Jump to content

harper.rb

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

 Content Type 

Everything posted by harper.rb

  1. harper.rb
    Okay! Great, and thanks again for all the help. I really appreciate it! -Rory
  2. harper.rb
    dang. well. its was chugging along at 3:30 hours 99% complete and no infected when my computer blue-screened. Its restarted and no apparent issues now. I ll restart the scan and up load that log asap.
  3. harper.rb
    Here you go. Everything does seem to be working fine. The "This Windows is not licensed" message is no longer there and I have not had any IP blocks yet either. Thanks for your help. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4194 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 06/13/10 04:56 PM mbam-log-2010-06-13 (16-56-26).txt Scan type: Full scan (C:\|) Objects scanned: 688446 Time elapsed: 3 hour(s), 12 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Rory Harper\Desktop\adobe cs4 master\MAZUKi\adobe-master-cs4pre-keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\Users\Rory Harper\Desktop\New folder\xf-a2010.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\Users\Rory Harper\Downloads\Adobe After Effects CS4 (Final) [RH]\AAE_CS4_[RH]\Adobe After Effects CS4\ACS4MC- Keygen\Keygen (X-FORCE)\ACS4MC-Keygen (X-FORCE).exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Rory Harper\Downloads\Adobe Illustrator CS4\Key\adobe-master-cs4-keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
  4. harper.rb
  5. harper.rb
    </b>Here is the OTList</b> OTL logfile created on: 6/12/2010 12:29:13 PM - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Rory Harper\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 41.00% Memory free 8.00 Gb Paging File | 5.00 Gb Available in Paging File | 64.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283.44 Gb Total Space | 24.87 Gb Free Space | 8.77% Space Free | Partition Type: NTFS Drive D: | 8.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Unable to calculate disk information. F: Drive not present or media not loaded Drive G: | 3.72 Gb Total Space | 1.30 Gb Free Space | 34.88% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: REDKINGIV Current User Name: Rory Harper Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/12 12:28:50 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Rory Harper\Desktop\OTL.exe PRC - [2010/06/10 07:42:46 | 000,395,048 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2010/06/06 06:34:26 | 001,352,320 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010/06/06 06:34:26 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010/06/02 17:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010/06/02 12:28:43 | 000,218,608 | ---- | M] (Turbine, Inc.) -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe PRC - [2010/06/02 12:28:12 | 000,472,568 | ---- | M] (Turbine, Inc.) -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe PRC - [2010/06/02 12:27:27 | 000,271,856 | ---- | M] (Turbine, Inc.) -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe PRC - [2010/06/01 22:57:48 | 000,945,648 | ---- | M] (Google Inc.) -- C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010/05/12 05:58:40 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010/04/19 11:44:56 | 000,083,440 | ---- | M] (Google) -- C:\Users\Rory Harper\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe PRC - [2010/04/16 05:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/04/04 11:33:34 | 000,040,448 | ---- | M] (Mobile Stream) -- C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe PRC - [2010/03/20 19:49:45 | 000,654,648 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\bittorrent.exe PRC - [2010/03/18 11:24:26 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Rory Harper\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe PRC - [2010/02/25 22:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Rory Harper\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe PRC - [2009/09/29 17:29:03 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2009/09/17 12:32:28 | 000,711,384 | ---- | M] () -- C:\Users\Rory Harper\AppData\Local\Autobahn\autobahn.exe PRC - [2009/08/19 08:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2009/08/19 08:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2009/07/24 10:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2009/07/23 17:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe PRC - [2009/07/22 17:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009/07/16 10:07:54 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe PRC - [2009/07/07 11:20:56 | 008,493,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009/06/24 12:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe PRC - [2009/06/11 15:13:40 | 000,158,584 | ---- | M] () -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe PRC - [2009/06/11 15:13:40 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe PRC - [2009/06/11 15:13:30 | 002,088,296 | ---- | M] (CinemaNow Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe PRC - [2009/05/18 15:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009/04/20 11:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe PRC - [2009/03/12 14:39:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe PRC - [2009/03/05 13:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/02/23 17:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe PRC - [2009/02/05 22:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe