV) -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV:
64bit: - (SYMDNS) -- C:\Windows\SysNative\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV:
64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:
64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:
64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:
64bit: - (COH_Mon) -- C:\Windows\SysNative\Drivers\COH_Mon.sys (Symantec Corporation)
DRV:
64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:
64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys (Advanced Micro Devices Inc.)
DRV:
64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:
64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV:
64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)
DRV:
64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:
64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:
64bit: - (SRTSPL) -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS (Symantec Corporation)
DRV:
64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\SRTSP64.SYS (Symantec Corporation)
DRV:
64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS (Symantec Corporation)
DRV:
64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:
64bit: - (NETw3v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:
64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:
64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:
64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:
64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:
64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100814.002\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100814.002\ENG64.SYS (Symantec Corporation)
DRV - (IDSvia64) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100810.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (AFS) -- C:\Windows\SysWow64\drivers\AFS.SYS (Oak Technology Inc.)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {A92ADD4B-1A47-402A-8BE6-2447A0923EE0}:1.9.1
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\ProgramData\iWin Games\firefox [2010/06/24 12:22:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/10 11:13:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/12 09:42:34 | 000,000,000 | ---D | M]
[2009/05/02 10:21:35 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Mozilla\Extensions
[2010/08/15 13:37:01 | 000,000,000 | ---D | M] -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions
[2009/10/31 08:52:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/14 17:47:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/17 19:35:14 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\1xsqmwgx.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2010/08/28 07:05:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Mozilla Firefox\components\coFFPlgn.dll
[2009/10/01 14:38:53 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol308.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npraclient.dll
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (~NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O4:
64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:
64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:
64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:
64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [osCheck] C:\Program Files (x86)\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe File not found
O4 - Startup: C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:
64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Zuma/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A}
http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Zuma/Images/armhelper.ocx (Reg Error: Key error.)
O18:
64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\ipp - No CLSID value found
O18:
64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:
64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:
64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/08/25 10:47:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/25 10:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/25 10:28:01 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Cindy\Documents\spybotsd162.exe
[2010/08/25 10:28:00 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Cindy\Documents\mbam-setup-1.46.exe
[2010/08/25 10:28:00 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Cindy\Documents\HJTInstall.exe
[2010/08/25 10:28:00 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Cindy\Documents\erunt-setup.exe
[2010/08/25 10:28:00 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Cindy\Documents\OTL.exe
[2010/08/25 10:27:59 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Users\Cindy\Documents\ccsetup234.exe
[2010/08/25 10:27:58 | 128,750,008 | ---- | C] (Lavasoft ) -- C:\Users\Cindy\Documents\Ad-AwareInstall.exe
[2010/08/25 10:27:58 | 002,133,536 | ---- | C] (AVG Technologies) -- C:\Users\Cindy\Documents\avg_free_stb_all_9_115_cnet.exe
[2010/08/25 10:27:57 | 001,413,120 | ---- | C] (Option^Explicit Software Solutions) -- C:\Users\Cindy\Documents\winsockfix.exe
