Infected. Slowing computer

[ken545]

Looks ok, but I was hoping to see more, this other scanner may show more

Please download RootRepeal from one of these locations and save it to your desktop
Here
Here
Here

• Open
  
  on your desktop.
• Click the
  
  tab.
• Click the
  
  button.
• Check just these boxes:
• 
• Push Ok
• Check the box for your main system drive (Usually C:, and press Ok.
• Allow RootRepeal to run a scan of your system. This may take some time.
• Once the scan completes, push the
  
  button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.

 

[stopdroproll]

Said RootRepeal does not support 64bit OS

 

[ken545]

One of the problems we are having right now is that some tools we use to remove malware have not been written for 64bit. The tool I wanted you to run that would find any problems wont run on 64 bit, I wasnt sure about Root Repeal

This one should run

Please download Rooter Rootkit Detector to your Desktop

• Doubleclick it to start the tool.
• A Notepad file containing the report will open, also found at %systemdrive% (usually C:\Rooter.txt.
• Post the report for me to see.

 

[stopdroproll]

Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7600)
[32_bits] - Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.7600.16385
Mozilla Firefox 3.6.13 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:285 Go - Free:225 Go )
D:\ [CD_Rom]
G:\ [CD_Rom]
.
Scan : 18:31.06
Path : C:\Users\Orlando\Desktop\Rooter.exe
User : Orlando ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (392)
Locked csrss.exe (572)
Locked wininit.exe (632)
Locked csrss.exe (652)
Locked services.exe (692)
Locked lsass.exe (708)
Locked lsm.exe (716)
Locked svchost.exe (828)
Locked winlogon.exe (880)
Locked nvvsvc.exe (948)
Locked svchost.exe (988)
Locked svchost.exe (540)
Locked svchost.exe (764)
Locked svchost.exe (972)
Locked svchost.exe (1144)
Locked nvvsvc.exe (1224)
Locked svchost.exe (1272)
Locked ADSMSrv.exe (1400)
Locked AsLdrSrv.exe (1436)
Locked GFNEXSrv.exe (1460)
______ ?????????? (1684)
______ ?????????? (1712)
Locked wcourier.exe (1748)
Locked HControl.exe (1756)
Locked ATKOSD.exe (1800)
Locked KBFiltr.exe (1808)
Locked WDC.exe (1816)
Locked spoolsv.exe (1896)
______ ?????????? (1912)
______ ?????????? (2008)
______ ?????????? (2016)
______ ?????????? (1624)
Locked svchost.exe (1388)
______ C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (2168)
______ C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe (2192)
Locked svchost.exe (2320)
______ ?????????? (2336)
Locked AppleMobileDeviceService.exe (2364)
______ C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (2376)
______ C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (2412)
Locked taskeng.exe (2448)
______ C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (2476)
Locked sensorsrv.exe (2520)
Locked Net4Switch.exe (2544)
Locked BatteryLife.exe (2740)
Locked ASO3DefragSrv64.exe (2932)
Locked mDNSResponder.exe (2964)
Locked systemprotector.exe (2992)
Locked svchost.exe (3028)
Locked LSSrvc.exe (3056)
Locked SeaPort.exe (3088)
Locked spmgr.exe (3124)
Locked svchost.exe (3180)
Locked nmsrvc.exe (3288)
Locked SDWinSec.exe (3456)
Locked svchost.exe (4420)
Locked SynTPHelper.exe (4948)
Locked svchost.exe (1956)
Locked svchost.exe (4912)
______ C:\Program Files\Alwil Software\Avast5\AvastUI.exe (1648)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3940)
______ C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (4160)
______ C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (1740)
Locked wmpnetwk.exe (4580)
Locked svchost.exe (3220)
______ ?????????? (3948)
______ C:\Program Files (x86)\Opera\opera.exe (4388)
Locked svchost.exe (3712)
Locked audiodg.exe (3760)
______ C:\Users\Orlando\Desktop\Rooter.exe (3792)
Locked MpCmdRun.exe (896)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:13629256704)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:13629288960 | Length:306442595840)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Ad-Aware Update (Weekly).job
C:\Windows\Tasks\Advanced System Optimizer Scheduler.job
C:\Windows\Tasks\ASOService.job
C:\Windows\Tasks\Google Software Updater.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
.
C:\Rooter$\Rooter_1.txt - (25/02/2011 | 18:33.51)

 

[ken545]

Log looks ok, lets run Combofix, it should fix the event log and this may be the problem


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

 

[stopdroproll]

ComboFix 11-02-24.05 - Orlando 02/25/2011 19:15:33.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2799 [GMT -5:00]
Running from: c:\users\Orlando\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://apnmedia.ask.com
.
((((((((((((((((((((((((( Files Created from 2011-01-26 to 2011-02-26 )))))))))))))))))))))))))))))))
.