PRC - [2009/01/26 12:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/12 07:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe PRC - [2008/08/13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008/07/18 19:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2008/03/31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2006/12/01 18:35:40 | 000,139,268 | ---- | M] () -- C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe PRC - [2005/07/15 14:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe ========== Modules (SafeList) ========== MOD - [2010/06/12 12:28:50 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Rory Harper\Desktop\OTL.exe MOD - [2009/07/13 18:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/04/01 12:40:48 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2010/03/09 05:18:24 | 001,255,736 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV:64bit: - [2009/09/15 13:21:58 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009/07/13 18:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc) SRV:64bit: - [2009/07/13 18:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc) SRV:64bit: - [2009/07/13 18:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power) SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:64bit: - [2009/07/13 18:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify) SRV:64bit: - [2009/07/13 18:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc) SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc) SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc) SRV:64bit: - [2009/07/13 18:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider) SRV:64bit: - [2009/07/13 18:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper) SRV:64bit: - [2009/07/13 18:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg) SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 18:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener) SRV:64bit: - [2009/07/13 18:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:64bit: - [2009/07/13 18:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV:64bit: - [2009/07/13 18:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc) SRV:64bit: - [2009/07/13 18:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv) SRV:64bit: - [2009/07/13 18:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC) SRV:64bit: - [2009/07/13 18:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV) SRV:64bit: - [2009/07/13 18:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc) SRV:64bit: - [2009/07/13 18:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine) SRV:64bit: - [2009/07/13 18:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc) SRV:64bit: - [2009/07/13 18:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax) SRV:64bit: - [2009/03/12 14:39:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe -- (mi-raysat_3dsmax2010_64) SRV:64bit: - [2008/02/02 04:33:16 | 000,046,592 | ---- | M] (Dassault Systemes) [Auto | Running] -- C:\Program Files\Gehry Technologies\Digital Project V1,R4\DSB19\win_b64\code\bin\CATSysDemon.exe -- (BBDemon) SRV:64bit: - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2010/06/10 07:42:46 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/06/06 06:34:26 | 001,352,320 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010/06/02 12:28:43 | 000,218,608 | ---- | M] (Turbine, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService) SRV - [2010/06/02 12:27:27 | 000,271,856 | ---- | M] (Turbine, Inc.) [Auto | Running] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService) SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2010/05/04 16:52:07 | 002,478,640 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\rswin_3697.dll -- (Akamai) SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/04/16 05:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/03/08 14:49:39 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS) SRV - [2010/01/29 15:50:50 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/11/06 07:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus® SRV - [2009/10/20 11:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2009/08/05 19:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009/07/23 17:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe -- (FastBootAgent) SRV - [2009/07/13 20:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS) SRV - [2009/07/13 20:20:14 | 000,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV - [2009/07/13 13:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2009/06/11 15:13:40 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service) SRV - [2009/06/10 13:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2009/01/26 12:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008/06/13 02:05:48 | 001,539,224 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service) SRV - [2008/03/31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007/12/16 21:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) SRV - [2007/01/10 21:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) SRV - [2006/12/01 18:35:40 | 000,139,268 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe -- (DCPFLICS) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010/06/11 17:54:00 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2010/06/06 06:34:29 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2010/04/28 22:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys -- (SymIRON) DRV:64bit: - [2010/04/21 20:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys -- (SymEFA) DRV:64bit: - [2010/04/21 19:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2010/03/13 03:56:40 | 000,014,336 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether) DRV:64bit: - [2010/03/09 21:00:06 | 000,014,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\iPodDrv.sys -- (iPodDrv) DRV:64bit: - [2010/02/26 19:23:21 | 000,505,392 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.sys -- (SRTSP) DRV:64bit: - [2010/02/25 17:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys -- (ccHP) DRV:64bit: - [2010/02/03 18:40:52 | 000,451,120 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symtdiv.sys -- (SYMTDIV) DRV:64bit: - [2010/02/03 18:40:47 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys -- (SymDS) DRV:64bit: - [2009/12/11 03:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg) DRV:64bit: - [2009/10/20 11:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009/09/29 17:26:11 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:64bit: - [2009/09/25 23:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol) DRV:64bit: - [2009/09/15 17:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel® DRV:64bit: - [2009/08/28 17:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2009/08/13 19:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009/08/05 20:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009/07/20 02:48:31 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/20 02:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy) DRV:64bit: - [2009/07/13 18:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends) DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 18:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount) DRV:64bit: - [2009/07/13 18:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp) DRV:64bit: - [2009/07/13 18:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 18:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost) DRV:64bit: - [2009/07/13 18:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw) DRV:64bit: - [2009/07/13 18:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG) DRV:64bit: - [2009/07/13 17:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus) DRV:64bit: - [2009/07/13 17:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP) DRV:64bit: - [2009/07/13 17:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV:64bit: - [2009/07/13 17:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf) DRV:64bit: - [2009/07/13 17:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap) DRV:64bit: - [2009/07/13 17:07:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifimp.sys -- (vwifimp) DRV:64bit: - [2009/07/13 17:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt) DRV:64bit: - [2009/07/13 17:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus) DRV:64bit: - [2009/07/13 17:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci) DRV:64bit: - [2009/07/13 17:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService) DRV:64bit: - [2009/07/13 17:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM) DRV:64bit: - [2009/07/13 17:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass) DRV:64bit: - [2009/07/13 17:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV:64bit: - [2009/07/13 17:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb) DRV:64bit: - [2009/07/13 17:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf) DRV:64bit: - [2009/07/13 17:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf) DRV:64bit: - [2009/07/13 17:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig) DRV:64bit: - [2009/07/13 17:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus) DRV:64bit: - [2009/07/13 17:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep) DRV:64bit: - [2009/07/13 16:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID) DRV:64bit: - [2009/07/13 16:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter) DRV:64bit: - [2009/07/13 16:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache) DRV:64bit: - [2009/07/13 16:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009/07/13 16:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt) DRV:64bit: - [2009/07/13 16:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt) DRV:64bit: - [2009/07/13 16:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi) DRV:64bit: - [2009/07/13 16:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM) DRV:64bit: - [2009/06/25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2009/06/25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2009/06/25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/06/10 13:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 03:54:35 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/05/22 07:52:29 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/05/20 01:11:05 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/05/13 17:51:39 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel® DRV:64bit: - [2009/05/12 18:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009/04/29 14:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009/03/09 16:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir) DRV:64bit: - [2009/02/24 16:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2008/05/23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2008/01/02 00:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver) DRV:64bit: - [2007/07/24 11:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2010/06/11 01:00:00 | 001,773,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100612.003\EX64.SYS -- (NAVEX15) DRV - [2010/06/11 01:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2010/06/11 01:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100612.003\ENG64.SYS -- (NAVENG) DRV - [2010/05/28 12:33:18 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100604.004\IDSviA64.sys -- (IDSVia64) DRV - [2010/04/29 10:44:04 | 000,678,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100429.