View Full Version : Infected. Slowing computer
stopdroproll
2011-02-19, 22:44
I noticed it start happening on Thursday. I kept getting disconnected from wireless and my browser would just be very slow. The only thing I've downloaded is iTunes since I got a new Touch, also downloaded some apps. It disabled avast and I can't enable it. I tried MalwareBytes and Spybot scans. Malware found nothing, Spybot cleaned some stuff. FWIW, I have used a USB drive before I realized I was infected
Went through the steps in the Sticky, ERUNT, DDS, and Advanced Mode for Spybot. Restarted and got a message
"Unable to create file: C:\Windows\ERDNT\AutoBackup2-19-2011/ERDNT.INF
Registry backup will continue, but no restore information for the ERDNT program will be saved. This means that later restoration of the registry can only be done manually, by using another OS to copy back the files."
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Orlando at 16:20:03.66 on Sat 02/19/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.1825 [GMT -5:00]
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: Immunet Protect *Enabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Immunet Protect\2.0.17\agent.exe
C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Immunet Protect\2.0.17\iptray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Orlando\Desktop\dds.scr
C:\Windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:6522
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - Ask Toolbar
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SystemProtector] "C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe" /autorun
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [Immunet Protect] "C:\Program Files\Immunet Protect\2.0.17\iptray.exe"
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
StartupFolder: C:\Users\Orlando\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: C:\Program Files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: C:\Users\Orlando\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: NetVideoHunter: netvideohunter@netvideohunter.com - %profile%\extensions\netvideohunter@netvideohunter.com
FF - Ext: Old Location Bar: {3205B348-523A-4fac-9BC4-9939CBF583B0} - %profile%\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
FF - Ext: Dictionary Tooltip: {C6128004-4838-4708-9A97-BB172D17767D} - %profile%\extensions\{C6128004-4838-4708-9A97-BB172D17767D}
FF - Ext: AFOM Addon: afom@idevfh - %profile%\extensions\afom@idevfh
FF - Ext: Resurrect Pages: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3} - %profile%\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: JavaString Helper: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA} - C:\Users\Orlando\AppData\Roaming\5005
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF - Ext: JavaString Helper: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA} - C:\Users\Orlando\AppData\Roaming\5005
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-8-2 69152]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-2-19 257232]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2011-2-19 452872]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2011-2-19 816016]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-12-3 121936]
R1 ImmunetProtectDriver;ImmunetProtectDriver;C:\Windows\System32\drivers\ImmunetProtect.sys [2011-2-19 46160]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;C:\Windows\System32\drivers\ImmunetSelfProtect.sys [2011-2-19 29776]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-7-29 14904]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2010-5-9 263480]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-12-3 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-12-3 61008]
R2 cpuz132;cpuz132;C:\Windows\System32\drivers\cpuz132_x64.sys [2009-12-4 19432]
R2 ImmunetProtect;Immunet Protect;C:\Program Files\Immunet Protect\2.0.17\agent.exe [2011-2-19 272080]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-7-12 1375992]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-12-4 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-2-19 366840]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-2-19 1150936]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\System32\drivers\itecir.sys [2010-7-13 69736]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-8-12 17440]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-14 40384]
S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-14 40384]
S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-14 40384]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2009-12-4 61280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-12-3 5435904]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-24 1255736]
=============== Created Last 30 ================
2011-02-19 15:42:22 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2011-02-19 15:42:22 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2011-02-19 15:42:19 331368 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2011-02-19 15:42:19 136168 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2011-02-19 15:42:15 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2011-02-19 15:41:37 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2011-02-19 15:41:05 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-02-19 15:41:04 -------- d-----w- C:\Users\Orlando\AppData\Roaming\PC Tools
2011-02-19 15:41:04 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-02-19 15:41:04 -------- d-----w- C:\PROGRA~3\PC Tools
2011-02-19 15:25:02 -------- d-----w- C:\Users\Orlando\AppData\Local\Immunet
2011-02-19 15:25:02 -------- d-----w- C:\PROGRA~3\Immunet
2011-02-19 15:24:24 29776 ----a-w- C:\Windows\System32\drivers\ImmunetSelfProtect.sys
2011-02-19 15:24:22 46160 ----a-w- C:\Windows\System32\drivers\ImmunetProtect.sys
2011-02-19 15:24:08 -------- d-----w- C:\Program Files\Immunet Protect
2011-02-17 01:52:21 83249512 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcC5FA.tmp
2011-02-05 18:31:31 -------- d-----w- C:\Users\Orlando\AppData\Roaming\Acapela Group
2011-02-05 18:31:23 -------- d-----w- C:\Users\Orlando\AppData\Local\Xtranormal
2011-02-02 11:18:31 -------- d-----w- C:\Program Files (x86)\Xtranormal
2011-02-02 11:18:13 -------- d-----w- C:\Users\Orlando\AppData\Roaming\Xtranormal
2011-01-21 03:28:48 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
==================== Find3M ====================
2011-01-15 02:09:20 8673792 ----a-w- C:\PROGRA~3\atscie.msi
2010-12-14 06:11:38 1836 ----a-w- C:\Windows\System32\ASOROSet.bin
2010-11-29 22:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
============= FINISH: 16:23:13.61 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
stopdroproll
2011-02-22, 03:59
OTL logfile created on: 2/21/2011 9:48:41 PM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Orlando\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.40 Gb Total Space | 221.82 Gb Free Space | 77.72% Space Free | Partition Type: NTFS
Computer Name: ORLANDO-PC | User Name: Orlando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Orlando\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe (Systweak Inc., (www.systweak.com))
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
========== Modules (SafeList) ==========
MOD - C:\Users\Orlando\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (scan) -- C:\Program Files\Immunet Protect\tetra\scan.dll (Immunet)
SRV:64bit: - (ImmunetProtect) -- C:\Program Files\Immunet Protect\2.0.17\agent.exe (Immunet Corporation)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV:64bit: - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (ASO3DiskOptimizer) -- C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe (Systweak Inc., (www.systweak.com))
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (WinRM) Windows Remote Management (WS-Management) -- C:\Windows\SysWOW64\WsmSvc.dll ()
SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (ImmunetProtectDriver) -- C:\Windows\SysNative\drivers\ImmunetProtect.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (ImmunetSelfProtectDriver) -- C:\Windows\SysNative\drivers\ImmunetSelfProtect.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\drivers\purendis.sys (Cisco Systems, Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {C6128004-4838-4708-9A97-BB172D17767D}:1.6.1
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.3
FF - prefs.js..extensions.enabledItems: {3205B348-523A-4fac-9BC4-9939CBF583B0}:2.1.5
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: afom@idevfh:2.0
FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.3
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/03 23:37:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/21 13:58:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/15 21:24:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/01/20 22:28:48 | 000,000,000 | ---D | M]
[2010/10/04 10:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Extensions
[2010/10/19 05:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions
[2010/10/04 20:19:56 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/10/04 20:19:52 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2010/10/04 20:19:52 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2010/10/07 19:33:12 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/10/04 20:19:54 | 000,000,000 | ---D | M] ("Dictionary Tooltip") -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{C6128004-4838-4708-9A97-BB172D17767D}
[2010/10/04 20:19:54 | 000,000,000 | ---D | M] (AFOM Addon) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\afom@idevfh
[2010/10/04 20:19:50 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\autopager@mozilla.org
[2010/10/04 20:19:50 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\firefox@tvunetworks.com
[2010/10/04 20:19:51 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\netvideohunter@netvideohunter.com
[2010/10/04 20:19:54 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\searchrecs@veoh.com
[2009/12/03 17:39:52 | 000,004,554 | ---- | M] () -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\searchplugins\aim-search.xml
[2010/03/19 00:27:14 | 000,001,820 | ---- | M] () -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\searchplugins\bing.xml
[2010/12/22 16:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/20 12:32:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/22 16:23:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/04/02 13:13:57 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES (X86)\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
[2010/09/26 07:14:04 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\ORLANDO\APPDATA\ROAMING\5005
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet Protect\2.0.17\iptray.exe (Immunet)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SystemProtector] C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe (Systweak Inc., (www.systweak.com))
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1303545217-2589164206-708239540-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1303545217-2589164206-708239540-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1303545217-2589164206-708239540-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (sasnative64) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/02/21 21:45:35 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\Orlando\Desktop\OTL.exe
[2011/02/19 12:50:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/19 12:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/19 12:50:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/02/19 12:49:15 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Orlando\Desktop\erunt-setup.exe
[2011/02/19 10:42:22 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2011/02/19 10:42:22 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2011/02/19 10:42:19 | 000,331,368 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/02/19 10:42:19 | 000,136,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/02/19 10:42:15 | 000,257,232 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/02/19 10:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/02/19 10:41:37 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011/02/19 10:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/02/19 10:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/02/19 10:41:04 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\PC Tools
[2011/02/19 10:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/02/19 10:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immunet Protect
[2011/02/19 10:25:02 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\Immunet
[2011/02/19 10:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Immunet
[2011/02/19 10:24:24 | 000,029,776 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\ImmunetSelfProtect.sys
[2011/02/19 10:24:22 | 000,046,160 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\ImmunetProtect.sys
[2011/02/19 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Immunet Protect
[2011/02/19 10:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/02/19 10:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Updater
[2011/02/19 10:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2011/02/16 00:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/05 13:31:31 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\Acapela Group
[2011/02/05 13:31:23 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\Xtranormal
[2011/02/02 06:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xtranormal State
[2011/02/02 06:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xtranormal
[2011/02/02 06:18:13 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\Xtranormal
[2 C:\Users\Orlando\AppData\Roaming\*.tmp files -> C:\Users\Orlando\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Orlando\Desktop\*.tmp files -> C:\Users\Orlando\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/02/21 21:46:56 | 000,129,289 | ---- | M] () -- C:\Users\Orlando\Desktop\12133.png
[2011/02/21 21:45:41 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Orlando\Desktop\OTL.exe
[2011/02/21 21:45:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000UA.job
[2011/02/21 20:02:32 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/21 20:01:18 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/21 20:01:18 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/21 19:54:05 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/21 19:50:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/21 19:50:00 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/20 19:45:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000Core.job
[2011/02/20 15:56:34 | 001,401,379 | ---- | M] () -- C:\Users\Orlando\Desktop\BlackRock Liquidity.PDF