2011-02-26 00:24 . 2011-02-26 00:24 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-02-26 00:24 . 2011-02-26 00:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-25 23:33 . 2011-02-25 23:33 -------- d-----w- C:\Rooter$
2011-02-25 19:21 . 2011-02-25 19:21 -------- d-----w- c:\users\Orlando\AppData\Local\Adobe
2011-02-23 23:34 . 2010-12-03 19:35 553696 ----a-w- c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
2011-02-23 23:33 . 2010-12-03 19:35 25048 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browserdirprovider.dll
2011-02-23 23:33 . 2010-12-03 19:35 140248 ----a-w- c:\program files (x86)\Mozilla Firefox\components\brwsrcmp.dll
2011-02-23 23:32 . 2010-12-03 19:35 66520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npnul32.dll
2011-02-23 23:27 . 2010-12-03 19:35 11775448 ----a-w- c:\program files (x86)\Mozilla Firefox\xul.dll
2011-02-23 23:26 . 2010-12-03 19:35 19416 ----a-w- c:\program files (x86)\Mozilla Firefox\xpcom.dll
2011-02-23 23:26 . 2010-12-03 19:35 245208 ----a-w- c:\program files (x86)\Mozilla Firefox\updater.exe
2011-02-23 23:26 . 2010-12-03 19:35 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\ssl3.dll
2011-02-23 23:26 . 2010-12-03 19:35 492504 ----a-w- c:\program files (x86)\Mozilla Firefox\sqlite3.dll
2011-02-23 23:26 . 2010-12-03 19:35 105432 ----a-w- c:\program files (x86)\Mozilla Firefox\smime3.dll
2011-02-23 23:26 . 2010-12-03 17:36 155648 ----a-w- c:\program files (x86)\Mozilla Firefox\softokn3.dll
2011-02-23 23:26 . 2010-12-03 19:35 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-02-23 23:26 . 2010-12-03 19:35 19416 ----a-w- c:\program files (x86)\Mozilla Firefox\plds4.dll
2011-02-23 01:54 . 2011-02-23 01:54 -------- d-----w- c:\users\Orlando\AppData\Local\AIM
2011-02-23 01:54 . 2011-02-23 01:54 -------- d-----w- c:\users\Orlando\AppData\Local\AOL
2011-02-22 23:36 . 2011-02-22 23:36 -------- d-----w- C:\_OTL
2011-02-19 17:50 . 2011-02-19 17:50 -------- d-----w- c:\program files (x86)\ERUNT
2011-02-19 15:42 . 2010-07-16 19:53 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2011-02-19 15:42 . 2010-06-29 15:35 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2011-02-19 15:42 . 2010-11-17 15:20 331368 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2011-02-19 15:42 . 2010-11-17 15:20 136168 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2011-02-19 15:42 . 2010-11-25 15:43 257232 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2011-02-19 15:41 . 2010-11-25 15:42 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2011-02-19 15:41 . 2011-02-19 15:42 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-02-19 15:41 . 2011-02-24 22:35 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-02-19 15:41 . 2011-02-19 15:41 -------- d-----w- c:\programdata\PC Tools
2011-02-19 15:41 . 2011-02-19 15:41 -------- d-----w- c:\users\Orlando\AppData\Roaming\PC Tools
2011-02-19 15:25 . 2011-02-24 22:18 -------- d-----w- c:\programdata\Immunet
2011-02-19 15:25 . 2011-02-19 15:25 -------- d-----w- c:\users\Orlando\AppData\Local\Immunet
2011-02-19 15:22 . 2011-02-19 15:22 -------- d-----w- c:\program files\Google
2011-02-19 15:22 . 2011-02-19 17:11 -------- d-----w- c:\programdata\Google Updater
2011-02-17 01:52 . 2011-02-17 01:52 83249512 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlcC5FA.tmp
2011-02-05 18:31 . 2011-02-05 18:31 -------- d-----w- c:\users\Orlando\AppData\Roaming\Acapela Group
2011-02-05 18:31 . 2011-02-05 18:31 -------- d-----w- c:\users\Orlando\AppData\Local\Xtranormal
2011-02-02 11:18 . 2011-02-02 11:18 -------- d-----w- c:\program files (x86)\Xtranormal
2011-02-02 11:18 . 2011-02-05 18:31 -------- d-----w- c:\users\Orlando\AppData\Roaming\Xtranormal

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-15 02:09 . 2011-01-15 02:09 8673792 ----a-w- c:\programdata\atscie.msi
2010-12-14 06:11 . 2010-06-18 05:45 1836 ----a-w- c:\windows\system32\ASOROSet.bin
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 22:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"ADSMTray"="c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2009-06-24 272952]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SystemProtector"="c:\program files (x86)\Advanced System Optimizer 3\systemprotector.exe" [2010-10-05 10000184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-3 1207312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0sasnative64

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2010-11-05 17440]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 69152]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-11-25 257232]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2010-06-29 452872]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2010-07-16 816016]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-18 834544]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2010-10-05 263480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-11-25 1375992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 69736]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-16 6952960]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2011-02-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 15:30]

2011-02-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-19 15:22]

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000Core.job
- c:\users\Orlando\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-23 23:11]

2011-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000UA.job
- c:\users\Orlando\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-23 23:11]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 21:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-17 8114720]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-09-17 1833504]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: NetVideoHunter: netvideohunter@netvideohunter.com - %profile%\extensions\netvideohunter@netvideohunter.com
FF - Ext: Old Location Bar: {3205B348-523A-4fac-9BC4-9939CBF583B0} - %profile%\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
FF - Ext: Dictionary Tooltip: {C6128004-4838-4708-9A97-BB172D17767D} - %profile%\extensions\{C6128004-4838-4708-9A97-BB172D17767D}
FF - Ext: AFOM Addon: afom@idevfh - %profile%\extensions\afom@idevfh
FF - Ext: Resurrect Pages: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3} - %profile%\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: JavaString Helper: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA} - c:\users\Orlando\AppData\Roaming\5005
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files (x86)\Siber Systems\AI RoboForm\Firefox
FF - Ext: JavaString Helper: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA} - c:\users\Orlando\AppData\Roaming\5005
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-dBpowerAMP Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-OANDA FXGame - c:\windows\system32\javaws.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Orlando\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Advanced System Optimizer 3\ASO3.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-02-25 19:56:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-26 00:56

Pre-Run: 240,214,052,864 bytes free
Post-Run: 240,133,967,872 bytes free

- - End Of File - - 16CC5B1915EA4B178C448E86C5505DE1

 

[ken545]

Not much removed and the rest of the log is not showing a rootkit or anything else bad. When you first posted your complaints where of being disconnected from the internet at times and your browser being slow. Are you still having connectivity problems ? How is IE running ?

This was from your first OTL log and it malware and it was fixed
IE - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

 

[stopdroproll]

There's still noticeable lag in general, not just the browser, and I still can't get on Firefox or Chrome. I don't have IE on here. Still can't activate avast, telling me system is unsecured. I've been connected by ethernet and now switching to wireless, too short to tell if I still have disconnect problems.

 

[ken545]

Good Morning,

I am still concerned about Eventlog. OTL said it was corrupt and CF did not show any signs of fixing it so dont know whats up with that.

Do this

Go to Start> Run and type in services.msc > ok, your windows services will load. Its all alphabetical , scroll down and look for Windows Event Log, it should show that it starts automatically, if not right click on it and go go properties and you can change the start up type to Automatic.



Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  /md5start
  eventlog.dll
  /md5stop

• Then click the Run Scan button at the top
• Let the program run unhindered, reboot when it is done
• Then post the resulting OTL log.