[2010/08/17 19:12:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/17 19:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/08/17 19:10:14 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Cindy\Desktop\erunt-setup.exe
[2010/08/17 12:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Grisoft
[2010/08/17 12:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grisoft
[2010/08/12 15:25:47 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\SurfSecret Privacy Suite
[2010/08/12 15:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2010/08/12 15:05:19 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/08/12 14:49:08 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\ccsetup234.exe
[2010/08/12 14:49:08 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2010/08/12 14:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/08/11 23:49:52 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 23:49:44 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 23:49:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/11 23:49:43 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 23:49:43 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/08/11 23:49:43 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/11 23:49:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/11 23:49:43 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/08/11 23:49:42 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/11 23:49:42 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/11 23:49:41 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/11 23:49:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 23:49:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 23:49:41 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/11 23:49:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/11 23:49:41 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/08/11 23:49:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/11 23:49:41 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/08/11 23:49:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/11 23:49:41 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/11 23:49:41 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/11 23:49:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/11 23:49:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 23:48:49 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 23:48:22 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 23:48:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 23:48:16 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/03 08:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/08/02 08:41:21 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\GlarySoft
[2010/07/30 21:18:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/07/30 21:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2009/07/10 12:53:32 | 069,641,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes64Setup.exe
========== Files - Modified Within 30 Days ==========
[2010/08/28 11:20:19 | 002,097,152 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT
[2010/08/28 11:14:51 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/28 11:13:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/28 11:13:49 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/28 11:13:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/28 11:13:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/28 11:13:32 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/28 11:12:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/28 11:12:30 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/28 11:12:30 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TM.blf
[2010/08/28 11:12:24 | 004,385,881 | -H-- | M] () -- C:\Users\Cindy\AppData\Local\IconCache.db
[2010/08/28 11:09:23 | 000,000,272 | ---- | M] () -- C:\Users\Cindy\Desktop\OTL.exe - Shortcut (2).lnk
[2010/08/28 10:13:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/28 08:03:30 | 000,000,293 | ---- | M] () -- C:\Users\Cindy\Desktop\MBRCheck.exe - Shortcut.lnk
[2010/08/28 07:05:34 | 000,002,423 | ---- | M] () -- C:\Users\Cindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/08/28 07:02:57 | 000,000,680 | ---- | M] () -- C:\Users\Cindy\AppData\Local\d3d9caps.dat
[2010/08/28 06:59:58 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2010/08/27 17:10:11 | 000,000,386 | ---- | M] () -- C:\Windows\win.ini
[2010/08/27 16:09:31 | 000,002,411 | ---- | M] () -- C:\Users\Cindy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2010/08/25 10:48:01 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 10:42:04 | 000,000,890 | ---- | M] () -- C:\Users\Cindy\Desktop\Malwarebytes' Anti-Malware - Shortcut.lnk
[2010/08/25 09:49:20 | 000,017,920 | ---- | M] () -- C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 20:06:10 | 000,099,840 | ---- | M] () -- C:\Users\Cindy\Documents\OTL Extras logfile created on 24 Aug 2010.doc
[2010/08/24 20:04:23 | 000,115,712 | ---- | M] () -- C:\Users\Cindy\Documents\OTL logfile created on Aug 24 2010.doc
[2010/08/24 19:34:56 | 000,028,160 | ---- | M] () -- C:\Users\Cindy\Documents\Spybot Forum - Response 1 - Blade81.doc
[2010/08/24 19:32:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Documents\OTL.exe