[2011/02/19 22:42:09 | 000,816,191 | ---- | M] () -- C:\Users\Orlando\Desktop\Money and the Banking System.pptx
[2011/02/19 16:24:02 | 000,006,086 | ---- | M] () -- C:\Users\Orlando\Desktop\Attach.zip
[2011/02/19 16:22:34 | 000,044,318 | ---- | M] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw3.pdf
[2011/02/19 16:15:45 | 000,055,210 | ---- | M] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw2_Sol.pdf
[2011/02/19 12:50:59 | 000,624,128 | ---- | M] () -- C:\Users\Orlando\Desktop\dds.scr
[2011/02/19 12:50:17 | 000,001,071 | ---- | M] () -- C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/19 12:50:05 | 000,000,872 | ---- | M] () -- C:\Users\Orlando\Desktop\ERUNT.lnk
[2011/02/19 12:49:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Orlando\Desktop\erunt-setup.exe
[2011/02/19 10:43:03 | 001,231,044 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/02/19 10:24:14 | 000,046,160 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\ImmunetProtect.sys
[2011/02/19 10:24:14 | 000,029,776 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\ImmunetSelfProtect.sys
[2011/02/19 10:22:00 | 001,252,984 | ---- | M] () -- C:\Users\Orlando\Desktop\Google Updater.exe
[2011/02/18 19:56:13 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\ASOService.job
[2011/02/17 19:05:56 | 000,071,852 | ---- | M] () -- C:\Users\Orlando\Desktop\iPod Software License.rtf
[2011/02/13 23:00:05 | 000,616,241 | ---- | M] () -- C:\Users\Orlando\Desktop\Monetary policy.pptx
[2011/02/13 20:26:42 | 003,020,288 | ---- | M] () -- C:\Users\Orlando\Desktop\ch08.ppt
[2011/02/12 23:32:19 | 000,015,969 | ---- | M] () -- C:\Users\Orlando\Desktop\Ethics Assignment.docx
[2011/02/12 21:58:56 | 005,298,620 | ---- | M] () -- C:\Users\Orlando\Desktop\greenpois0n.exe
[2011/02/11 22:36:56 | 000,002,657 | ---- | M] () -- C:\Users\Orlando\Desktop\README
[2011/02/11 06:56:13 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/11 06:56:13 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/11 06:56:13 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/09 20:23:02 | 000,736,638 | ---- | M] () -- C:\Users\Orlando\Desktop\Winter Term 2010-11 Ethics Assignment.pdf
[2011/02/06 09:42:15 | 000,437,958 | ---- | M] () -- C:\Users\Orlando\Documents\Copy.docx
[2011/02/02 06:18:36 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\State.lnk
[2011/02/01 17:16:18 | 000,091,665 | ---- | M] () -- C:\Users\Orlando\Documents\Orlando_Lam.pdf
[2011/01/31 08:59:47 | 000,010,110 | ---- | M] () -- C:\Users\Orlando\Documents\econ202.docx
[2011/01/31 06:19:58 | 000,749,417 | ---- | M] () -- C:\Users\Orlando\Desktop\Bringing in the supply-side.pptx
[2011/01/30 18:34:28 | 000,670,598 | ---- | M] () -- C:\Users\Orlando\Desktop\Food Presentation- Curtis.PDF
[2011/01/30 17:36:04 | 000,012,165 | ---- | M] () -- C:\Users\Orlando\Desktop\CL.docx
[2011/01/30 10:50:03 | 000,012,181 | ---- | M] () -- C:\Users\Orlando\Desktop\MD CL.docx
[2011/01/29 02:02:43 | 000,022,899 | ---- | M] () -- C:\Users\Orlando\Documents\orlando_lam1.docx
[2011/01/22 22:58:38 | 001,960,373 | ---- | M] () -- C:\Users\Orlando\Desktop\VaultInvestmentBanking.PDF
[2011/01/22 22:58:00 | 000,533,504 | ---- | M] () -- C:\Users\Orlando\Desktop\Zilbergleyt Presentation 11-17-06.ppt
[2 C:\Users\Orlando\AppData\Roaming\*.tmp files -> C:\Users\Orlando\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Orlando\Desktop\*.tmp files -> C:\Users\Orlando\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/02/21 21:46:56 | 000,129,289 | ---- | C] () -- C:\Users\Orlando\Desktop\12133.png
[2011/02/21 06:32:01 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/20 16:21:29 | 001,401,379 | ---- | C] () -- C:\Users\Orlando\Desktop\BlackRock Liquidity.PDF
[2011/02/19 22:41:56 | 000,816,191 | ---- | C] () -- C:\Users\Orlando\Desktop\Money and the Banking System.pptx
[2011/02/19 16:21:33 | 000,044,318 | ---- | C] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw3.pdf
[2011/02/19 16:15:44 | 000,055,210 | ---- | C] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw2_Sol.pdf
[2011/02/19 13:00:33 | 000,006,086 | ---- | C] () -- C:\Users\Orlando\Desktop\Attach.zip
[2011/02/19 12:50:54 | 000,624,128 | ---- | C] () -- C:\Users\Orlando\Desktop\dds.scr
[2011/02/19 12:50:17 | 000,001,071 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/19 12:50:05 | 000,000,872 | ---- | C] () -- C:\Users\Orlando\Desktop\ERUNT.lnk
[2011/02/19 10:42:23 | 001,231,044 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/02/19 10:22:15 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/19 10:21:47 | 001,252,984 | ---- | C] () -- C:\Users\Orlando\Desktop\Google Updater.exe
[2011/02/17 19:05:56 | 000,071,852 | ---- | C] () -- C:\Users\Orlando\Desktop\iPod Software License.rtf
[2011/02/16 23:09:37 | 005,298,620 | ---- | C] () -- C:\Users\Orlando\Desktop\greenpois0n.exe
[2011/02/16 23:09:37 | 000,002,657 | ---- | C] () -- C:\Users\Orlando\Desktop\README
[2011/02/13 23:00:01 | 000,616,241 | ---- | C] () -- C:\Users\Orlando\Desktop\Monetary policy.pptx
[2011/02/13 20:26:13 | 003,020,288 | ---- | C] () -- C:\Users\Orlando\Desktop\ch08.ppt
[2011/02/09 20:22:54 | 000,736,638 | ---- | C] () -- C:\Users\Orlando\Desktop\Winter Term 2010-11 Ethics Assignment.pdf
[2011/02/02 06:18:36 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\State.lnk
[2011/01/31 08:10:59 | 000,010,110 | ---- | C] () -- C:\Users\Orlando\Documents\econ202.docx
[2011/01/31 06:19:53 | 000,749,417 | ---- | C] () -- C:\Users\Orlando\Desktop\Bringing in the supply-side.pptx
[2011/01/30 18:36:46 | 000,670,598 | ---- | C] () -- C:\Users\Orlando\Desktop\Food Presentation- Curtis.PDF
[2011/01/30 12:13:58 | 000,091,665 | ---- | C] () -- C:\Users\Orlando\Documents\Orlando_Lam.pdf
[2011/01/29 23:48:24 | 000,012,181 | ---- | C] () -- C:\Users\Orlando\Desktop\MD CL.docx
[2011/01/29 14:26:04 | 000,015,969 | ---- | C] () -- C:\Users\Orlando\Desktop\Ethics Assignment.docx
[2011/01/29 11:04:33 | 000,012,165 | ---- | C] () -- C:\Users\Orlando\Desktop\CL.docx
[2011/01/27 22:52:18 | 000,001,924 | ---- | C] () -- C:\Users\Orlando\Desktop\Mozilla Firefox.lnk
[2011/01/22 23:01:06 | 001,960,373 | ---- | C] () -- C:\Users\Orlando\Desktop\VaultInvestmentBanking.PDF
[2011/01/22 22:57:55 | 000,533,504 | ---- | C] () -- C:\Users\Orlando\Desktop\Zilbergleyt Presentation 11-17-06.ppt
[2011/01/14 21:09:16 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/12/14 09:28:26 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/09/26 14:00:13 | 000,000,086 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\urhtps.dat
[2010/09/26 11:32:53 | 000,051,200 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\6y6xpuez.default.dat
[2010/09/26 07:14:06 | 000,000,065 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\AcroIEHelpe.txt
[2010/09/18 17:52:34 | 000,000,168 | ---- | C] () -- C:\Windows\wininit.ini
[2010/06/19 08:15:58 | 000,007,606 | ---- | C] () -- C:\Users\Orlando\AppData\Local\Resmon.ResmonCfg
[2010/06/03 22:05:32 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/03/27 00:40:12 | 000,000,686 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\myMPQ.ini
[2010/03/10 12:26:26 | 000,006,144 | ---- | C] () -- C:\Users\Orlando\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/23 17:05:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/08 20:34:07 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\ssinstaller.dll
[2009/12/20 20:42:18 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/12/04 12:20:00 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/12/03 22:28:28 | 000,002,424 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/12/03 13:23:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/12/03 12:57:16 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/12/03 12:57:16 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/12/02 08:40:53 | 000,002,029 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\install.dat
[2009/08/18 14:45:45 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/13 19:14:38 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\wuapi.dll
[2009/07/13 19:10:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\WMVDECOD.DLL
[2009/07/13 19:09:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\WMVSDECD.DLL
[2009/07/13 19:03:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dsdmo.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:31:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\WsmSvc.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/11/07 20:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/10/08 22:38:27 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2000/01/27 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL
========== LOP Check ==========
[2010/09/26 07:14:04 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\5005
[2011/02/05 13:31:31 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Acapela Group
[2009/12/03 17:37:34 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\acccore
[2010/09/19 07:34:03 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Audacity
[2010/06/03 22:07:34 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\BITS
[2010/09/26 07:13:34 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\cock
[2010/03/18 15:05:09 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\DAEMON Tools Lite
[2010/11/30 22:23:20 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Elluminate
[2010/06/03 22:05:23 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\FlashGet
[2010/06/03 22:05:13 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\FlashGetBHO
[2011/01/15 22:50:23 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Foxit Software
[2010/12/25 00:08:22 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\HLSW
[2009/12/03 22:59:58 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Leadertech
[2010/09/25 13:55:58 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\ManyCam
[2010/12/10 13:30:10 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Opera
[2010/01/22 15:10:58 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Smartsims
[2009/12/14 00:41:59 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\SystemRequirementsLab
[2010/05/09 23:20:46 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Systweak
[2010/12/19 21:17:00 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\xmldm
[2011/02/05 13:31:40 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Xtranormal
[2011/02/21 19:54:05 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/02/27 01:42:57 | 000,000,222 | ---- | M] () -- C:\Windows\Tasks\Advanced System Optimizer Scheduler.job
[2011/02/18 19:56:13 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\ASOService.job
[2010/08/25 08:37:46 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >
stopdroproll
2011-02-22, 04:00
OTL Extras logfile created on: 2/21/2011 9:48:41 PM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Orlando\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.40 Gb Total Space | 221.82 Gb Free Space | 77.72% Space Free | Partition Type: NTFS
Computer Name: ORLANDO-PC | User Name: Orlando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-1303545217-2589164206-708239540-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5AC309D7-93D6-418F-8DCA-DD710724A5B4}" = Windows Live Family Safety
"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB79B2CD-4555-4D3F-BC37-8948598223F2}" = runtime64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.15
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1696C54E-599A-4BA2-9941-BB70C4727887}" = Xtranormal State - Voicepack-English-UK-Daniel
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{370674BC-FCD0-4C4D-9B55-49A6EFC3DAC6}_is1" = Howie's Quick Screen Capture 1.1.1
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = MetaTrader 4.00
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{467A3BF8-4C87-4E68-835C-CE5318C157C2}" = Xtranormal State - Voicepack-English-US-Tom
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C5694-F5C0-4215-92B7-EE77A4E7319C}" = PHStat2 version 2.7
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
"{838A22DF-81CA-4452-9BDD-A1745224D960}" = Xtranormal State - Voicepack-English-UK-Serena
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{865CD808-6D31-4269-9D36-693CFE75D26A}" = Express Gate
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EC4F64D-92E4-4274-9495-4C887D49DEC3}" = Xtranormal State
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{912536C4-273C-416F-B42C-BBC5B72114D7}" = Xtranormal State - Voicepack-English-US-Samantha
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A1E21995-127E-4B7F-8C4D-CB04AA8A58EF}_is1" = Advanced System Optimizer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5C314F7-928B-44E3-A8A3-169648B1077D}" = Xtranormal State - SoundPack-Starter Kit
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD4D567E-44D7-4CDA-977D-C918D88FA3D9}_is1" = MemTurbo 4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.1
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D28CB048-A0AB-4F98-909F-69F3F25AA87D}" = Xtranormal State - Showpak-Playgoz-Preview
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"avast5" = avast! Free Antivirus
"AVCPhotoStudio_Wrapper" = myPhotoMovie (remove only)
"CMN_Deploy_0" = CMN3 4.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"GIF Viewer" = GIF Viewer 3.1
"GoldWave v5.55" = GoldWave v5.55
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.3.7b
"Immunet Protect" = Immunet Protect
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.6.30 (remove only)
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MS Access 97 SP2" = MS Access 97 SP2
"Network MagicUninstall" = Network Magic
"NirSoft VideoCacheView" = NirSoft VideoCacheView
"Opera 11.01.1190" = Opera 11.01
"PDFZilla_is1" = PDFZilla V1.2.9
"PowerISO" = PowerISO
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"RealPlayer 12.0" = RealPlayer
"RocketDock_is1" = RocketDock 1.3.5
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SopCast" = SopCast 3.2.4
"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0
"Starcraft" = Starcraft
"Steam App 10" = Counter-Strike
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"TVUPlayer" = TVUPlayer 2.5.0.1
"Veetle TV" = Veetle TV 0.9.18
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.1
"Winamp" = Winamp
"WinDjView" = WinDjView 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1303545217-2589164206-708239540-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm
"Google Chrome" = Google Chrome
"OANDA FXGame" = OANDA FXGame
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Winamp Detect" = Winamp Application Detect
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Good Morning,
Your browser setting have been altered by malware, this may fix the disconnect issue plus setting it back to normal. Your Event log may be corrupted also that can cause problems, but lets address the browser setting first.