 

[stopdroproll]

OTL logfile created on: 2/26/2011 8:52:06 AM - Run 2
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Orlando\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.40 Gb Total Space | 225.86 Gb Free Space | 79.14% Space Free | Partition Type: NTFS

Computer Name: ORLANDO-PC | User Name: Orlando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Orlando\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe (Systweak Inc., (www.systweak.com))
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Orlando\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV:64bit: - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (ASO3DiskOptimizer) -- C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe (Systweak Inc., (www.systweak.com))
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (WinRM) Windows Remote Management (WS-Management) -- C:\Windows\SysWOW64\WsmSvc.dll ()
SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\drivers\purendis.sys (Cisco Systems, Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {C6128004-4838-4708-9A97-BB172D17767D}:1.6.1
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.3
FF - prefs.js..extensions.enabledItems: {3205B348-523A-4fac-9BC4-9939CBF583B0}:2.1.5
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: afom@idevfh:2.0
FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.3
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/03 23:37:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/21 13:58:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/02/23 19:20:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/23 18:32:10 | 000,000,000 | ---D | M]

[2010/10/04 10:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Extensions
[2010/10/19 05:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions
[2010/10/04 20:19:56 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/10/04 20:19:52 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2010/10/04 20:19:52 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2010/10/07 19:33:12 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/10/04 20:19:54 | 000,000,000 | ---D | M] ("Dictionary Tooltip") -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{C6128004-4838-4708-9A97-BB172D17767D}
[2010/10/04 20:19:54 | 000,000,000 | ---D | M] (AFOM Addon) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\afom@idevfh
[2010/10/04 20:19:50 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\autopager@mozilla.org
[2010/10/04 20:19:50 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\firefox@tvunetworks.com
[2010/10/04 20:19:51 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\netvideohunter@netvideohunter.com
[2010/10/04 20:19:54 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\searchrecs@veoh.com
[2009/12/03 17:39:52 | 000,004,554 | ---- | M] () -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\searchplugins\aim-search.xml
[2010/03/19 00:27:14 | 000,001,820 | ---- | M] () -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\searchplugins\bing.xml
[2011/02/23 18:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/20 12:32:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/22 16:23:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/04/02 13:13:57 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES (X86)\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
[2010/09/26 07:14:04 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\ORLANDO\APPDATA\ROAMING\5005
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/02/23 16:40:56 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SystemProtector] C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe (Systweak Inc., (www.systweak.com))
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (sasnative64) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/25 23:17:14 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/02/25 23:17:14 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/02/25 23:17:14 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/02/25 23:17:14 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/02/25 23:17:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/02/25 23:17:14 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/02/25 23:17:11 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/02/25 23:17:11 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/02/25 23:17:11 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/02/25 23:17:11 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/02/25 23:17:11 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/02/25 23:17:11 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/25 23:17:11 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/25 23:17:11 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/25 23:17:11 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/02/25 23:17:11 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/02/25 23:17:10 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/02/25 23:17:08 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/02/25 23:17:03 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/02/25 23:17:03 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/02/25 23:17:00 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/02/25 23:17:00 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/02/25 23:17:00 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/25 23:16:55 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/02/25 23:16:55 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/02/25 23:16:49 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/02/25 23:16:49 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/02/25 22:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2011/02/25 22:34:22 | 002,530,104 | ---- | C] (Microsoft Corporation) -- C:\Users\Orlando\Desktop\IE9-Windows7-x64-enu.exe
[2011/02/25 19:58:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/25 19:27:11 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/02/25 19:11:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/25 19:11:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/25 19:11:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/25 19:11:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/25 19:10:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/25 18:33:51 | 000,000,000 | ---D | C] -- C:\Rooter$
[2011/02/25 18:30:21 | 000,173,119 | ---- | C] (Eric_71) -- C:\Users\Orlando\Desktop\Rooter.exe
[2011/02/25 14:21:01 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\Adobe
[2011/02/25 13:49:12 | 000,472,064 | ---- | C] ( ) -- C:\Users\Orlando\Desktop\RootRepeal.exe
[2011/02/23 18:40:30 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/23 18:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/02/23 18:15:56 | 008,582,536 | ---- | C] (Mozilla) -- C:\Users\Orlando\Desktop\Firefox Setup 3.6.13.exe
[2011/02/23 18:09:38 | 000,568,664 | ---- | C] (Google Inc.) -- C:\Users\Orlando\Desktop\ChromeSetup.exe
[2011/02/22 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\AIM
[2011/02/22 20:54:19 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\AOL
[2011/02/22 20:39:15 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Orlando\Desktop\ATF-Cleaner.exe
[2011/02/22 18:36:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/21 22:41:29 | 000,000,000 | ---D | C] -- C:\Users\Orlando\Desktop\AdamTheAnalyst
[2011/02/21 21:45:35 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\Orlando\Desktop\OTL.exe