[2010/08/23 20:39:24 | 001,413,120 | ---- | M] (Option^Explicit Software Solutions) -- C:\Users\Cindy\Documents\winsockfix.exe
[2010/08/17 19:10:59 | 000,000,945 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/17 19:10:52 | 000,000,746 | ---- | M] () -- C:\Users\Cindy\Desktop\ERUNT.lnk
[2010/08/17 17:55:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Cindy\Documents\erunt-setup.exe
[2010/08/17 17:55:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Cindy\Desktop\erunt-setup.exe
[2010/08/17 12:17:07 | 000,001,930 | ---- | M] () -- C:\Users\Cindy\Desktop\HijackThis.lnk
[2010/08/17 11:54:46 | 012,413,440 | ---- | M] () -- C:\Users\Cindy\Documents\avgas-setup-7.5.1.43.exe
[2010/08/17 10:54:13 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/17 10:54:13 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/17 10:54:13 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/16 09:36:18 | 128,750,008 | ---- | M] (Lavasoft ) -- C:\Users\Cindy\Documents\Ad-AwareInstall.exe
[2010/08/16 09:29:26 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Cindy\Documents\mbam-setup-1.46.exe
[2010/08/16 09:28:48 | 002,133,536 | ---- | M] (AVG Technologies) -- C:\Users\Cindy\Documents\avg_free_stb_all_9_115_cnet.exe
[2010/08/16 09:16:34 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Users\Cindy\Documents\ccsetup234.exe
[2010/08/16 09:14:58 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Cindy\Documents\spybotsd162.exe
[2010/08/16 09:13:20 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Cindy\Documents\HJTInstall.exe
[2010/08/16 08:59:00 | 000,525,824 | ---- | M] () -- C:\Users\Cindy\Documents\dds.com
[2010/08/16 08:59:00 | 000,525,824 | ---- | M] () -- C:\Users\Cindy\Desktop\dds.com
[2010/08/16 08:59:00 | 000,525,824 | ---- | M] () -- C:\dds.com
[2010/08/15 11:20:04 | 000,033,280 | ---- | M] () -- C:\Users\Cindy\Documents\No Internet Connection - Windows Vista_2.doc
[2010/08/14 20:35:58 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/14 19:46:42 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 19:46:42 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TM.blf
[2010/08/14 18:13:20 | 000,000,036 | ---- | M] () -- C:\Users\Cindy\AppData\Local\housecall.guid.cache
[2010/08/12 13:36:38 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\ccsetup234.exe
[2010/08/12 13:34:49 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2010/08/12 04:15:48 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 03:45:56 | 000,445,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/12 03:40:18 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 03:40:18 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TM.blf
[2010/08/10 11:06:14 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/08 13:39:35 | 000,137,504 | ---- | M] () -- C:\Users\Cindy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/04 08:25:28 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/08/04 08:21:26 | 000,524,288 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{fbdd9b78-9581-11df-bf45-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/04 08:21:26 | 000,065,536 | -HS- | M] () -- C:\Users\Cindy\NTUSER.DAT{fbdd9b78-9581-11df-bf45-00235a32a429}.TM.blf
[2010/08/02 08:29:08 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\Class15
[2010/08/02 08:29:08 | 000,000,005 | ---- | M] () -- C:\Windows\SysWow64\Band4
========== Files Created - No Company Name ==========
[2010/08/28 11:09:23 | 000,000,272 | ---- | C] () -- C:\Users\Cindy\Desktop\OTL.exe - Shortcut (2).lnk
[2010/08/28 08:03:30 | 000,000,293 | ---- | C] () -- C:\Users\Cindy\Desktop\MBRCheck.exe - Shortcut.lnk
[2010/08/25 10:48:01 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 10:41:59 | 000,000,890 | ---- | C] () -- C:\Users\Cindy\Desktop\Malwarebytes' Anti-Malware - Shortcut.lnk
[2010/08/25 10:28:00 | 001,020,805 | ---- | C] () -- C:\Users\Cindy\Documents\fr.exe
[2010/08/25 10:27:58 | 012,413,440 | ---- | C] () -- C:\Users\Cindy\Documents\avgas-setup-7.5.1.43.exe
[2010/08/25 10:27:57 | 000,525,824 | ---- | C] () -- C:\Users\Cindy\Documents\dds.com
[2010/08/25 10:27:57 | 000,033,280 | ---- | C] () -- C:\Users\Cindy\Documents\No Internet Connection - Windows Vista_2.doc
[2010/08/25 10:27:57 | 000,028,160 | ---- | C] () -- C:\Users\Cindy\Documents\Spybot Forum - Response 1 - Blade81.doc
[2010/08/24 20:06:10 | 000,099,840 | ---- | C] () -- C:\Users\Cindy\Documents\OTL Extras logfile created on 24 Aug 2010.doc
[2010/08/24 20:04:22 | 000,115,712 | ---- | C] () -- C:\Users\Cindy\Documents\OTL logfile created on Aug 24 2010.doc
[2010/08/17 19:13:50 | 000,525,824 | ---- | C] () -- C:\Users\Cindy\Desktop\dds.com
[2010/08/17 19:10:59 | 000,000,945 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/17 19:10:52 | 000,000,746 | ---- | C] () -- C:\Users\Cindy\Desktop\ERUNT.lnk
[2010/08/17 15:38:10 | 4024,262,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/17 12:06:55 | 000,001,930 | ---- | C] () -- C:\Users\Cindy\Desktop\HijackThis.lnk
[2010/08/17 10:53:41 | 000,525,824 | ---- | C] () -- C:\dds.com