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again
C:\Windows\SysWow64\ssinstaller.dll <--This file
If the site is busy you can try this one
http://virusscan.jotti.org/en
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
IE - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:DFC5A2B2
:Services
:Reg
:Files
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
stopdroproll
2011-02-23, 02:06
Is the fix suppose to run very long? Has been running for 1.5 hrs. Progress bar fills up and resets. It's at the [emptytemp] part of the code
Should only take a few minutes. Close it out and run this program
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Then run the OTL fix again
stopdroproll
2011-02-23, 03:50
Restartes and can't open firefox. Keeps saying it's already running and not responding. Tried restarting. Chrome and opera not loading either
Try rebooting your computer a few times. If still problems than try this
Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, click the None button near the top (it may looked greyed out)
In the window under Custom Scans/Fixes copy and paste the following
:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]
Click the Run Fix button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.
stopdroproll
2011-02-23, 23:23
Firefox and Chrome isn't working. Got Opera to work, though it's painfully slow.
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Orlando
->Temp folder emptied: 1052 bytes
->Temporary Internet Files folder emptied: 202699 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 5050736 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 434 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 528343 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1005 bytes
Total Files Cleaned = 6.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.21.0 log created on 02232011_163100
Files\Folders moved on Reboot...
C:\Users\Orlando\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Orlando\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Orlando\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Orlando\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Orlando\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Orlando\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
Registry entries deleted on Reboot...
Lets try uninstalling them both via Programs and Features in the Control Panel and redownload and install them both fresh
http://www.mozilla.com/en-US/firefox/
http://www.google.com/chrome/index.html?brand=chmz&utm_source=en-et-yt-ftr&utm_medium=et&utm_campaign=en
stopdroproll
2011-02-24, 01:24
Uninstalled, reinstalled and still the same
All OTL removed was a bad proxy server in Internet Explorer. Lets try restoring your system to an earlier date, pick a date just prior to this happening
With your computer on, click on Start> Restart and as the computer starts to boot up tap the F8 key somewhat rapidly ( do not just hold it down ) when the menu comes up select Repair My Computer and follow the prompts, you will not need a password unless it was set by an administrator. When all the options come up, select System Restore and pick that date prior to running OTL.
Then when its done post a new DDS log and lets take a look
stopdroproll
2011-02-24, 02:48
It says there is no restore points have been created on your computer systems drive
Outside of the browser issues , how is everything else running ?
stopdroproll
2011-02-24, 02:54
It's somewhat slow. If I try to open chrome or firefox, it gets exponentially slower, even when shutting down
Hi,
The policy of Antivirus programs are you should only have one installed and running, more than one can cause hamper system performance and cause other problems. You should have just one, keep it updated and run scans on a regular basis.
avast is your main Antivirus program
Immunet <--I read about this and am not convinced that it works alongside other AVs, try uninstalling it, reboot and see if things got better.
Another option is you may be infected by a rootkit. A rootkit will hide from most scanners so lets run a rootkit scan and see
Click on the pictures and make sure to check and uncheck whats shown
Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
stopdroproll
2011-02-24, 23:45
I'm in gmer and everything above services is greyed out so I can't check them
OK run it and post what you can.
stopdroproll
2011-02-25, 02:45
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-24 20:44:56
Windows 6.1.7600
Running: gmer.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD5 0x01 0x3F 0x9D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5F 0x8B 0xC3 0xBD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x20 0x95 0x4A 0x3F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD5 0x01 0x3F 0x9D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5F 0x8B 0xC3 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x20 0x95 0x4A 0x3F ...
---- Files - GMER 1.0.15 ----
File C:\$WINDOWS.~Q\DATA\Program Files\ASUS\ASUS Data Security Manager\driver\x64 0 bytes
File C:\$WINDOWS.~Q\DATA\Program Files\ASUS\ASUS Data Security Manager\driver\x64\AsDsm.sys 34872 bytes executable
File C:\$WINDOWS.~Q\DATA\Program Files\ASUS\ASUS Data Security Manager\driver\x64\_avt 512 bytes
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
---- EOF - GMER 1.0.15 ----
Looks ok, but I was hoping to see more, this other scanner may show more
Please download RootRepeal from one of these locations and save it to your desktop
Here (http://ad13.geekstogo.com/RootRepeal.exe)
Here (http://download.bleepingcomputer.com/rootrepeal/RootRepeal.exe)
Here (http://rootrepeal.psikotick.com/RootRepeal.exe)
Open http://billy-oneal.com/forums/rootRepeal/rootRepealDesktopIcon.png on your desktop.
Click the http://billy-oneal.com/forums/rootRepeal/reportTab.png tab.
Click the http://billy-oneal.com/forums/rootRepeal/btnScan.png button.
Check just these boxes:
http://forums.whatthetech.com/uploads/monthly_08_2009/post-75503-1250480183.gif
Push Ok
Check the box for your main system drive (Usually C:, and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the http://billy-oneal.com/forums/rootRepeal/saveReport.png button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.
stopdroproll
2011-02-25, 19:50
Said RootRepeal does not support 64bit OS
One of the problems we are having right now is that some tools we use to remove malware have not been written for 64bit. The tool I wanted you to run that would find any problems wont run on 64 bit, I wasnt sure about Root Repeal
This one should run
Please download Rooter Rootkit Detector (http://eric.71.mespages.googlepages.com/Rooter.exe) to your Desktop
Doubleclick it to start the tool.
A Notepad file containing the report will open, also found at %systemdrive% (usually C:\Rooter.txt.
Post the report for me to see.
stopdroproll
2011-02-26, 00:34
Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7600)
[32_bits] - Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.7600.16385
Mozilla Firefox 3.6.13 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:285 Go - Free:225 Go )
D:\ [CD_Rom]
G:\ [CD_Rom]
.
Scan : 18:31.06
Path : C:\Users\Orlando\Desktop\Rooter.exe
User : Orlando ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (392)
Locked csrss.exe (572)
Locked wininit.exe (632)
Locked csrss.exe (652)
Locked services.exe (692)
Locked lsass.exe (708)
Locked lsm.exe (716)
Locked svchost.exe (828)
Locked winlogon.exe (880)
Locked nvvsvc.exe (948)
Locked svchost.exe (988)
Locked svchost.exe (540)
Locked svchost.exe (764)
Locked svchost.exe (972)
Locked svchost.exe (1144)
Locked nvvsvc.exe (1224)
Locked svchost.exe (1272)
Locked ADSMSrv.exe (1400)
Locked AsLdrSrv.exe (1436)
Locked GFNEXSrv.exe (1460)
______ ?????????? (1684)
______ ?????????? (1712)
Locked wcourier.exe (1748)
Locked HControl.exe (1756)
Locked ATKOSD.exe (1800)
Locked KBFiltr.exe (1808)
Locked WDC.exe (1816)
Locked spoolsv.exe (1896)
______ ?????????? (1912)
______ ?????????? (2008)
______ ?????????? (2016)
______ ?????????? (1624)
Locked svchost.exe (1388)
______ C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (2168)
______ C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe (2192)
Locked svchost.exe (2320)
______ ?????????? (2336)
Locked AppleMobileDeviceService.exe (2364)
______ C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (2376)
______ C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (2412)
Locked taskeng.exe (2448)
______ C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (2476)
Locked sensorsrv.exe (2520)
Locked Net4Switch.exe (2544)
Locked BatteryLife.exe (2740)
Locked ASO3DefragSrv64.exe (2932)
Locked mDNSResponder.exe (2964)
Locked systemprotector.exe (2992)
Locked svchost.exe (3028)
Locked LSSrvc.exe (3056)
Locked SeaPort.exe (3088)
Locked spmgr.exe (3124)
Locked svchost.exe (3180)
Locked nmsrvc.exe (3288)
Locked SDWinSec.exe (3456)
Locked svchost.exe (4420)
Locked SynTPHelper.exe (4948)
Locked svchost.exe (1956)
Locked svchost.exe (4912)
______ C:\Program Files\Alwil Software\Avast5\AvastUI.exe (1648)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3940)
______ C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (4160)
______ C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (1740)
Locked wmpnetwk.exe (4580)
Locked svchost.exe (3220)
______ ?????????? (3948)
______ C:\Program Files (x86)\Opera\opera.exe (4388)
Locked svchost.exe (3712)
Locked audiodg.exe (3760)
______ C:\Users\Orlando\Desktop\Rooter.exe (3792)
Locked MpCmdRun.exe (896)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:13629256704)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:13629288960 | Length:306442595840)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Ad-Aware Update (Weekly).job
C:\Windows\Tasks\Advanced System Optimizer Scheduler.job
C:\Windows\Tasks\ASOService.job
C:\Windows\Tasks\Google Software Updater.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
.
C:\Rooter$\Rooter_1.txt - (25/02/2011 | 18:33.51)
Log looks ok, lets run Combofix, it should fix the event log and this may be the problem
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
stopdroproll
2011-02-26, 03:00
ComboFix 11-02-24.05 - Orlando 02/25/2011 19:15:33.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2799 [GMT -5:00]
Running from: c:\users\Orlando\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Possible infected sites -----
hxxp://apnmedia.ask.com
.
((((((((((((((((((((((((( Files Created from 2011-01-26 to 2011-02-26 )))))))))))))))))))))))))))))))
.