[2011/02/19 12:50:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/19 12:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/19 12:50:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/02/19 12:49:15 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Orlando\Desktop\erunt-setup.exe
[2011/02/19 10:42:22 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2011/02/19 10:42:22 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2011/02/19 10:42:19 | 000,331,368 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/02/19 10:42:19 | 000,136,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/02/19 10:42:15 | 000,257,232 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/02/19 10:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/02/19 10:41:37 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011/02/19 10:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/02/19 10:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/02/19 10:41:04 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\PC Tools
[2011/02/19 10:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/02/19 10:25:02 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\Immunet
[2011/02/19 10:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Immunet
[2011/02/19 10:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/02/19 10:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Updater
[2011/02/19 10:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2011/02/16 00:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/05 13:31:31 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\Acapela Group
[2011/02/05 13:31:23 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\Xtranormal
[2011/02/02 06:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xtranormal State
[2011/02/02 06:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xtranormal
[2011/02/02 06:18:13 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\Xtranormal
[2 C:\Users\Orlando\AppData\Roaming\*.tmp files -> C:\Users\Orlando\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Orlando\Desktop\*.tmp files -> C:\Users\Orlando\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/26 11:21:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000UA.job
[2011/02/26 11:02:00 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\ASOService.job
[2011/02/26 08:46:57 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/26 08:46:57 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/26 08:40:48 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/26 08:39:06 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/26 08:36:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/26 08:36:16 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/25 23:17:14 | 001,888,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/02/25 23:17:14 | 001,837,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/02/25 23:17:14 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/02/25 23:17:14 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/02/25 23:17:14 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/02/25 23:17:14 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/02/25 23:17:14 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/02/25 23:17:11 | 001,863,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/02/25 23:17:11 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/02/25 23:17:11 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/02/25 23:17:11 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/02/25 23:17:11 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/02/25 23:17:11 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/25 23:17:11 | 000,470,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/25 23:17:11 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/25 23:17:11 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/02/25 23:17:11 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/02/25 23:17:08 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/02/25 23:17:03 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/02/25 23:17:03 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/02/25 23:17:03 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/02/25 23:17:00 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/02/25 23:17:00 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/25 23:16:55 | 004,068,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/02/25 23:16:55 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/02/25 23:16:49 | 001,237,976 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/02/25 23:16:49 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/02/25 23:16:49 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/02/25 22:34:54 | 002,530,104 | ---- | M] (Microsoft Corporation) -- C:\Users\Orlando\Desktop\IE9-Windows7-x64-enu.exe
[2011/02/25 19:09:00 | 004,274,659 | R--- | M] () -- C:\Users\Orlando\Desktop\ComboFix.exe
[2011/02/25 18:30:21 | 000,173,119 | ---- | M] (Eric_71) -- C:\Users\Orlando\Desktop\Rooter.exe
[2011/02/25 18:18:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000Core.job
[2011/02/25 13:49:12 | 000,472,064 | ---- | M] ( ) -- C:\Users\Orlando\Desktop\RootRepeal.exe
[2011/02/24 17:17:50 | 000,288,107 | ---- | M] () -- C:\Users\Orlando\Desktop\gmer.zip
[2011/02/23 19:20:41 | 000,002,291 | ---- | M] () -- C:\Users\Orlando\Desktop\Google Chrome.lnk
[2011/02/23 18:35:18 | 000,001,930 | ---- | M] () -- C:\Users\Orlando\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/23 18:35:15 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/23 18:17:22 | 008,582,536 | ---- | M] (Mozilla) -- C:\Users\Orlando\Desktop\Firefox Setup 3.6.13.exe
[2011/02/23 18:11:02 | 000,568,664 | ---- | M] (Google Inc.) -- C:\Users\Orlando\Desktop\ChromeSetup.exe
[2011/02/23 16:40:56 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/02/22 20:39:03 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Orlando\Desktop\ATF-Cleaner.exe
[2011/02/21 21:46:56 | 000,129,289 | ---- | M] () -- C:\Users\Orlando\Desktop\12133.png
[2011/02/21 21:45:41 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Orlando\Desktop\OTL.exe
[2011/02/20 15:56:34 | 001,401,379 | ---- | M] () -- C:\Users\Orlando\Desktop\BlackRock Liquidity.PDF
[2011/02/19 22:42:09 | 000,816,191 | ---- | M] () -- C:\Users\Orlando\Desktop\Money and the Banking System.pptx
[2011/02/19 16:24:02 | 000,006,086 | ---- | M] () -- C:\Users\Orlando\Desktop\Attach.zip
[2011/02/19 16:22:34 | 000,044,318 | ---- | M] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw3.pdf
[2011/02/19 16:15:45 | 000,055,210 | ---- | M] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw2_Sol.pdf
[2011/02/19 12:50:59 | 000,624,128 | ---- | M] () -- C:\Users\Orlando\Desktop\dds.scr
[2011/02/19 12:50:17 | 000,001,071 | ---- | M] () -- C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/19 12:50:05 | 000,000,872 | ---- | M] () -- C:\Users\Orlando\Desktop\ERUNT.lnk
[2011/02/19 12:49:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Orlando\Desktop\erunt-setup.exe
[2011/02/19 10:22:00 | 001,252,984 | ---- | M] () -- C:\Users\Orlando\Desktop\Google Updater.exe
[2011/02/17 19:05:56 | 000,071,852 | ---- | M] () -- C:\Users\Orlando\Desktop\iPod Software License.rtf
[2011/02/13 23:00:05 | 000,616,241 | ---- | M] () -- C:\Users\Orlando\Desktop\Monetary policy.pptx
[2011/02/13 20:26:42 | 003,020,288 | ---- | M] () -- C:\Users\Orlando\Desktop\ch08.ppt