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/13 18:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb) DRV - [2009/07/13 18:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS) DRV - [2009/06/10 14:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2009/06/10 14:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) DRV - [2009/02/24 16:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) DRV - [2008/09/05 18:05:40 | 000,614,400 | ---- | M] (Autodesk, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Autodesk\Backburner\monitor.exe -- (monitor) DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\adfs.sys -- (adfs) DRV - [2006/05/18 20:39:57 | 000,015,497 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\snp2uvc.ini -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com IE - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://floridastate.rivals.com/ IE - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 49 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.5 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/09 21:00:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\ [2010/06/11 19:22:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn\ [2010/06/11 17:54:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/05 07:42:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/22 05:38:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/05/09 12:15:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/05/14 18:24:24 | 000,000,000 | ---D | M] [2009/11/10 17:43:49 | 000,000,000 | ---D | M] -- C:\Users\Rory Harper\AppData\Roaming\Mozilla\Extensions [2010/01/07 15:25:57 | 000,000,000 | ---D | M] -- C:\Users\Rory Harper\AppData\Roaming\Mozilla\Firefox\Profiles\t0iv01rd.default\extensions [2009/11/12 16:48:40 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Rory Harper\AppData\Roaming\Mozilla\Firefox\Profiles\t0iv01rd.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010/05/22 05:38:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/05/22 05:38:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/05/22 05:38:15 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2010/05/06 20:23:47 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [Turbine Download Manager Tray Icon] C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe (Turbine, Inc.) O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.) O4 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000..\Run: [EasyTether] C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream) O4 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000..\Run: [EPSON WorkForce 310 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIFHA.EXE File not found O4 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - Startup: C:\Users\Rory Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autobahn.lnk = C:\Users\Rory Harper\AppData\Local\Autobahn\autobahn.exe () O4 - Startup: C:\Users\Rory Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rory Harper\AppData\Roaming\Dropbox\bin\Dropbox.exe () O4 - Startup: C:\Users\Rory Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () O4 - Startup: C:\Users\Rory Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O4 - Startup: C:\Users\Rory Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\..Trusted Domains: cinemanow.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\..Trusted Domains: cinemanow.com ([]https in Trusted sites) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/05/11 14:21:16 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2008/10/20 18:08:11 | 000,000,049 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{9d06a055-082c-11df-a1b3-84379de8e149}\Shell - "" = AutoRun O33 - MountPoints2\{9d06a055-082c-11df-a1b3-84379de8e149}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/12 12:28:50 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Rory Harper\Desktop\OTL.exe [2010/06/11 20:43:08 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys [2010/06/11 20:43:08 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys [2010/06/11 20:43:08 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys [2010/06/11 20:43:08 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys [2010/06/11 20:43:07 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys [2010/06/11 20:43:07 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys [2010/06/11 20:43:07 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys [2010/06/11 20:42:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C [2010/06/11 18:44:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/06/11 18:18:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2010/06/11 18:07:08 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Roaming\Wireshark [2010/06/11 18:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap [2010/06/11 18:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark [2010/06/11 17:54:07 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2010/06/11 17:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2010/06/11 17:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2010/06/11 17:53:50 | 000,615,040 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.sys [2010/06/11 17:53:50 | 000,505,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.sys [2010/06/11 17:53:50 | 000,451,120 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symtdiv.sys [2010/06/11 17:53:50 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SymDS64.sys [2010/06/11 17:53:50 | 000,221,232 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SymEFA64.sys [2010/06/11 17:53:50 | 000,149,552 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Ironx64.sys [2010/06/11 17:53:50 | 000,032,304 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.sys [2010/06/11 17:53:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2010/06/11 17:53:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1106000.020 [2010/06/11 17:53:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2010/06/11 15:26:20 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Roaming\Malwarebytes [2010/06/11 15:26:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/06/11 15:26:07 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010/06/11 15:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/06/11 15:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010/06/10 17:15:11 | 000,000,000 | R--D | C] -- C:\Users\Rory Harper\Documents\Scanned Documents [2010/06/10 17:15:10 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\Documents\Fax [2010/06/09 10:16:47 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\Desktop\New folder (2) [2010/06/09 04:29:15 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll [2010/06/09 04:29:15 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll [2010/06/09 04:29:14 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010/06/09 04:29:14 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010/06/09 04:29:14 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010/06/09 04:29:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010/06/09 04:29:07 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2010/06/09 04:29:07 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll [2010/06/09 04:29:07 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll [2010/06/09 04:29:06 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2010/06/09 04:29:06 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll [2010/06/09 04:29:06 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2010/06/09 04:29:06 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2010/06/09 04:29:06 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2010/06/09 04:29:06 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll [2010/06/09 04:29:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll [2010/06/07 15:34:27 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Roaming\Guitar Pro 6 [2010/06/07 15:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6 [2010/06/07 15:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guitar Pro 6 [2010/06/07 13:08:33 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\Desktop\optima fonts [2010/06/07 10:42:24 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Roaming\DivX [2010/06/07 10:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2010/06/07 10:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010/06/06 06:35:19 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010/06/03 14:35:57 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Local\SupportSoft [2010/06/03 14:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SupportSoft [2010/06/03 14:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ComcastUI [2010/05/30 06:34:55 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2010/05/30 06:27:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010/05/30 06:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010/05/30 06:27:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2010/05/29 21:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2010/05/29 20:17:39 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Roaming\nCleaner [2010/05/29 20:16:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NKProds [2010/05/29 17:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010/05/29 17:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010/05/23 05:46:43 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\Documents\Subscriptions [2010/05/22 05:38:35 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010/05/22 05:38:35 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010/05/22 05:38:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010/05/22 05:38:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010/05/21 17:24:41 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\Documents\Dawn of Discovery Venice [2010/05/21 16:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2010/05/20 00:19:48 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe [2010/05/20 00:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\SlikSvn [2010/05/20 00:02:07 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Roaming\Gehry Technologies [2010/05/20 00:02:07 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Local\Gehry Technologies [2010/05/19 23:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Gehry Technologies [2010/05/19 23:51:34 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Roaming\DassaultSystemes [2010/05/19 23:51:34 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Local\DassaultSystemes [2010/05/19 23:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes [2010/05/19 23:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Gehry Technologies [2010/05/19 23:36:56 | 000,000,000 | ---D | C] -- C:\DPV1R4_GA+SP5 [2010/05/19 21:01:28 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Roaming\FileZilla [2010/05/19 21:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2010/05/17 13:23:52 | 000,000,000 | ---D | C] -- C:\Temp [2010/05/14 18:24:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2010/05/14 18:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2010/05/14 18:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX ========== Files - Modified Within 30 Days ========== [2010/06/12 12:31:42 | 005,505,024 | -HS- | M] () -- C:\Users\Rory Harper\NTUSER.DAT [2010/06/12 12:29:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2399041059-1940010937-2689063756-1000UA.job [2010/06/12 12:28:50 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Rory Harper\Desktop\OTL.exe [2010/06/12 12:22:21 | 000,727,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/06/12 12:22:21 | 000,624,128 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/06/12 12:22:21 | 000,107,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/06/12 12:19:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/06/12 09:17:15 | 001,136,744 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Cat.DB [2010/06/11 19:28:19 | 000,000,943 | ---- | M] () -- C:\Users\Rory Harper\Desktop\MBAMlog.csv [2010/06/11 19:26:41 | 000,004,706 | ---- | M] () -- C:\Users\Rory Harper\Desktop\Attach.zip [2010/06/11 18:19:03 | 000,001,110 | ---- | M] () -- C:\Users\Rory Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010/06/11 18:18:47 | 000,000,930 | ---- | M] () -- C:\Users\Rory Harper\Desktop\NTREGOPT.lnk [2010/06/11 18:18:47 | 000,000,911 | ---- | M] () -- C:\Users\Rory Harper\Desktop\ERUNT.lnk [2010/06/11 17:54:00 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2010/06/11 17:54:00 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2010/06/11 17:54:00 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2010/06/11 17:53:55 | 000,002,567 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2010/06/11 17:53:27 | 000,001,302 | ---- | M] () -- C:\Users\Rory Harper\Desktop\Norton Installation Files.lnk [2010/06/11 17:26:50 | 000,525,824 | ---- | M] () -- C:\Windows\dds.scr [2010/06/11 17:26:50 | 000,525,824 | ---- | M] () -- C:\Users\Rory Harper\Desktop\dds.scr [2010/06/11 17:26:50 | 000,525,824 | ---- | M] () -- C:\Windows\dds [2010/06/11 17:20:26 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/06/11 17:20:26 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/06/11 17:17:25 | 000,002,228 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2010/06/11 17:17:25 | 000,001,903 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2010/06/11 17:14:37 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/06/11 17:13:18 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010/06/11 17:13:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/06/11 17:12:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/06/11 17:12:55 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys [2010/06/11 17:12:08 | 004,304,409 | -H-- | M] () -- C:\Users\Rory Harper\AppData\Local\IconCache.db [2010/06/11 16:44:46 | 000,000,272 | ---- | M] () -- C:\Users\Rory Harper\Documents\norton case file.rtf [2010/06/11 14:43:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2399041059-1940010937-2689063756-1000Core.job [2010/06/11 08:47:27 | 000,127,848 | ---- | M] () -- C:\Users\Rory Harper\AppData\Local\GDIPFONTCACHEV1.DAT [2010/06/11 08:39:08 | 003,410,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/06/10 20:13:00 | 000,000,510 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Rory Harper.job [2010/06/09 15:30:39 | 000,002,436 | ---- | M] () -- C:\Users\Rory Harper\Desktop\Google Chrome.lnk [2010/06/09 10:14:57 | 004,364,649 | ---- | M] () -- C:\Users\Rory Harper\Desktop\harper_rory_portfolio.pdf [2010/06/07 13:28:32 | 001,317,091 | ---- | M] () -- C:\Users\Rory Harper\Desktop\urbandesign.pdf [2010/06/07 10:42:51 | 000,001,624 | ---- | M] () -- C:\Users\Rory Harper\Desktop\DivX Movies.lnk [2010/06/07 10:42:17 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010/06/07 10:41:50 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010/06/06 06:34:29 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010/06/03 20:55:08 | 001,684,928 | ---- | M] () -- C:\Users\Rory Harper\Documents\DEMONFORD.tif [2010/06/03 20:54:29 | 002,976,281 | ---- | M] () -- C:\Users\Rory Harper\Documents\DEMONFORD.pdf [2010/06/03 14:35:58 | 000,000,203 | ---- | M] () -- C:\Users\Rory Harper\Desktop\Comcast Security.url [2010/06/03 14:35:57 | 000,000,209 | ---- | M] () -- C:\Users\Rory Harper\Desktop\Comcast Email.url [2010/06/03 14:33:38 | 000,002,296 | ---- | M] () -- C:\Users\Public\Desktop\Comcast Desktop Software.lnk [2010/05/30 06:34:52 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2010/05/30 06:34:11 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe [2010/05/30 06:27:30 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010/05/29 21:42:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\w32apiw.dll [2010/05/27 00:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010/05/26 23:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010/05/26 21:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010/05/26 20:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010/05/22 