2011-02-26 00:24 . 2011-02-26 00:24 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-02-26 00:24 . 2011-02-26 00:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-25 23:33 . 2011-02-25 23:33 -------- d-----w- C:\Rooter$
2011-02-25 19:21 . 2011-02-25 19:21 -------- d-----w- c:\users\Orlando\AppData\Local\Adobe
2011-02-23 23:34 . 2010-12-03 19:35 553696 ----a-w- c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
2011-02-23 23:33 . 2010-12-03 19:35 25048 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browserdirprovider.dll
2011-02-23 23:33 . 2010-12-03 19:35 140248 ----a-w- c:\program files (x86)\Mozilla Firefox\components\brwsrcmp.dll
2011-02-23 23:32 . 2010-12-03 19:35 66520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npnul32.dll
2011-02-23 23:27 . 2010-12-03 19:35 11775448 ----a-w- c:\program files (x86)\Mozilla Firefox\xul.dll
2011-02-23 23:26 . 2010-12-03 19:35 19416 ----a-w- c:\program files (x86)\Mozilla Firefox\xpcom.dll
2011-02-23 23:26 . 2010-12-03 19:35 245208 ----a-w- c:\program files (x86)\Mozilla Firefox\updater.exe
2011-02-23 23:26 . 2010-12-03 19:35 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\ssl3.dll
2011-02-23 23:26 . 2010-12-03 19:35 492504 ----a-w- c:\program files (x86)\Mozilla Firefox\sqlite3.dll
2011-02-23 23:26 . 2010-12-03 19:35 105432 ----a-w- c:\program files (x86)\Mozilla Firefox\smime3.dll
2011-02-23 23:26 . 2010-12-03 17:36 155648 ----a-w- c:\program files (x86)\Mozilla Firefox\softokn3.dll
2011-02-23 23:26 . 2010-12-03 19:35 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-02-23 23:26 . 2010-12-03 19:35 19416 ----a-w- c:\program files (x86)\Mozilla Firefox\plds4.dll
2011-02-23 01:54 . 2011-02-23 01:54 -------- d-----w- c:\users\Orlando\AppData\Local\AIM
2011-02-23 01:54 . 2011-02-23 01:54 -------- d-----w- c:\users\Orlando\AppData\Local\AOL
2011-02-22 23:36 . 2011-02-22 23:36 -------- d-----w- C:\_OTL
2011-02-19 17:50 . 2011-02-19 17:50 -------- d-----w- c:\program files (x86)\ERUNT
2011-02-19 15:42 . 2010-07-16 19:53 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2011-02-19 15:42 . 2010-06-29 15:35 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2011-02-19 15:42 . 2010-11-17 15:20 331368 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2011-02-19 15:42 . 2010-11-17 15:20 136168 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2011-02-19 15:42 . 2010-11-25 15:43 257232 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2011-02-19 15:41 . 2010-11-25 15:42 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2011-02-19 15:41 . 2011-02-19 15:42 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-02-19 15:41 . 2011-02-24 22:35 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-02-19 15:41 . 2011-02-19 15:41 -------- d-----w- c:\programdata\PC Tools
2011-02-19 15:41 . 2011-02-19 15:41 -------- d-----w- c:\users\Orlando\AppData\Roaming\PC Tools
2011-02-19 15:25 . 2011-02-24 22:18 -------- d-----w- c:\programdata\Immunet
2011-02-19 15:25 . 2011-02-19 15:25 -------- d-----w- c:\users\Orlando\AppData\Local\Immunet
2011-02-19 15:22 . 2011-02-19 15:22 -------- d-----w- c:\program files\Google
2011-02-19 15:22 . 2011-02-19 17:11 -------- d-----w- c:\programdata\Google Updater
2011-02-17 01:52 . 2011-02-17 01:52 83249512 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlcC5FA.tmp
2011-02-05 18:31 . 2011-02-05 18:31 -------- d-----w- c:\users\Orlando\AppData\Roaming\Acapela Group
2011-02-05 18:31 . 2011-02-05 18:31 -------- d-----w- c:\users\Orlando\AppData\Local\Xtranormal
2011-02-02 11:18 . 2011-02-02 11:18 -------- d-----w- c:\program files (x86)\Xtranormal
2011-02-02 11:18 . 2011-02-05 18:31 -------- d-----w- c:\users\Orlando\AppData\Roaming\Xtranormal
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-15 02:09 . 2011-01-15 02:09 8673792 ----a-w- c:\programdata\atscie.msi
2010-12-14 06:11 . 2010-06-18 05:45 1836 ----a-w- c:\windows\system32\ASOROSet.bin
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 22:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"ADSMTray"="c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2009-06-24 272952]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SystemProtector"="c:\program files (x86)\Advanced System Optimizer 3\systemprotector.exe" [2010-10-05 10000184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-3 1207312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0sasnative64
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2010-11-05 17440]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 69152]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-11-25 257232]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2010-06-29 452872]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2010-07-16 816016]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-18 834544]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2010-10-05 263480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-11-25 1375992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 69736]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-16 6952960]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2011-02-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 15:30]
2011-02-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-19 15:22]
2011-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000Core.job
- c:\users\Orlando\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-23 23:11]
2011-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000UA.job
- c:\users\Orlando\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-23 23:11]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 21:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-17 8114720]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-09-17 1833504]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: NetVideoHunter: netvideohunter@netvideohunter.com - %profile%\extensions\netvideohunter@netvideohunter.com
FF - Ext: Old Location Bar: {3205B348-523A-4fac-9BC4-9939CBF583B0} - %profile%\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
FF - Ext: Dictionary Tooltip: {C6128004-4838-4708-9A97-BB172D17767D} - %profile%\extensions\{C6128004-4838-4708-9A97-BB172D17767D}
FF - Ext: AFOM Addon: afom@idevfh - %profile%\extensions\afom@idevfh
FF - Ext: Resurrect Pages: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3} - %profile%\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: JavaString Helper: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA} - c:\users\Orlando\AppData\Roaming\5005
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files (x86)\Siber Systems\AI RoboForm\Firefox
FF - Ext: JavaString Helper: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA} - c:\users\Orlando\AppData\Roaming\5005
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-dBpowerAMP Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-OANDA FXGame - c:\windows\system32\javaws.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Orlando\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Advanced System Optimizer 3\ASO3.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-02-25 19:56:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-26 00:56
Pre-Run: 240,214,052,864 bytes free
Post-Run: 240,133,967,872 bytes free
- - End Of File - - 16CC5B1915EA4B178C448E86C5505DE1
Not much removed and the rest of the log is not showing a rootkit or anything else bad. When you first posted your complaints where of being disconnected from the internet at times and your browser being slow. Are you still having connectivity problems ? How is IE running ?
This was from your first OTL log and it malware and it was fixed
IE - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
stopdroproll
2011-02-26, 05:23
There's still noticeable lag in general, not just the browser, and I still can't get on Firefox or Chrome. I don't have IE on here. Still can't activate avast, telling me system is unsecured. I've been connected by ethernet and now switching to wireless, too short to tell if I still have disconnect problems.
Good Morning,
I am still concerned about Eventlog. OTL said it was corrupt and CF did not show any signs of fixing it so dont know whats up with that.
Do this
Go to Start> Run and type in services.msc > ok, your windows services will load. Its all alphabetical , scroll down and look for Windows Event Log, it should show that it starts automatically, if not right click on it and go go properties and you can change the start up type to Automatic.
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
/md5start
eventlog.dll
/md5stop
Then click the Run Scan button at the top
Let the program run unhindered, reboot when it is done
Then post the resulting OTL log.
stopdroproll
2011-02-26, 18:19
OTL logfile created on: 2/26/2011 8:52:06 AM - Run 2
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Orlando\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.40 Gb Total Space | 225.86 Gb Free Space | 79.14% Space Free | Partition Type: NTFS
Computer Name: ORLANDO-PC | User Name: Orlando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Orlando\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe (Systweak Inc., (www.systweak.com))
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
========== Modules (SafeList) ==========
MOD - C:\Users\Orlando\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV:64bit: - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (ASO3DiskOptimizer) -- C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe (Systweak Inc., (www.systweak.com))
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (WinRM) Windows Remote Management (WS-Management) -- C:\Windows\SysWOW64\WsmSvc.dll ()
SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\drivers\purendis.sys (Cisco Systems, Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {C6128004-4838-4708-9A97-BB172D17767D}:1.6.1
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.3
FF - prefs.js..extensions.enabledItems: {3205B348-523A-4fac-9BC4-9939CBF583B0}:2.1.5
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: afom@idevfh:2.0
FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.3
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/03 23:37:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/21 13:58:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/02/23 19:20:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/23 18:32:10 | 000,000,000 | ---D | M]
[2010/10/04 10:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Extensions
[2010/10/19 05:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions
[2010/10/04 20:19:56 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/10/04 20:19:52 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2010/10/04 20:19:52 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2010/10/07 19:33:12 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/10/04 20:19:54 | 000,000,000 | ---D | M] ("Dictionary Tooltip") -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{C6128004-4838-4708-9A97-BB172D17767D}
[2010/10/04 20:19:54 | 000,000,000 | ---D | M] (AFOM Addon) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\afom@idevfh
[2010/10/04 20:19:50 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\autopager@mozilla.org
[2010/10/04 20:19:50 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\firefox@tvunetworks.com
[2010/10/04 20:19:51 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\netvideohunter@netvideohunter.com
[2010/10/04 20:19:54 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\searchrecs@veoh.com
[2009/12/03 17:39:52 | 000,004,554 | ---- | M] () -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\searchplugins\aim-search.xml
[2010/03/19 00:27:14 | 000,001,820 | ---- | M] () -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\searchplugins\bing.xml
[2011/02/23 18:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/20 12:32:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/22 16:23:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/04/02 13:13:57 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES (X86)\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
[2010/09/26 07:14:04 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\ORLANDO\APPDATA\ROAMING\5005
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
O1 HOSTS File: ([2011/02/23 16:40:56 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SystemProtector] C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe (Systweak Inc., (www.systweak.com))
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (sasnative64) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/02/25 23:17:14 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/02/25 23:17:14 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/02/25 23:17:14 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/02/25 23:17:14 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/02/25 23:17:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/02/25 23:17:14 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/02/25 23:17:11 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/02/25 23:17:11 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/02/25 23:17:11 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/02/25 23:17:11 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/02/25 23:17:11 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/02/25 23:17:11 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/25 23:17:11 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/25 23:17:11 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/25 23:17:11 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/02/25 23:17:11 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/02/25 23:17:10 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/02/25 23:17:08 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/02/25 23:17:03 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/02/25 23:17:03 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/02/25 23:17:00 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/02/25 23:17:00 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/02/25 23:17:00 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/25 23:16:55 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/02/25 23:16:55 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/02/25 23:16:49 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/02/25 23:16:49 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/02/25 22:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2011/02/25 22:34:22 | 002,530,104 | ---- | C] (Microsoft Corporation) -- C:\Users\Orlando\Desktop\IE9-Windows7-x64-enu.exe
[2011/02/25 19:58:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/25 19:27:11 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/02/25 19:11:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/25 19:11:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/25 19:11:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/25 19:11:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/25 19:10:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/25 18:33:51 | 000,000,000 | ---D | C] -- C:\Rooter$
[2011/02/25 18:30:21 | 000,173,119 | ---- | C] (Eric_71) -- C:\Users\Orlando\Desktop\Rooter.exe
[2011/02/25 14:21:01 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\Adobe
[2011/02/25 13:49:12 | 000,472,064 | ---- | C] ( ) -- C:\Users\Orlando\Desktop\RootRepeal.exe
[2011/02/23 18:40:30 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/23 18:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/02/23 18:15:56 | 008,582,536 | ---- | C] (Mozilla) -- C:\Users\Orlando\Desktop\Firefox Setup 3.6.13.exe
[2011/02/23 18:09:38 | 000,568,664 | ---- | C] (Google Inc.) -- C:\Users\Orlando\Desktop\ChromeSetup.exe
[2011/02/22 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\AIM
[2011/02/22 20:54:19 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\AOL