[2011/02/12 23:32:19 | 000,015,969 | ---- | M] () -- C:\Users\Orlando\Desktop\Ethics Assignment.docx
[2011/02/12 21:58:56 | 005,298,620 | ---- | M] () -- C:\Users\Orlando\Desktop\greenpois0n.exe
[2011/02/11 22:36:56 | 000,002,657 | ---- | M] () -- C:\Users\Orlando\Desktop\README
[2011/02/11 06:56:13 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/11 06:56:13 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/11 06:56:13 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/09 20:23:02 | 000,736,638 | ---- | M] () -- C:\Users\Orlando\Desktop\Winter Term 2010-11 Ethics Assignment.pdf
[2011/02/06 09:42:15 | 000,437,958 | ---- | M] () -- C:\Users\Orlando\Documents\Copy.docx
[2011/02/01 17:16:18 | 000,091,665 | ---- | M] () -- C:\Users\Orlando\Documents\Orlando_Lam.pdf
[2011/01/31 08:59:47 | 000,010,110 | ---- | M] () -- C:\Users\Orlando\Documents\econ202.docx
[2011/01/31 06:19:58 | 000,749,417 | ---- | M] () -- C:\Users\Orlando\Desktop\Bringing in the supply-side.pptx
[2011/01/30 18:34:28 | 000,670,598 | ---- | M] () -- C:\Users\Orlando\Desktop\Food Presentation- Curtis.PDF
[2011/01/30 17:36:04 | 000,012,165 | ---- | M] () -- C:\Users\Orlando\Desktop\CL.docx
[2011/01/30 10:50:03 | 000,012,181 | ---- | M] () -- C:\Users\Orlando\Desktop\MD CL.docx
[2011/01/29 02:02:43 | 000,022,899 | ---- | M] () -- C:\Users\Orlando\Documents\orlando_lam1.docx
[2 C:\Users\Orlando\AppData\Roaming\*.tmp files -> C:\Users\Orlando\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Orlando\Desktop\*.tmp files -> C:\Users\Orlando\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/25 21:11:24 | 000,000,462 | ---- | C] () -- C:\Windows\tasks\ASOService.job
[2011/02/25 19:11:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/25 19:11:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/25 19:11:40 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/25 19:11:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/25 19:11:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/25 19:09:00 | 004,274,659 | R--- | C] () -- C:\Users\Orlando\Desktop\ComboFix.exe
[2011/02/24 17:32:42 | 000,296,448 | ---- | C] () -- C:\Users\Orlando\Desktop\gmer.exe
[2011/02/24 17:17:50 | 000,288,107 | ---- | C] () -- C:\Users\Orlando\Desktop\gmer.zip
[2011/02/23 18:41:13 | 000,002,291 | ---- | C] () -- C:\Users\Orlando\Desktop\Google Chrome.lnk
[2011/02/23 18:35:18 | 000,001,930 | ---- | C] () -- C:\Users\Orlando\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/23 18:35:15 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/23 18:16:55 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000UA.job
[2011/02/23 18:13:57 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000Core.job
[2011/02/21 21:46:56 | 000,129,289 | ---- | C] () -- C:\Users\Orlando\Desktop\12133.png
[2011/02/21 06:32:01 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/20 16:21:29 | 001,401,379 | ---- | C] () -- C:\Users\Orlando\Desktop\BlackRock Liquidity.PDF
[2011/02/19 22:41:56 | 000,816,191 | ---- | C] () -- C:\Users\Orlando\Desktop\Money and the Banking System.pptx
[2011/02/19 16:21:33 | 000,044,318 | ---- | C] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw3.pdf
[2011/02/19 16:15:44 | 000,055,210 | ---- | C] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw2_Sol.pdf
[2011/02/19 13:00:33 | 000,006,086 | ---- | C] () -- C:\Users\Orlando\Desktop\Attach.zip
[2011/02/19 12:50:54 | 000,624,128 | ---- | C] () -- C:\Users\Orlando\Desktop\dds.scr
[2011/02/19 12:50:17 | 000,001,071 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/19 12:50:05 | 000,000,872 | ---- | C] () -- C:\Users\Orlando\Desktop\ERUNT.lnk
[2011/02/19 10:42:23 | 001,237,976 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/02/19 10:22:15 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/19 10:21:47 | 001,252,984 | ---- | C] () -- C:\Users\Orlando\Desktop\Google Updater.exe
[2011/02/17 19:05:56 | 000,071,852 | ---- | C] () -- C:\Users\Orlando\Desktop\iPod Software License.rtf
[2011/02/16 23:09:37 | 005,298,620 | ---- | C] () -- C:\Users\Orlando\Desktop\greenpois0n.exe
[2011/02/16 23:09:37 | 000,002,657 | ---- | C] () -- C:\Users\Orlando\Desktop\README
[2011/02/13 23:00:01 | 000,616,241 | ---- | C] () -- C:\Users\Orlando\Desktop\Monetary policy.pptx
[2011/02/13 20:26:13 | 003,020,288 | ---- | C] () -- C:\Users\Orlando\Desktop\ch08.ppt
[2011/02/09 20:22:54 | 000,736,638 | ---- | C] () -- C:\Users\Orlando\Desktop\Winter Term 2010-11 Ethics Assignment.pdf
[2011/01/31 08:10:59 | 000,010,110 | ---- | C] () -- C:\Users\Orlando\Documents\econ202.docx
[2011/01/31 06:19:53 | 000,749,417 | ---- | C] () -- C:\Users\Orlando\Desktop\Bringing in the supply-side.pptx
[2011/01/30 18:36:46 | 000,670,598 | ---- | C] () -- C:\Users\Orlando\Desktop\Food Presentation- Curtis.PDF
[2011/01/30 12:13:58 | 000,091,665 | ---- | C] () -- C:\Users\Orlando\Documents\Orlando_Lam.pdf
[2011/01/29 23:48:24 | 000,012,181 | ---- | C] () -- C:\Users\Orlando\Desktop\MD CL.docx
[2011/01/29 14:26:04 | 000,015,969 | ---- | C] () -- C:\Users\Orlando\Desktop\Ethics Assignment.docx
[2011/01/29 11:04:33 | 000,012,165 | ---- | C] () -- C:\Users\Orlando\Desktop\CL.docx
[2011/01/14 21:09:16 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/12/14 09:28:26 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/09/26 14:00:13 | 000,000,086 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\urhtps.dat
[2010/09/26 11:32:53 | 000,051,200 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\6y6xpuez.default.dat
[2010/09/26 07:14:06 | 000,000,065 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\AcroIEHelpe.txt
[2010/09/18 17:52:34 | 000,000,168 | ---- | C] () -- C:\Windows\wininit.ini
[2010/06/19 08:15:58 | 000,007,606 | ---- | C] () -- C:\Users\Orlando\AppData\Local\Resmon.ResmonCfg
[2010/06/03 22:05:32 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/03/27 00:40:12 | 000,000,686 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\myMPQ.ini
[2010/03/10 12:26:26 | 000,006,144 | ---- | C] () -- C:\Users\Orlando\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/23 17:05:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/08 20:34:07 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\ssinstaller.dll
[2009/12/20 20:42:18 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/12/04 12:20:00 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/12/03 22:28:28 | 000,002,424 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/12/03 13:23:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/12/03 12:57:16 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/12/03 12:57:16 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/12/02 08:40:53 | 000,002,029 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\install.dat
[2009/08/18 14:45:45 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/13 19:14:38 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\wuapi.dll
[2009/07/13 19:09:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\WMVSDECD.DLL
[2009/07/13 19:03:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dsdmo.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:31:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\WsmSvc.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/11/07 20:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/10/08 22:38:27 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2000/01/27 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL

========== Custom Scans ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TempFC5A2B2

< End of report >

 

[ken545]

It didn't show what I was looking for. I'll be back as soon as I can

 

[ken545]

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  eventlog.dll

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[stopdroproll]

Is it suppose totals long? It's been 'scanning...' for a while now

 

[stopdroproll]

Take***

 

[ken545]

That should only take a few seconds, go ahead and cancel it

Go to start > All Programs > Accessories
Right Click Command Prompt and select run as administrator
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)

 

[stopdroproll]

Done...

 

[ken545]

OK, lets see what it finds now, when you open OTL you can click on the NONE button, it looks greyed out but its not

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  /md5start
  eventlog.dll
  eventlog.*
  /md5stop

• Then click the Run Scan button at the top
• Let the program run unhindered, reboot when it is done
• Then post the resulting OTL log.

 

[stopdroproll]

OTL logfile created on: 2/27/2011 10:15:51 AM - Run 3
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Orlando\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.40 Gb Total Space | 225.20 Gb Free Space | 78.91% Space Free | Partition Type: NTFS

Computer Name: ORLANDO-PC | User Name: Orlando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========



< MD5 for: EVENTLOG.ADML >
[2009/07/13 21:28:48 | 000,007,635 | ---- | M] () MD5=EDE283CF86AB27C2D088FEC300A31E5B -- C:\Windows\winsxs\amd64_microsoft-windows-eventlog-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ef6a54bcf9d9e555\EventLog.adml

< MD5 for: EVENTLOG.ADMX >
[2009/06/10 15:56:31 | 000,012,429 | ---- | M] () MD5=5FEA05DAF55C86EF5747510D7AFE9BC4 -- C:\Windows\winsxs\amd64_microsoft-windows-eventlog-adm_31bf3856ad364e35_6.1.7600.16385_none_02a85deb8287727e\EventLog.admx

< MD5 for: EVENTLOG.ETL >
[2011/02/13 15:12:10 | 000,393,216 | ---- | M] () MD5=7D250045D4BB883C5C8EAC1A2B7F76EA -- C:\Windows\SysNative\NDF\eventlog.etl

< End of report >

 

[ken545]

Looks like the eventlog is working.

Drag OTL to the trash and download a new copy, I mainly need to see the extras log


OTL by OldTimer

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

 

[stopdroproll]

I only got one log.

OTL logfile created on: 2/27/2011 5:29:28 PM - Run 4
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Orlando\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.40 Gb Total Space | 225.31 Gb Free Space | 78.95% Space Free | Partition Type: NTFS

Computer Name: ORLANDO-PC | User Name: Orlando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Orlando\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe (Systweak Inc., (www.systweak.com))
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Orlando\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV:64bit: - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (ASO3DiskOptimizer) -- C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe (Systweak Inc., (www.systweak.com))
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (WinRM) Windows Remote Management (WS-Management) -- C:\Windows\SysWOW64\WsmSvc.dll ()
SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\drivers\purendis.sys (Cisco Systems, Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {C6128004-4838-4708-9A97-BB172D17767D}:1.6.1
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.3
FF - prefs.js..extensions.enabledItems: {3205B348-523A-4fac-9BC4-9939CBF583B0}:2.1.5
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: afom@idevfh:2.0
FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.3
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/03 23:37:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/21 13:58:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/02/23 19:20:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/23 18:32:10 | 000,000,000 | ---D | M]