[2010/08/14 20:35:57 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/14 20:35:57 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 20:35:57 | 000,065,536 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{51fa70a2-a802-11df-bc58-00235a32a429}.TM.blf
[2010/08/14 18:13:20 | 000,000,036 | ---- | C] () -- C:\Users\Cindy\AppData\Local\housecall.guid.cache
[2010/08/12 04:15:47 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 04:15:47 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 04:15:47 | 000,065,536 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{204f0962-a5e5-11df-93cd-00235a32a429}.TM.blf
[2010/08/10 11:06:14 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/04 08:25:28 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/08/04 08:25:27 | 000,524,288 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/08/04 08:25:27 | 000,065,536 | -HS- | C] () -- C:\Users\Cindy\NTUSER.DAT{305260e0-9fc3-11df-9961-806e6f6e6963}.TM.blf
[2010/08/02 08:29:08 | 000,000,007 | ---- | C] () -- C:\Windows\SysWow64\Class15
[2010/08/02 08:29:08 | 000,000,005 | ---- | C] () -- C:\Windows\SysWow64\Band4
[2010/07/02 20:42:24 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/24 06:07:19 | 000,010,554 | ---- | C] () -- C:\Users\Cindy\AppData\Local\dd_vcredistUI7F0A.txt
[2010/06/24 06:07:11 | 000,433,684 | ---- | C] () -- C:\Users\Cindy\AppData\Local\dd_vcredistMSI7EF0.txt
[2010/06/24 06:07:09 | 000,011,414 | ---- | C] () -- C:\Users\Cindy\AppData\Local\dd_vcredistUI7EF0.txt
[2010/04/09 08:30:26 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/04/09 08:30:25 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/04/01 22:07:44 | 000,076,407 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\Smiley.ico
[2010/02/01 09:00:00 | 000,003,840 | ---- | C] () -- C:\Windows\SysWow64\drivers\BANTExt.sys
[2009/12/25 19:32:51 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2009/09/23 19:01:50 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 19:00:28 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 17:09:35 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2009/07/14 14:35:38 | 000,152,368 | ---- | C] () -- C:\Windows\SysWow64\WIN2PDFS.DLL
[2009/07/14 14:35:37 | 000,000,002 | ---- | C] () -- C:\Windows\1way.ini
[2009/07/10 12:52:16 | 013,727,048 | ---- | C] () -- C:\Program Files\winzip121.exe
[2009/06/09 11:35:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/13 14:28:32 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/05/13 14:27:03 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/05/13 14:22:09 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/04/27 22:28:33 | 000,003,146 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/04/24 15:43:34 | 000,017,920 | ---- | C] () -- C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/24 13:45:39 | 000,000,680 | ---- | C] () -- C:\Users\Cindy\AppData\Local\d3d9caps.dat
[2009/04/20 17:27:48 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/04/19 16:45:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/04 12:46:40 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\AppData\Local\QSwitch.txt
[2009/04/04 12:46:40 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\AppData\Local\DSwitch.txt
[2009/04/04 12:46:40 | 000,000,000 | ---- | C] () -- C:\Users\Cindy\AppData\Local\AtStart.txt
[2009/04/04 12:46:39 | 000,009,045 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/03/05 03:07:29 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/03/05 03:07:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/03/05 03:06:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/03/05 03:05:55 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/03/05 03:03:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/01/20 01:45:49 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/01/20 01:36:56 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/01/20 01:34:18 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/01/20 01:32:19 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2000/02/24 01:03:04 | 000,061,502 | ---- | C] () -- C:\Windows\SysWow64\ODBCMON.DLL
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:24051EFF
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:C5E4F943
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:3B4DA230
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:AD7183FA
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:E51234A9
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:85C3B823
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:E1D6C864
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:A1D3FEF0
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:1BFE92CC
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp

667795F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:99671BE2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp

1B5B4F1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp

FC5A2B2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7B2BB690
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:BE40C8A2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:FD34FE88
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:2EF63291
< End of report >