[2011/02/22 20:39:15 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Orlando\Desktop\ATF-Cleaner.exe
[2011/02/22 18:36:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/21 22:41:29 | 000,000,000 | ---D | C] -- C:\Users\Orlando\Desktop\AdamTheAnalyst
[2011/02/21 21:45:35 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\Orlando\Desktop\OTL.exe
[2011/02/19 12:50:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/19 12:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/19 12:50:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/02/19 12:49:15 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Orlando\Desktop\erunt-setup.exe
[2011/02/19 10:42:22 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2011/02/19 10:42:22 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2011/02/19 10:42:19 | 000,331,368 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/02/19 10:42:19 | 000,136,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/02/19 10:42:15 | 000,257,232 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/02/19 10:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/02/19 10:41:37 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011/02/19 10:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/02/19 10:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/02/19 10:41:04 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\PC Tools
[2011/02/19 10:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/02/19 10:25:02 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\Immunet
[2011/02/19 10:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Immunet
[2011/02/19 10:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/02/19 10:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Updater
[2011/02/19 10:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2011/02/16 00:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/05 13:31:31 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\Acapela Group
[2011/02/05 13:31:23 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\Xtranormal
[2011/02/02 06:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xtranormal State
[2011/02/02 06:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xtranormal
[2011/02/02 06:18:13 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\Xtranormal
[2 C:\Users\Orlando\AppData\Roaming\*.tmp files -> C:\Users\Orlando\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Orlando\Desktop\*.tmp files -> C:\Users\Orlando\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/02/26 11:21:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000UA.job
[2011/02/26 11:02:00 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\ASOService.job
[2011/02/26 08:46:57 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/26 08:46:57 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/26 08:40:48 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/26 08:39:06 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/26 08:36:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/26 08:36:16 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/25 23:17:14 | 001,888,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/02/25 23:17:14 | 001,837,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/02/25 23:17:14 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/02/25 23:17:14 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/02/25 23:17:14 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/02/25 23:17:14 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/02/25 23:17:14 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/02/25 23:17:11 | 001,863,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/02/25 23:17:11 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/02/25 23:17:11 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/02/25 23:17:11 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/02/25 23:17:11 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/02/25 23:17:11 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/25 23:17:11 | 000,470,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/25 23:17:11 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/25 23:17:11 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/02/25 23:17:11 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/02/25 23:17:08 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/02/25 23:17:03 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/02/25 23:17:03 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/02/25 23:17:03 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/02/25 23:17:00 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/02/25 23:17:00 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/25 23:16:55 | 004,068,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/02/25 23:16:55 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/02/25 23:16:49 | 001,237,976 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/02/25 23:16:49 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/02/25 23:16:49 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/02/25 22:34:54 | 002,530,104 | ---- | M] (Microsoft Corporation) -- C:\Users\Orlando\Desktop\IE9-Windows7-x64-enu.exe
[2011/02/25 19:09:00 | 004,274,659 | R--- | M] () -- C:\Users\Orlando\Desktop\ComboFix.exe
[2011/02/25 18:30:21 | 000,173,119 | ---- | M] (Eric_71) -- C:\Users\Orlando\Desktop\Rooter.exe
[2011/02/25 18:18:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000Core.job
[2011/02/25 13:49:12 | 000,472,064 | ---- | M] ( ) -- C:\Users\Orlando\Desktop\RootRepeal.exe
[2011/02/24 17:17:50 | 000,288,107 | ---- | M] () -- C:\Users\Orlando\Desktop\gmer.zip
[2011/02/23 19:20:41 | 000,002,291 | ---- | M] () -- C:\Users\Orlando\Desktop\Google Chrome.lnk
[2011/02/23 18:35:18 | 000,001,930 | ---- | M] () -- C:\Users\Orlando\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/23 18:35:15 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/23 18:17:22 | 008,582,536 | ---- | M] (Mozilla) -- C:\Users\Orlando\Desktop\Firefox Setup 3.6.13.exe
[2011/02/23 18:11:02 | 000,568,664 | ---- | M] (Google Inc.) -- C:\Users\Orlando\Desktop\ChromeSetup.exe
[2011/02/23 16:40:56 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/02/22 20:39:03 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Orlando\Desktop\ATF-Cleaner.exe
[2011/02/21 21:46:56 | 000,129,289 | ---- | M] () -- C:\Users\Orlando\Desktop\12133.png
[2011/02/21 21:45:41 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Orlando\Desktop\OTL.exe
[2011/02/20 15:56:34 | 001,401,379 | ---- | M] () -- C:\Users\Orlando\Desktop\BlackRock Liquidity.PDF
[2011/02/19 22:42:09 | 000,816,191 | ---- | M] () -- C:\Users\Orlando\Desktop\Money and the Banking System.pptx
[2011/02/19 16:24:02 | 000,006,086 | ---- | M] () -- C:\Users\Orlando\Desktop\Attach.zip
[2011/02/19 16:22:34 | 000,044,318 | ---- | M] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw3.pdf
[2011/02/19 16:15:45 | 000,055,210 | ---- | M] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw2_Sol.pdf
[2011/02/19 12:50:59 | 000,624,128 | ---- | M] () -- C:\Users\Orlando\Desktop\dds.scr
[2011/02/19 12:50:17 | 000,001,071 | ---- | M] () -- C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/19 12:50:05 | 000,000,872 | ---- | M] () -- C:\Users\Orlando\Desktop\ERUNT.lnk
[2011/02/19 12:49:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Orlando\Desktop\erunt-setup.exe
[2011/02/19 10:22:00 | 001,252,984 | ---- | M] () -- C:\Users\Orlando\Desktop\Google Updater.exe
[2011/02/17 19:05:56 | 000,071,852 | ---- | M] () -- C:\Users\Orlando\Desktop\iPod Software License.rtf
[2011/02/13 23:00:05 | 000,616,241 | ---- | M] () -- C:\Users\Orlando\Desktop\Monetary policy.pptx
[2011/02/13 20:26:42 | 003,020,288 | ---- | M] () -- C:\Users\Orlando\Desktop\ch08.ppt
[2011/02/12 23:32:19 | 000,015,969 | ---- | M] () -- C:\Users\Orlando\Desktop\Ethics Assignment.docx
[2011/02/12 21:58:56 | 005,298,620 | ---- | M] () -- C:\Users\Orlando\Desktop\greenpois0n.exe
[2011/02/11 22:36:56 | 000,002,657 | ---- | M] () -- C:\Users\Orlando\Desktop\README
[2011/02/11 06:56:13 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/11 06:56:13 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/11 06:56:13 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/09 20:23:02 | 000,736,638 | ---- | M] () -- C:\Users\Orlando\Desktop\Winter Term 2010-11 Ethics Assignment.pdf
[2011/02/06 09:42:15 | 000,437,958 | ---- | M] () -- C:\Users\Orlando\Documents\Copy.docx
[2011/02/01 17:16:18 | 000,091,665 | ---- | M] () -- C:\Users\Orlando\Documents\Orlando_Lam.pdf
[2011/01/31 08:59:47 | 000,010,110 | ---- | M] () -- C:\Users\Orlando\Documents\econ202.docx
[2011/01/31 06:19:58 | 000,749,417 | ---- | M] () -- C:\Users\Orlando\Desktop\Bringing in the supply-side.pptx
[2011/01/30 18:34:28 | 000,670,598 | ---- | M] () -- C:\Users\Orlando\Desktop\Food Presentation- Curtis.PDF
[2011/01/30 17:36:04 | 000,012,165 | ---- | M] () -- C:\Users\Orlando\Desktop\CL.docx
[2011/01/30 10:50:03 | 000,012,181 | ---- | M] () -- C:\Users\Orlando\Desktop\MD CL.docx
[2011/01/29 02:02:43 | 000,022,899 | ---- | M] () -- C:\Users\Orlando\Documents\orlando_lam1.docx
[2 C:\Users\Orlando\AppData\Roaming\*.tmp files -> C:\Users\Orlando\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Orlando\Desktop\*.tmp files -> C:\Users\Orlando\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/02/25 21:11:24 | 000,000,462 | ---- | C] () -- C:\Windows\tasks\ASOService.job
[2011/02/25 19:11:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/25 19:11:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/25 19:11:40 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/25 19:11:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/25 19:11:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/25 19:09:00 | 004,274,659 | R--- | C] () -- C:\Users\Orlando\Desktop\ComboFix.exe
[2011/02/24 17:32:42 | 000,296,448 | ---- | C] () -- C:\Users\Orlando\Desktop\gmer.exe
[2011/02/24 17:17:50 | 000,288,107 | ---- | C] () -- C:\Users\Orlando\Desktop\gmer.zip
[2011/02/23 18:41:13 | 000,002,291 | ---- | C] () -- C:\Users\Orlando\Desktop\Google Chrome.lnk
[2011/02/23 18:35:18 | 000,001,930 | ---- | C] () -- C:\Users\Orlando\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/23 18:35:15 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/23 18:16:55 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000UA.job
[2011/02/23 18:13:57 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000Core.job
[2011/02/21 21:46:56 | 000,129,289 | ---- | C] () -- C:\Users\Orlando\Desktop\12133.png
[2011/02/21 06:32:01 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/20 16:21:29 | 001,401,379 | ---- | C] () -- C:\Users\Orlando\Desktop\BlackRock Liquidity.PDF
[2011/02/19 22:41:56 | 000,816,191 | ---- | C] () -- C:\Users\Orlando\Desktop\Money and the Banking System.pptx
[2011/02/19 16:21:33 | 000,044,318 | ---- | C] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw3.pdf
[2011/02/19 16:15:44 | 000,055,210 | ---- | C] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw2_Sol.pdf
[2011/02/19 13:00:33 | 000,006,086 | ---- | C] () -- C:\Users\Orlando\Desktop\Attach.zip
[2011/02/19 12:50:54 | 000,624,128 | ---- | C] () -- C:\Users\Orlando\Desktop\dds.scr
[2011/02/19 12:50:17 | 000,001,071 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/19 12:50:05 | 000,000,872 | ---- | C] () -- C:\Users\Orlando\Desktop\ERUNT.lnk
[2011/02/19 10:42:23 | 001,237,976 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/02/19 10:22:15 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/19 10:21:47 | 001,252,984 | ---- | C] () -- C:\Users\Orlando\Desktop\Google Updater.exe
[2011/02/17 19:05:56 | 000,071,852 | ---- | C] () -- C:\Users\Orlando\Desktop\iPod Software License.rtf
[2011/02/16 23:09:37 | 005,298,620 | ---- | C] () -- C:\Users\Orlando\Desktop\greenpois0n.exe
[2011/02/16 23:09:37 | 000,002,657 | ---- | C] () -- C:\Users\Orlando\Desktop\README
[2011/02/13 23:00:01 | 000,616,241 | ---- | C] () -- C:\Users\Orlando\Desktop\Monetary policy.pptx
[2011/02/13 20:26:13 | 003,020,288 | ---- | C] () -- C:\Users\Orlando\Desktop\ch08.ppt
[2011/02/09 20:22:54 | 000,736,638 | ---- | C] () -- C:\Users\Orlando\Desktop\Winter Term 2010-11 Ethics Assignment.pdf
[2011/01/31 08:10:59 | 000,010,110 | ---- | C] () -- C:\Users\Orlando\Documents\econ202.docx
[2011/01/31 06:19:53 | 000,749,417 | ---- | C] () -- C:\Users\Orlando\Desktop\Bringing in the supply-side.pptx
[2011/01/30 18:36:46 | 000,670,598 | ---- | C] () -- C:\Users\Orlando\Desktop\Food Presentation- Curtis.PDF
[2011/01/30 12:13:58 | 000,091,665 | ---- | C] () -- C:\Users\Orlando\Documents\Orlando_Lam.pdf
[2011/01/29 23:48:24 | 000,012,181 | ---- | C] () -- C:\Users\Orlando\Desktop\MD CL.docx
[2011/01/29 14:26:04 | 000,015,969 | ---- | C] () -- C:\Users\Orlando\Desktop\Ethics Assignment.docx
[2011/01/29 11:04:33 | 000,012,165 | ---- | C] () -- C:\Users\Orlando\Desktop\CL.docx
[2011/01/14 21:09:16 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/12/14 09:28:26 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/09/26 14:00:13 | 000,000,086 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\urhtps.dat
[2010/09/26 11:32:53 | 000,051,200 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\6y6xpuez.default.dat
[2010/09/26 07:14:06 | 000,000,065 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\AcroIEHelpe.txt
[2010/09/18 17:52:34 | 000,000,168 | ---- | C] () -- C:\Windows\wininit.ini
[2010/06/19 08:15:58 | 000,007,606 | ---- | C] () -- C:\Users\Orlando\AppData\Local\Resmon.ResmonCfg
[2010/06/03 22:05:32 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/03/27 00:40:12 | 000,000,686 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\myMPQ.ini
[2010/03/10 12:26:26 | 000,006,144 | ---- | C] () -- C:\Users\Orlando\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/23 17:05:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/08 20:34:07 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\ssinstaller.dll
[2009/12/20 20:42:18 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/12/04 12:20:00 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/12/03 22:28:28 | 000,002,424 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/12/03 13:23:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/12/03 12:57:16 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/12/03 12:57:16 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/12/02 08:40:53 | 000,002,029 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\install.dat
[2009/08/18 14:45:45 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/13 19:14:38 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\wuapi.dll
[2009/07/13 19:09:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\WMVSDECD.DLL
[2009/07/13 19:03:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dsdmo.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:31:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\WsmSvc.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/11/07 20:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/10/08 22:38:27 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2000/01/27 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL
========== Custom Scans ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >
It didn't show what I was looking for. I'll be back as soon as I can
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
eventlog.dll
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
stopdroproll
2011-02-27, 08:36
Is it suppose totals long? It's been 'scanning...' for a while now
stopdroproll
2011-02-27, 08:37
Take***
That should only take a few seconds, go ahead and cancel it
Go to start > All Programs > Accessories
Right Click Command Prompt and select run as administrator
When the prompt opens type the following bolded text and press enter
sfc /scannow (Note: There is a space between sfc and /scannow)
stopdroproll
2011-02-27, 16:01
Done...