[2010/10/04 10:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Extensions
[2010/10/19 05:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions
[2010/10/04 20:19:56 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/10/04 20:19:52 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2010/10/04 20:19:52 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2010/10/07 19:33:12 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/10/04 20:19:54 | 000,000,000 | ---D | M] ("Dictionary Tooltip") -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\{C6128004-4838-4708-9A97-BB172D17767D}
[2010/10/04 20:19:54 | 000,000,000 | ---D | M] (AFOM Addon) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\afom@idevfh
[2010/10/04 20:19:50 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\autopager@mozilla.org
[2010/10/04 20:19:50 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\firefox@tvunetworks.com
[2010/10/04 20:19:51 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\netvideohunter@netvideohunter.com
[2010/10/04 20:19:54 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\extensions\searchrecs@veoh.com
[2009/12/03 17:39:52 | 000,004,554 | ---- | M] () -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\searchplugins\aim-search.xml
[2010/03/19 00:27:14 | 000,001,820 | ---- | M] () -- C:\Users\Orlando\AppData\Roaming\Mozilla\Firefox\Profiles\r43g4n4v.default\searchplugins\bing.xml
[2011/02/23 18:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/20 12:32:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/22 16:23:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/04/02 13:13:57 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES (X86)\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
[2010/09/26 07:14:04 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\ORLANDO\APPDATA\ROAMING\5005
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/02/23 16:40:56 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SystemProtector] C:\Program Files (x86)\Advanced System Optimizer 3\systemprotector.exe (Systweak Inc., (www.systweak.com))
O4 - HKU\S-1-5-21-1303545217-2589164206-708239540-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (sasnative64) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/27 17:23:51 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Orlando\Desktop\OTL.exe
[2011/02/26 20:50:14 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/02/26 20:50:14 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/02/26 20:50:14 | 002,272,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/02/26 20:50:14 | 001,791,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/02/26 20:50:14 | 001,490,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/02/26 20:50:14 | 001,426,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/02/26 20:50:14 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/02/26 20:50:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/26 20:50:14 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/02/26 20:50:14 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/02/26 20:50:14 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/02/26 20:50:14 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/02/26 20:50:14 | 000,453,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/02/26 20:50:14 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/02/26 20:50:14 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/02/26 20:50:14 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/02/26 20:50:14 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/02/26 20:50:14 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/02/26 20:50:14 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/02/26 20:50:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/02/26 20:50:14 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/02/26 20:50:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/02/26 20:50:14 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/02/26 20:50:14 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/02/26 20:50:14 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/02/26 20:50:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/02/26 20:50:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/02/26 20:50:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/02/26 20:50:14 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/02/26 20:50:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/02/26 20:50:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/02/26 20:50:14 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/02/26 20:50:14 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/02/26 20:50:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/02/26 20:50:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/02/26 20:50:14 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/02/26 20:50:14 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/02/26 20:50:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/02/26 20:50:14 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/02/26 20:50:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/02/26 20:50:14 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/02/26 20:50:14 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/02/26 20:50:14 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/02/26 20:50:14 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/02/26 20:50:14 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/02/26 20:50:14 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/02/26 20:50:14 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/02/26 20:50:14 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/02/26 20:50:14 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/02/26 20:50:14 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/02/26 20:50:14 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/02/26 20:50:14 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/02/26 20:50:14 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/02/26 20:50:14 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/02/26 20:50:14 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/02/26 20:50:14 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/02/26 20:50:14 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/02/26 20:50:14 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/02/26 20:50:14 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/02/26 20:50:14 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/02/26 20:50:14 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/02/26 20:50:14 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/02/26 20:50:14 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/02/26 20:50:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/02/26 20:50:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/02/26 20:50:14 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/02/26 20:50:14 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/02/26 20:50:14 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/02/26 20:50:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/02/26 20:50:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/02/26 20:50:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/02/26 20:50:14 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/02/26 20:50:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/02/26 20:50:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/02/26 20:50:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/02/26 20:50:14 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/02/26 20:50:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/02/26 20:50:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/02/25 23:17:14 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/02/25 23:17:14 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/02/25 23:17:14 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/02/25 23:17:14 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/02/25 23:17:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/02/25 23:17:14 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/02/25 23:17:11 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/02/25 23:17:11 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/02/25 23:17:11 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/02/25 23:17:11 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/02/25 23:17:11 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/02/25 23:17:11 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/25 23:17:11 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/25 23:17:11 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/25 23:17:11 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/02/25 23:17:11 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/02/25 23:17:10 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/02/25 23:17:08 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/02/25 23:17:03 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/02/25 23:17:03 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/02/25 23:17:00 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/02/25 23:17:00 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/02/25 23:17:00 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/25 23:16:55 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/02/25 23:16:55 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/02/25 23:16:49 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/02/25 23:16:49 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/02/25 22:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2011/02/25 22:34:22 | 002,530,104 | ---- | C] (Microsoft Corporation) -- C:\Users\Orlando\Desktop\IE9-Windows7-x64-enu.exe
[2011/02/25 19:58:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/25 19:27:11 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/02/25 19:11:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/25 19:11:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/25 19:11:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/25 19:11:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/25 19:10:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/25 18:33:51 | 000,000,000 | ---D | C] -- C:\Rooter$
[2011/02/25 18:30:21 | 000,173,119 | ---- | C] (Eric_71) -- C:\Users\Orlando\Desktop\Rooter.exe
[2011/02/25 14:21:01 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\Adobe
[2011/02/25 13:49:12 | 000,472,064 | ---- | C] ( ) -- C:\Users\Orlando\Desktop\RootRepeal.exe
[2011/02/23 18:40:30 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/23 18:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/02/23 18:15:56 | 008,582,536 | ---- | C] (Mozilla) -- C:\Users\Orlando\Desktop\Firefox Setup 3.6.13.exe
[2011/02/23 18:09:38 | 000,568,664 | ---- | C] (Google Inc.) -- C:\Users\Orlando\Desktop\ChromeSetup.exe
[2011/02/22 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\AIM
[2011/02/22 20:54:19 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\AOL
[2011/02/22 20:39:15 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Orlando\Desktop\ATF-Cleaner.exe
[2011/02/22 18:36:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/21 22:41:29 | 000,000,000 | ---D | C] -- C:\Users\Orlando\Desktop\AdamTheAnalyst
[2011/02/19 12:50:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/19 12:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/19 12:50:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/02/19 12:49:15 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Orlando\Desktop\erunt-setup.exe
[2011/02/19 10:42:22 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2011/02/19 10:42:22 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2011/02/19 10:42:19 | 000,331,368 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/02/19 10:42:19 | 000,136,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/02/19 10:42:15 | 000,257,232 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/02/19 10:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/02/19 10:41:37 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011/02/19 10:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/02/19 10:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/02/19 10:41:04 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\PC Tools
[2011/02/19 10:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/02/19 10:25:02 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\Immunet
[2011/02/19 10:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Immunet
[2011/02/19 10:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/02/19 10:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Updater