OK, lets see what it finds now, when you open OTL you can click on the NONE button, it looks greyed out but its not
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
/md5start
eventlog.dll
eventlog.*
/md5stop
Then click the Run Scan button at the top
Let the program run unhindered, reboot when it is done
Then post the resulting OTL log.
stopdroproll
2011-02-27, 16:55
OTL logfile created on: 2/27/2011 10:15:51 AM - Run 3
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Orlando\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.40 Gb Total Space | 225.20 Gb Free Space | 78.91% Space Free | Partition Type: NTFS
Computer Name: ORLANDO-PC | User Name: Orlando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< MD5 for: EVENTLOG.ADML >
[2009/07/13 21:28:48 | 000,007,635 | ---- | M] () MD5=EDE283CF86AB27C2D088FEC300A31E5B -- C:\Windows\winsxs\amd64_microsoft-windows-eventlog-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ef6a54bcf9d9e555\EventLog.adml
< MD5 for: EVENTLOG.ADMX >
[2009/06/10 15:56:31 | 000,012,429 | ---- | M] () MD5=5FEA05DAF55C86EF5747510D7AFE9BC4 -- C:\Windows\winsxs\amd64_microsoft-windows-eventlog-adm_31bf3856ad364e35_6.1.7600.16385_none_02a85deb8287727e\EventLog.admx
< MD5 for: EVENTLOG.ETL >
[2011/02/13 15:12:10 | 000,393,216 | ---- | M] () MD5=7D250045D4BB883C5C8EAC1A2B7F76EA -- C:\Windows\SysNative\NDF\eventlog.etl
< End of report >
Looks like the eventlog is working.
Drag OTL to the trash and download a new copy, I mainly need to see the extras log
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
stopdroproll
2011-02-27, 23:49
I only got one log.
OTL logfile created on: 2/27/2011 5:29:28 PM - Run 4
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Orlando\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.40 Gb Total Space | 225.31 Gb Free Space | 78.95% Space Free | Partition Type: NTFS
Computer Name: ORLANDO-PC | User Name: Orlando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Orlando\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe (Systweak Inc., (www.systweak.com))
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
========== Modules (SafeList) ==========
MOD - C:\Users\Orlando\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV:64bit: - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (ASO3DiskOptimizer) -- C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe (Systweak Inc., (www.systweak.com))
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (WinRM) Windows Remote Management (WS-Management) -- C:\Windows\SysWOW64\WsmSvc.dll ()
SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\drivers\purendis.sys (Cisco Systems, Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {C6128004-4838-4708-9A97-BB172D17767D}:1.6.1
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.3
FF - prefs.js..extensions.enabledItems: {3205B348-523A-4fac-9BC4-9939CBF583B0}:2.1.5
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: afom@idevfh:2.0
FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.3
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/03 23:37:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/21 13:58:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/02/23 19:20:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/23 18:32:10 | 000,000,000 | ---D | M]
[2010/10/04 10:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Extensions
[2010/10/19 05:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions
[2010/10/04 20:19:56 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/10/04 20:19:52 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2010/10/04 20:19:52 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2010/10/07 19:33:12 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/10/04 20:19:54 | 000,000,000 | ---D | M] ("Dictionary Tooltip") -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{C6128004-4838-4708-9A97-BB172D17767D}
[2010/10/04 20:19:54 | 000,000,000 | ---D | M] (AFOM Addon) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\afom@idevfh
[2010/10/04 20:19:50 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\autopager@mozilla.org
[2010/10/04 20:19:50 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\firefox@tvunetworks.com
[2010/10/04 20:19:51 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\netvideohunter@netvideohunter.com
[2010/10/04 20:19:54 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\searchrecs@veoh.com
[2009/12/03 17:39:52 | 000,004,554 | ---- | M] () -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\searchplugins\aim-search.xml
[2010/03/19 00:27:14 | 000,001,820 | ---- | M] () -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\searchplugins\bing.xml
[2011/02/23 18:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/20 12:32:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/22 16:23:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/04/02 13:13:57 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES (X86)\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
[2010/09/26 07:14:04 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\ORLANDO\APPDATA\ROAMING\5005
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
O1 HOSTS File: ([2011/02/23 16:40:56 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SystemProtector] C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe (Systweak Inc., (www.systweak.com))
O4 - HKU\S-1-5-21-1303545217-2589164206-708239540-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (sasnative64) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/02/27 17:23:51 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Orlando\Desktop\OTL.exe
[2011/02/26 20:50:14 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/02/26 20:50:14 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/02/26 20:50:14 | 002,272,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/02/26 20:50:14 | 001,791,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/02/26 20:50:14 | 001,490,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/02/26 20:50:14 | 001,426,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/02/26 20:50:14 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/02/26 20:50:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/26 20:50:14 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/02/26 20:50:14 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/02/26 20:50:14 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/02/26 20:50:14 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/02/26 20:50:14 | 000,453,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/02/26 20:50:14 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/02/26 20:50:14 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/02/26 20:50:14 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/02/26 20:50:14 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/02/26 20:50:14 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/02/26 20:50:14 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/02/26 20:50:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/02/26 20:50:14 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/02/26 20:50:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/02/26 20:50:14 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/02/26 20:50:14 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/02/26 20:50:14 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/02/26 20:50:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/02/26 20:50:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/02/26 20:50:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/02/26 20:50:14 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/02/26 20:50:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/02/26 20:50:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/02/26 20:50:14 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/02/26 20:50:14 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/02/26 20:50:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/02/26 20:50:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/02/26 20:50:14 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/02/26 20:50:14 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/02/26 20:50:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/02/26 20:50:14 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/02/26 20:50:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/02/26 20:50:14 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/02/26 20:50:14 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/02/26 20:50:14 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/02/26 20:50:14 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/02/26 20:50:14 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/02/26 20:50:14 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/02/26 20:50:14 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/02/26 20:50:14 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/02/26 20:50:14 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/02/26 20:50:14 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/02/26 20:50:14 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/02/26 20:50:14 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/02/26 20:50:14 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/02/26 20:50:14 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/02/26 20:50:14 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/02/26 20:50:14 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/02/26 20:50:14 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/02/26 20:50:14 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/02/26 20:50:14 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/02/26 20:50:14 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/02/26 20:50:14 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/02/26 20:50:14 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/02/26 20:50:14 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/02/26 20:50:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/02/26 20:50:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/02/26 20:50:14 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/02/26 20:50:14 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/02/26 20:50:14 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/02/26 20:50:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/02/26 20:50:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/02/26 20:50:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/02/26 20:50:14 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/02/26 20:50:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/02/26 20:50:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/02/26 20:50:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/02/26 20:50:14 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/02/26 20:50:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/02/26 20:50:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/02/25 23:17:14 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/02/25 23:17:14 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/02/25 23:17:14 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/02/25 23:17:14 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/02/25 23:17:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/02/25 23:17:14 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/02/25 23:17:11 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/02/25 23:17:11 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/02/25 23:17:11 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/02/25 23:17:11 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/02/25 23:17:11 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/02/25 23:17:11 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/25 23:17:11 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/25 23:17:11 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/25 23:17:11 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/02/25 23:17:11 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/02/25 23:17:10 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/02/25 23:17:08 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/02/25 23:17:03 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/02/25 23:17:03 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/02/25 23:17:00 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/02/25 23:17:00 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/02/25 23:17:00 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/25 23:16:55 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/02/25 23:16:55 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/02/25 23:16:49 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/02/25 23:16:49 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/02/25 22:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2011/02/25 22:34:22 | 002,530,104 | ---- | C] (Microsoft Corporation) -- C:\Users\Orlando\Desktop\IE9-Windows7-x64-enu.exe
[2011/02/25 19:58:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/25 19:27:11 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/02/25 19:11:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/25 19:11:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/25 19:11:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/25 19:11:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/25 19:10:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/25 18:33:51 | 000,000,000 | ---D | C] -- C:\Rooter$
[2011/02/25 18:30:21 | 000,173,119 | ---- | C] (Eric_71) -- C:\Users\Orlando\Desktop\Rooter.exe
[2011/02/25 14:21:01 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\Adobe
[2011/02/25 13:49:12 | 000,472,064 | ---- | C] ( ) -- C:\Users\Orlando\Desktop\RootRepeal.exe
[2011/02/23 18:40:30 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/23 18:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/02/23 18:15:56 | 008,582,536 | ---- | C] (Mozilla) -- C:\Users\Orlando\Desktop\Firefox Setup 3.6.13.exe
[2011/02/23 18:09:38 | 000,568,664 | ---- | C] (Google Inc.) -- C:\Users\Orlando\Desktop\ChromeSetup.exe
[2011/02/22 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\AIM
[2011/02/22 20:54:19 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\AOL
[2011/02/22 20:39:15 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Orlando\Desktop\ATF-Cleaner.exe
[2011/02/22 18:36:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/21 22:41:29 | 000,000,000 | ---D | C] -- C:\Users\Orlando\Desktop\AdamTheAnalyst
[2011/02/19 12:50:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/19 12:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/19 12:50:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/02/19 12:49:15 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Orlando\Desktop\erunt-setup.exe
[2011/02/19 10:42:22 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2011/02/19 10:42:22 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2011/02/19 10:42:19 | 000,331,368 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/02/19 10:42:19 | 000,136,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/02/19 10:42:15 | 000,257,232 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/02/19 10:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/02/19 10:41:37 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011/02/19 10:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/02/19 10:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/02/19 10:41:04 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\PC Tools
[2011/02/19 10:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/02/19 10:25:02 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\Immunet
[2011/02/19 10:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Immunet
[2011/02/19 10:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/02/19 10:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Updater
[2011/02/19 10:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2011/02/16 00:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/05 13:31:31 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\Acapela Group
[2011/02/05 13:31:23 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\Xtranormal
[2011/02/02 06:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xtranormal State
[2011/02/02 06:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xtranormal
[2011/02/02 06:18:13 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\Xtranormal
[2 C:\Users\Orlando\AppData\Roaming\*.tmp files -> C:\Users\Orlando\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Orlando\Desktop\*.tmp files -> C:\Users\Orlando\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/02/27 17:23:52 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Orlando\Desktop\OTL.exe
[2011/02/27 17:21:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000UA.job
[2011/02/27 14:36:10 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/27 11:00:24 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\ASOService.job
[2011/02/27 10:33:05 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/27 10:33:05 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/27 10:26:26 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/27 10:24:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/27 10:24:43 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/27 00:47:50 | 000,075,264 | ---- | M] () -- C:\Users\Orlando\Desktop\SystemLook.exe
[2011/02/26 20:58:12 | 000,001,404 | ---- | M] () -- C:\Users\Orlando\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/26 20:50:14 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/02/26 20:50:14 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/02/26 20:50:14 | 002,272,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/02/26 20:50:14 | 001,791,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/02/26 20:50:14 | 001,490,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/02/26 20:50:14 | 001,426,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/02/26 20:50:14 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/02/26 20:50:14 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/26 20:50:14 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/02/26 20:50:14 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/02/26 20:50:14 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/02/26 20:50:14 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/02/26 20:50:14 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/02/26 20:50:14 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/02/26 20:50:14 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/02/26 20:50:14 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/02/26 20:50:14 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/02/26 20:50:14 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/02/26 20:50:14 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/02/26 20:50:14 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/02/26 20:50:14 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/02/26 20:50:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/02/26 20:50:14 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/02/26 20:50:14 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/02/26 20:50:14 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/02/26 20:50:14 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/02/26 20:50:14 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/02/26 20:50:14 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/02/26 20:50:14 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/02/26 20:50:14 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/02/26 20:50:14 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/02/26 20:50:14 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/02/26 20:50:14 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/02/26 20:50:14 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/02/26 20:50:14 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/02/26 20:50:14 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/02/26 20:50:14 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/02/26 20:50:14 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/02/26 20:50:14 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/02/26 20:50:14 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/02/26 20:50:14 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/02/26 20:50:14 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/02/26 20:50:14 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/02/26 20:50:14 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/02/26 20:50:14 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/02/26 20:50:14 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/02/26 20:50:14 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/02/26 20:50:14 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/02/26 20:50:14 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/02/26 20:50:14 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/02/26 20:50:14 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/02/26 20:50:14 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/02/26 20:50:14 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/02/26 20:50:14 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/02/26 20:50:14 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/02/26 20:50:14 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/02/26 20:50:14 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/02/26 20:50:14 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/02/26 20:50:14 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/02/26 20:50:14 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/02/26 20:50:14 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/02/26 20:50:14 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/02/26 20:50:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/02/26 20:50:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/02/26 20:50:14 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/02/26 20:50:14 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/02/26 20:50:14 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/02/26 20:50:14 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/02/26 20:50:14 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/02/26 20:50:14 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/02/26 20:50:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/02/26 20:50:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/02/26 20:50:14 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/02/26 20:50:14 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/02/26 20:50:14 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/02/26 20:50:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/02/26 20:50:14 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/02/26 20:50:14 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/02/26 20:50:14 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/02/26 20:50:14 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/02/26 20:50:12 | 001,253,436 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/02/26 18:18:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000Core.job
[2011/02/26 17:22:23 | 000,000,046 | ---- | M] () -- C:\Users\Orlando\jagex_runescape_preferences.dat
[2011/02/26 17:22:21 | 000,000,117 | ---- | M] () -- C:\Users\Orlando\jagex_runescape_preferences2.dat
[2011/02/26 11:38:25 | 000,002,332 | ---- | M] () -- C:\Users\Orlando\Desktop\Google Chrome.lnk
[2011/02/25 23:17:14 | 001,888,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/02/25 23:17:14 | 001,837,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/02/25 23:17:14 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/02/25 23:17:14 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/02/25 23:17:14 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/02/25 23:17:14 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/02/25 23:17:14 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/02/25 23:17:11 | 001,863,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/02/25 23:17:11 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/02/25 23:17:11 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/02/25 23:17:11 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/02/25 23:17:11 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/02/25 23:17:11 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/25 23:17:11 | 000,470,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/25 23:17:11 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/25 23:17:11 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/02/25 23:17:11 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/02/25 23:17:08 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/02/25 23:17:03 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/02/25 23:17:03 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/02/25 23:17:03 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/02/25 23:17:00 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/02/25 23:17:00 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/25 23:16:55 | 004,068,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/02/25 23:16:55 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/02/25 23:16:49 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/02/25 23:16:49 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/02/25 22:34:54 | 002,530,104 | ---- | M] (Microsoft Corporation) -- C:\Users\Orlando\Desktop\IE9-Windows7-x64-enu.exe
[2011/02/25 19:09:00 | 004,274,659 | R--- | M] () -- C:\Users\Orlando\Desktop\ComboFix.exe
[2011/02/25 18:30:21 | 000,173,119 | ---- | M] (Eric_71) -- C:\Users\Orlando\Desktop\Rooter.exe
[2011/02/25 13:49:12 | 000,472,064 | ---- | M] ( ) -- C:\Users\Orlando\Desktop\RootRepeal.exe
[2011/02/24 17:17:50 | 000,288,107 | ---- | M] () -- C:\Users\Orlando\Desktop\gmer.zip
[2011/02/23 18:35:18 | 000,001,930 | ---- | M] () -- C:\Users\Orlando\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/23 18:35:15 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/23 18:17:22 | 008,582,536 | ---- | M] (Mozilla) -- C:\Users\Orlando\Desktop\Firefox Setup 3.6.13.exe
[2011/02/23 18:11:02 | 000,568,664 | ---- | M] (Google Inc.) -- C:\Users\Orlando\Desktop\ChromeSetup.exe
[2011/02/23 16:40:56 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/02/22 20:39:03 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Orlando\Desktop\ATF-Cleaner.exe
[2011/02/21 21:46:56 | 000,129,289 | ---- | M] () -- C:\Users\Orlando\Desktop\12133.png
[2011/02/20 15:56:34 | 001,401,379 | ---- | M] () -- C:\Users\Orlando\Desktop\BlackRock Liquidity.PDF
[2011/02/19 16:24:02 | 000,006,086 | ---- | M] () -- C:\Users\Orlando\Desktop\Attach.zip
[2011/02/19 16:22:34 | 000,044,318 | ---- | M] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw3.pdf
[2011/02/19 16:15:45 | 000,055,210 | ---- | M] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw2_Sol.pdf
[2011/02/19 12:50:59 | 000,624,128 | ---- | M] () -- C:\Users\Orlando\Desktop\dds.scr
[2011/02/19 12:50:17 | 000,001,071 | ---- | M] () -- C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/19 12:50:05 | 000,000,872 | ---- | M] () -- C:\Users\Orlando\Desktop\ERUNT.lnk
[2011/02/19 12:49:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Orlando\Desktop\erunt-setup.exe
[2011/02/19 10:22:00 | 001,252,984 | ---- | M] () -- C:\Users\Orlando\Desktop\Google Updater.exe
[2011/02/17 19:05:56 | 000,071,852 | ---- | M] () -- C:\Users\Orlando\Desktop\iPod Software License.rtf
[2011/02/12 21:58:56 | 005,298,620 | ---- | M] () -- C:\Users\Orlando\Desktop\greenpois0n.exe
[2011/02/11 22:36:56 | 000,002,657 | ---- | M] () -- C:\Users\Orlando\Desktop\README
[2011/02/11 06:56:13 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/11 06:56:13 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/11 06:56:13 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/09 20:23:02 | 000,736,638 | ---- | M] () -- C:\Users\Orlando\Desktop\Winter Term 2010-11 Ethics Assignment.pdf
[2011/02/01 17:16:18 | 000,091,665 | ---- | M] () -- C:\Users\Orlando\Documents\Orlando_Lam.pdf
[2011/01/30 18:34:28 | 000,670,598 | ---- | M] () -- C:\Users\Orlando\Desktop\Food Presentation- Curtis.PDF
[2 C:\Users\Orlando\AppData\Roaming\*.tmp files -> C:\Users\Orlando\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Orlando\Desktop\*.tmp files -> C:\Users\Orlando\Desktop\*.tmp -> ]
stopdroproll
2011-02-27, 23:51
========== Files Created - No Company Name ==========
[2011/02/27 10:26:26 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/27 00:47:47 | 000,075,264 | ---- | C] () -- C:\Users\Orlando\Desktop\SystemLook.exe
[2011/02/26 20:58:12 | 000,001,416 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/02/26 20:57:59 | 000,001,410 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/02/26 20:57:59 | 000,001,404 | ---- | C] () -- C:\Users\Orlando\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/26 20:50:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/02/26 20:50:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/02/25 21:11:24 | 000,000,462 | ---- | C] () -- C:\Windows\tasks\ASOService.job