[2011/02/19 10:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2011/02/16 00:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/05 13:31:31 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\Acapela Group
[2011/02/05 13:31:23 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Local\Xtranormal
[2011/02/02 06:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xtranormal State
[2011/02/02 06:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xtranormal
[2011/02/02 06:18:13 | 000,000,000 | ---D | C] -- C:\Users\Orlando\AppData\Roaming\Xtranormal
[2 C:\Users\Orlando\AppData\Roaming\*.tmp files -> C:\Users\Orlando\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Orlando\Desktop\*.tmp files -> C:\Users\Orlando\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/27 17:23:52 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Orlando\Desktop\OTL.exe
[2011/02/27 17:21:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000UA.job
[2011/02/27 14:36:10 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/27 11:00:24 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\ASOService.job
[2011/02/27 10:33:05 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/27 10:33:05 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/27 10:26:26 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/27 10:24:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/27 10:24:43 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/27 00:47:50 | 000,075,264 | ---- | M] () -- C:\Users\Orlando\Desktop\SystemLook.exe
[2011/02/26 20:58:12 | 000,001,404 | ---- | M] () -- C:\Users\Orlando\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/26 20:50:14 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/02/26 20:50:14 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/02/26 20:50:14 | 002,272,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/02/26 20:50:14 | 001,791,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/02/26 20:50:14 | 001,490,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/02/26 20:50:14 | 001,426,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/02/26 20:50:14 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/02/26 20:50:14 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/26 20:50:14 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/02/26 20:50:14 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/02/26 20:50:14 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/02/26 20:50:14 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/02/26 20:50:14 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/02/26 20:50:14 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/02/26 20:50:14 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/02/26 20:50:14 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/02/26 20:50:14 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/02/26 20:50:14 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/02/26 20:50:14 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/02/26 20:50:14 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/02/26 20:50:14 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/02/26 20:50:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/02/26 20:50:14 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/02/26 20:50:14 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/02/26 20:50:14 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/02/26 20:50:14 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/02/26 20:50:14 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/02/26 20:50:14 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/02/26 20:50:14 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/02/26 20:50:14 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/02/26 20:50:14 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/02/26 20:50:14 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/02/26 20:50:14 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/02/26 20:50:14 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/02/26 20:50:14 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/02/26 20:50:14 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/02/26 20:50:14 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/02/26 20:50:14 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/02/26 20:50:14 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/02/26 20:50:14 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/02/26 20:50:14 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/02/26 20:50:14 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/02/26 20:50:14 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/02/26 20:50:14 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/02/26 20:50:14 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/02/26 20:50:14 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/02/26 20:50:14 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/02/26 20:50:14 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/02/26 20:50:14 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/02/26 20:50:14 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/02/26 20:50:14 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/02/26 20:50:14 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/02/26 20:50:14 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/02/26 20:50:14 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/02/26 20:50:14 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/02/26 20:50:14 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/02/26 20:50:14 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/02/26 20:50:14 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/02/26 20:50:14 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/02/26 20:50:14 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/02/26 20:50:14 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/02/26 20:50:14 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/02/26 20:50:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/02/26 20:50:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/02/26 20:50:14 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/02/26 20:50:14 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/02/26 20:50:14 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/02/26 20:50:14 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/02/26 20:50:14 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/02/26 20:50:14 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/02/26 20:50:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/02/26 20:50:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/02/26 20:50:14 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/02/26 20:50:14 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/02/26 20:50:14 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/02/26 20:50:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/02/26 20:50:14 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/02/26 20:50:14 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/02/26 20:50:14 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/02/26 20:50:14 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/02/26 20:50:12 | 001,253,436 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/02/26 18:18:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000Core.job
[2011/02/26 17:22:23 | 000,000,046 | ---- | M] () -- C:\Users\Orlando\jagex_runescape_preferences.dat
[2011/02/26 17:22:21 | 000,000,117 | ---- | M] () -- C:\Users\Orlando\jagex_runescape_preferences2.dat
[2011/02/26 11:38:25 | 000,002,332 | ---- | M] () -- C:\Users\Orlando\Desktop\Google Chrome.lnk
[2011/02/25 23:17:14 | 001,888,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/02/25 23:17:14 | 001,837,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/02/25 23:17:14 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/02/25 23:17:14 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/02/25 23:17:14 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/02/25 23:17:14 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/02/25 23:17:14 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/02/25 23:17:11 | 001,863,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/02/25 23:17:11 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/02/25 23:17:11 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/02/25 23:17:11 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/02/25 23:17:11 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/02/25 23:17:11 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/25 23:17:11 | 000,470,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/25 23:17:11 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/25 23:17:11 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/02/25 23:17:11 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/02/25 23:17:08 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/02/25 23:17:03 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/02/25 23:17:03 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/02/25 23:17:03 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/02/25 23:17:00 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/02/25 23:17:00 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/25 23:16:55 | 004,068,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/02/25 23:16:55 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/02/25 23:16:49 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/02/25 23:16:49 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/02/25 22:34:54 | 002,530,104 | ---- | M] (Microsoft Corporation) -- C:\Users\Orlando\Desktop\IE9-Windows7-x64-enu.exe
[2011/02/25 19:09:00 | 004,274,659 | R--- | M] () -- C:\Users\Orlando\Desktop\ComboFix.exe
[2011/02/25 18:30:21 | 000,173,119 | ---- | M] (Eric_71) -- C:\Users\Orlando\Desktop\Rooter.exe
[2011/02/25 13:49:12 | 000,472,064 | ---- | M] ( ) -- C:\Users\Orlando\Desktop\RootRepeal.exe
[2011/02/24 17:17:50 | 000,288,107 | ---- | M] () -- C:\Users\Orlando\Desktop\gmer.zip
[2011/02/23 18:35:18 | 000,001,930 | ---- | M] () -- C:\Users\Orlando\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/23 18:35:15 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/23 18:17:22 | 008,582,536 | ---- | M] (Mozilla) -- C:\Users\Orlando\Desktop\Firefox Setup 3.6.13.exe
[2011/02/23 18:11:02 | 000,568,664 | ---- | M] (Google Inc.) -- C:\Users\Orlando\Desktop\ChromeSetup.exe
[2011/02/23 16:40:56 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/02/22 20:39:03 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Orlando\Desktop\ATF-Cleaner.exe
[2011/02/21 21:46:56 | 000,129,289 | ---- | M] () -- C:\Users\Orlando\Desktop\12133.png
[2011/02/20 15:56:34 | 001,401,379 | ---- | M] () -- C:\Users\Orlando\Desktop\BlackRock Liquidity.PDF
[2011/02/19 16:24:02 | 000,006,086 | ---- | M] () -- C:\Users\Orlando\Desktop\Attach.zip
[2011/02/19 16:22:34 | 000,044,318 | ---- | M] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw3.pdf
[2011/02/19 16:15:45 | 000,055,210 | ---- | M] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw2_Sol.pdf
[2011/02/19 12:50:59 | 000,624,128 | ---- | M] () -- C:\Users\Orlando\Desktop\dds.scr
[2011/02/19 12:50:17 | 000,001,071 | ---- | M] () -- C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/19 12:50:05 | 000,000,872 | ---- | M] () -- C:\Users\Orlando\Desktop\ERUNT.lnk
[2011/02/19 12:49:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Orlando\Desktop\erunt-setup.exe
[2011/02/19 10:22:00 | 001,252,984 | ---- | M] () -- C:\Users\Orlando\Desktop\Google Updater.exe
[2011/02/17 19:05:56 | 000,071,852 | ---- | M] () -- C:\Users\Orlando\Desktop\iPod Software License.rtf
[2011/02/12 21:58:56 | 005,298,620 | ---- | M] () -- C:\Users\Orlando\Desktop\greenpois0n.exe
[2011/02/11 22:36:56 | 000,002,657 | ---- | M] () -- C:\Users\Orlando\Desktop\README
[2011/02/11 06:56:13 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/11 06:56:13 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/11 06:56:13 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/09 20:23:02 | 000,736,638 | ---- | M] () -- C:\Users\Orlando\Desktop\Winter Term 2010-11 Ethics Assignment.pdf
[2011/02/01 17:16:18 | 000,091,665 | ---- | M] () -- C:\Users\Orlando\Documents\Orlando_Lam.pdf
[2011/01/30 18:34:28 | 000,670,598 | ---- | M] () -- C:\Users\Orlando\Desktop\Food Presentation- Curtis.PDF
[2 C:\Users\Orlando\AppData\Roaming\*.tmp files -> C:\Users\Orlando\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Orlando\Desktop\*.tmp files -> C:\Users\Orlando\Desktop\*.tmp -> ]