[2011/02/25 19:11:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/25 19:11:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/25 19:11:40 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/25 19:11:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/25 19:11:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/25 19:09:00 | 004,274,659 | R--- | C] () -- C:\Users\Orlando\Desktop\ComboFix.exe
[2011/02/24 17:32:42 | 000,296,448 | ---- | C] () -- C:\Users\Orlando\Desktop\gmer.exe
[2011/02/24 17:17:50 | 000,288,107 | ---- | C] () -- C:\Users\Orlando\Desktop\gmer.zip
[2011/02/23 18:41:13 | 000,002,332 | ---- | C] () -- C:\Users\Orlando\Desktop\Google Chrome.lnk
[2011/02/23 18:35:18 | 000,001,930 | ---- | C] () -- C:\Users\Orlando\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/23 18:35:15 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/23 18:16:55 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000UA.job
[2011/02/23 18:13:57 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000Core.job
[2011/02/21 21:46:56 | 000,129,289 | ---- | C] () -- C:\Users\Orlando\Desktop\12133.png
[2011/02/20 16:21:29 | 001,401,379 | ---- | C] () -- C:\Users\Orlando\Desktop\BlackRock Liquidity.PDF
[2011/02/19 16:21:33 | 000,044,318 | ---- | C] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw3.pdf
[2011/02/19 16:15:44 | 000,055,210 | ---- | C] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw2_Sol.pdf
[2011/02/19 13:00:33 | 000,006,086 | ---- | C] () -- C:\Users\Orlando\Desktop\Attach.zip
[2011/02/19 12:50:54 | 000,624,128 | ---- | C] () -- C:\Users\Orlando\Desktop\dds.scr
[2011/02/19 12:50:17 | 000,001,071 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/19 12:50:05 | 000,000,872 | ---- | C] () -- C:\Users\Orlando\Desktop\ERUNT.lnk
[2011/02/19 10:42:23 | 001,253,436 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/02/19 10:22:15 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/19 10:21:47 | 001,252,984 | ---- | C] () -- C:\Users\Orlando\Desktop\Google Updater.exe
[2011/02/17 19:05:56 | 000,071,852 | ---- | C] () -- C:\Users\Orlando\Desktop\iPod Software License.rtf
[2011/02/16 23:09:37 | 005,298,620 | ---- | C] () -- C:\Users\Orlando\Desktop\greenpois0n.exe
[2011/02/16 23:09:37 | 000,002,657 | ---- | C] () -- C:\Users\Orlando\Desktop\README
[2011/02/09 20:22:54 | 000,736,638 | ---- | C] () -- C:\Users\Orlando\Desktop\Winter Term 2010-11 Ethics Assignment.pdf
[2011/01/30 18:36:46 | 000,670,598 | ---- | C] () -- C:\Users\Orlando\Desktop\Food Presentation- Curtis.PDF
[2011/01/30 12:13:58 | 000,091,665 | ---- | C] () -- C:\Users\Orlando\Documents\Orlando_Lam.pdf
[2011/01/14 21:09:16 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/12/14 09:28:26 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/11/09 19:35:54 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\pv_c3.exe
[2010/09/26 14:00:13 | 000,000,086 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\urhtps.dat
[2010/09/26 11:32:53 | 000,051,200 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\6y6xpuez.default.dat
[2010/09/18 17:52:34 | 000,000,168 | ---- | C] () -- C:\Windows\wininit.ini
[2010/06/19 08:15:58 | 000,007,606 | ---- | C] () -- C:\Users\Orlando\AppData\Local\Resmon.ResmonCfg
[2010/06/03 22:07:34 | 000,000,248 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2010/06/03 22:06:07 | 000,000,305 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2010/06/03 22:05:32 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/04/11 09:44:22 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/04/11 09:44:22 | 000,036,110 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpowerAMP Music Converter.dat
[2010/03/27 00:40:12 | 000,000,686 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\myMPQ.ini
[2010/03/20 08:12:47 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat
[2010/03/10 12:26:26 | 000,006,144 | ---- | C] () -- C:\Users\Orlando\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/23 17:05:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/08 20:34:07 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\ssinstaller.dll
[2009/12/23 15:21:27 | 000,014,094 | ---- | C] () -- C:\Windows\scunin.dat
[2009/12/20 20:42:18 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/12/04 12:20:00 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/12/03 23:32:09 | 000,163,735 | ---- | C] () -- C:\Windows\hpoins36.dat
[2009/12/03 23:32:09 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat
[2009/12/03 13:23:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/12/03 12:57:16 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/12/03 12:57:16 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/12/02 08:40:53 | 000,002,029 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\install.dat
[2009/08/18 14:45:45 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/29 23:35:03 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2009/07/29 23:34:42 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:14:38 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\wuapi.dll
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:09:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\WMVSDECD.DLL
[2009/07/13 19:03:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dsdmo.dll
[2009/07/13 18:46:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\iscsicpl.exe
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:31:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\WsmSvc.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/11/07 20:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/10/08 22:38:27 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2007/08/06 12:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2002/09/17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[2000/01/27 23:00:00 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\wrkgadm.exe
[2000/01/27 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL
========== LOP Check ==========
[2010/09/26 07:14:04 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\5005
[2011/02/05 13:31:31 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Acapela Group
[2009/12/03 17:37:34 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\acccore
[2010/09/19 07:34:03 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Audacity
[2010/06/03 22:07:34 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\BITS
[2010/09/26 07:13:34 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\cock
[2010/03/18 15:05:09 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\DAEMON Tools Lite
[2010/11/30 22:23:20 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Elluminate
[2010/06/03 22:05:23 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\FlashGet
[2010/06/03 22:05:13 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\FlashGetBHO
[2011/01/15 22:50:23 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Foxit Software
[2010/12/25 00:08:22 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\HLSW
[2009/12/03 22:59:58 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Leadertech
[2010/09/25 13:55:58 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\ManyCam
[2010/12/10 13:30:10 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Opera
[2010/01/22 15:10:58 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Smartsims
[2009/12/14 00:41:59 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\SystemRequirementsLab
[2010/05/09 23:20:46 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Systweak
[2010/12/19 21:17:00 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\xmldm
[2011/02/05 13:31:40 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Xtranormal
[2011/02/27 10:26:26 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/02/27 11:00:24 | 000,000,462 | ---- | M] () -- C:\Windows\Tasks\ASOService.job
[2011/02/23 16:42:59 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
:Services
:Reg
:Files
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
How are you coming along ? Eventlog is up and running with no problems. Even though OTL can run on 64 bit systems yours may be giving it a go.
stopdroproll
2011-03-01, 02:17
Not as terrible as before. Still noticeable, especially if I right click something or open files/programs, the loading circle comes up and stays up, programs may not respond for a bit. Not getting random disconnects from wireless. Still can't open Firefox or Chrome.
I've been getting this message on start-up.
Checking file system on C:
This type of file system is NTFS.
Volume label is Vista64.
One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue.
To skip disk checking, press any key within 10 seconds.
When I let it go, it goes right to normal start-up.
Also I keep getting this Warning! message pop-up.
Error saving file C:\Windows\ERDNT\AutoBackup\2-28-2011/BCD ! Continue with next file? [ RegCreateKeyEx: 5 - Access is denied ]" and Yes/No option. I click No, it goes away. If I click Yes, pretty much same message except with \system instead of BCD, click Yes and it's \software, then \default, then \security, then \sam, then \components, then \Users\00000001\ntuser.dat, and then \Users\00000002\UsrClass.dat
All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1303545217-2589164206-708239540-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Orlando
->Temp folder emptied: 172323 bytes
->Temporary Internet Files folder emptied: 50084933 bytes
->Java cache emptied: 1519085 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 819568 bytes
->Opera cache emptied: 6536254 bytes
->Flash cache emptied: 38835 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1636099 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 577158 bytes
Total Files Cleaned = 59.00 mb
OTL by OldTimer - Version 3.2.22.2 log created on 02282011_194414
Files\Folders moved on Reboot...
C:\Users\Orlando\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP000005C3B915E868BF21A6CA not found!
Registry entries deleted on Reboot...
Look this over
http://www.w7forums.com/use-chkdsk-check-disk-t448.html
Just drag ERUNT to the trash
stopdroproll
2011-03-02, 03:14
It's telling me the type of file system is NTFS. Cannot lock current drive. Then chosen cannot run be wise the volume is in use by another process. Asked me to schedule on next restart. Same thing happens on restart. Counts down to 0 and freeze.
stopdroproll
2011-03-02, 03:16
Auto correct...
Tried command prompt method for chkdsk and it's not working
Hi,
Do you have your windows CD or the recovery CD that came with your computer. I think with all the problems your having I would do a repair install of windows, what this would do is reinstall windows over the current copy and it will repair as it installs.
You can post in this windows forum for help with that
http://forums.whatthetech.com/index.php?showforum=119
Let me know how it went
stopdroproll
2011-03-06, 17:04
Just posting so thread doesn't get locked. Going to pick up an external to back up data.
If I am still experiencing lag after a repair install, what would be the next option?
Hi,
I would back up all your data, documents , pictures. Costco has some nice external hard drives for around $50, it would be to your benefit to do this anyway so you can save your stuff for future disasters
Let me ask you, is it just your browsers are slow or does your whole system have problems ?
Do you use a router ?
stopdroproll
2011-03-06, 18:33
When I start up everything is ok except my browser which doesn't respond every 10 seconds. It goes away after about 20 minutes. If I try to open certain programs (iTunes or chrome) everything lags and windows explorer doesn't respond. There is no lag in safe mode. But I'm still not able to access my main browsers (firefox and chrome)
I use a cisco linksys router.
Why dont you try resetting your router. There is a small pin hole on the back that you can use a small object like a paper clip or ball point pen, you need to hold it in for 10 seconds or so and it will reset it back to the day you bought it. Then your going to have to use the disc that came with it and reinstall it.
Let me know how it went
stopdroproll
2011-03-07, 00:08
Still the same
Why dont you post in a site we work real close with, its there forum for internet and browsers. Lets see if they can help you
http://forums.whatthetech.com/index.php?showforum=123
You can link them to this thread if you wish so they can see what we have done.
Post back and let me know how it went
Hi,
I have been so busy looking for malware on your system that I overlooked this. You have 3 Antivirus programs running, more than one is overkill and can severely hamper system performance.
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
I would uninstall two of them, your call but Avast is the one I would keep, uninstall two and see if things improve
stopdroproll
2011-03-08, 02:29
The only reason I had Spyware Doctor was because Avast would not turn on when the problems started. I get the Unsecured system message and that Avast has been stopped. I click the Fix Now button and it still doesn't turn back on.
Well, uninstall them all and see if it makes a difference, don't do much surfin with no av.
Then download and install fresh copy of Avast, or one of these other ones, your call on which one you want
AVG Free (http://free.grisoft.com/doc/avg-anti-virus-free/lng/us/tpl/v5)
Free Avast 4 Home Edition (http://www.avast.com/eng/avast_4_home.html)
Avira AntiVirŪ Personal Edition Classic (http://www.free-av.com/)
stopdroproll
2011-03-11, 02:56
No real change. Going to pick up an external tomorrow and backup files. Should I go ahead with a repair?
I thought you had done a repair already. Go for it , it can only make things better
stopdroproll
2011-03-14, 00:07
Did a full reinstall Which seems to have done the trick. Thanks.
Sorry you had to go that far but sometimes its the best route. Everything nice and new and clean :bigthumb:
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
stopdroproll
2011-03-15, 12:39
Before the restore I couldn't see any of the image verifications/captchas and I got google messages that said we've received too many automated queries from your ip. Any ideas? Thanks
Not sure, is it still happening ?
stopdroproll
2011-03-15, 13:33
Yeah. Nothing shows up
I am afraid I am not following you.
Is it still happening ?
Yeah nothing shows up
I am not familiar with this, you may want to post here and ask
http://forums.whatthetech.com/index.php?showforum=123