05:38:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010/05/22 05:38:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010/05/22 05:38:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010/05/22 05:38:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010/05/20 22:52:30 | 001,192,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2010/05/20 22:47:27 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll [2010/05/20 22:18:06 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2010/05/20 22:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll [2010/05/20 00:18:51 | 000,002,363 | ---- | M] () -- C:\Users\Public\Desktop\Digital Project V1,R4 (64-bit) License Administrator .lnk [2010/05/20 00:18:50 | 000,002,363 | ---- | M] () -- C:\Users\Public\Desktop\Digital Project V1,R4 (64-bit).lnk [2010/05/18 19:54:58 | 002,789,376 | ---- | M] () -- C:\Users\Rory Harper\Desktop\portfolio.indd [2010/05/18 19:52:48 | 034,097,731 | ---- | M] () -- C:\Users\Rory Harper\Desktop\Harper_Rory_ Porfolio.zip [2010/05/18 19:50:32 | 034,299,476 | ---- | M] () -- C:\Users\Rory Harper\Desktop\Harper, Rory_ Porfolio.zip [2010/05/18 18:07:11 | 002,758,604 | ---- | M] () -- C:\Users\Rory Harper\Desktop\portfolio.xfl [2010/05/13 23:32:01 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\isolate.ini ========== Files Created - No Company Name ========== [2010/06/11 20:43:08 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.cat [2010/06/11 20:43:08 | 000,007,787 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnetv64.cat [2010/06/11 20:43:08 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.cat [2010/06/11 20:43:08 | 000,007,368 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnet64.cat [2010/06/11 20:43:08 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa.inf [2010/06/11 20:43:08 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds.inf [2010/06/11 20:43:08 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnetv.inf [2010/06/11 20:43:08 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnet.inf [2010/06/11 20:43:08 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.inf [2010/06/11 20:43:07 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.cat [2010/06/11 20:43:07 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.cat [2010/06/11 20:43:07 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\iron.cat [2010/06/11 20:43:07 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.cat [2010/06/11 20:43:07 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.inf [2010/06/11 20:43:07 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.inf [2010/06/11 20:43:07 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\iron.inf [2010/06/11 20:42:48 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\isolate.ini [2010/06/11 19:28:16 | 000,000,943 | ---- | C] () -- C:\Users\Rory Harper\Desktop\MBAMlog.csv [2010/06/11 19:26:40 | 000,004,706 | ---- | C] () -- C:\Users\Rory Harper\Desktop\Attach.zip [2010/06/11 18:19:03 | 000,001,110 | ---- | C] () -- C:\Users\Rory Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010/06/11 18:18:47 | 000,000,930 | ---- | C] () -- C:\Users\Rory Harper\Desktop\NTREGOPT.lnk [2010/06/11 18:18:47 | 000,000,911 | ---- | C] () -- C:\Users\Rory Harper\Desktop\ERUNT.lnk [2010/06/11 17:54:21 | 001,136,744 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Cat.DB [2010/06/11 17:54:07 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2010/06/11 17:54:07 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2010/06/11 17:53:55 | 000,002,567 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2010/06/11 17:53:44 | 000,003,374 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SymEFA.inf [2010/06/11 17:53:44 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SymDS.inf [2010/06/11 17:53:44 | 000,001,838 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\ccHPx64.inf [2010/06/11 17:53:44 | 000,001,473 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SymNetV.inf [2010/06/11 17:53:44 | 000,001,445 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SymNet.inf [2010/06/11 17:53:44 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.inf [2010/06/11 17:53:44 | 000,001,421 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.inf [2010/06/11 17:53:44 | 000,000,771 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Iron.inf [2010/06/11 17:53:43 | 000,007,787 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symnetv64.cat [2010/06/11 17:53:43 | 000,007,414 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.cat [2010/06/11 17:53:43 | 000,007,412 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SymEFA64.cat [2010/06/11 17:53:43 | 000,007,410 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.cat [2010/06/11 17:53:43 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SymDS64.cat [2010/06/11 17:53:43 | 000,007,402 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\iron.cat [2010/06/11 17:53:43 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symnet64.cat [2010/06/11 17:53:43 | 000,007,358 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.cat [2010/06/11 17:53:43 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\isolate.ini [2010/06/11 17:41:52 | 000,525,824 | ---- | C] () -- C:\Windows\dds.scr [2010/06/11 17:36:33 | 000,525,824 | ---- | C] () -- C:\Windows\dds [2010/06/11 17:26:50 | 000,525,824 | ---- | C] () -- C:\Users\Rory Harper\Desktop\dds.scr [2010/06/11 16:54:38 | 000,001,302 | ---- | C] () -- C:\Users\Rory Harper\Desktop\Norton Installation Files.lnk [2010/06/11 16:44:46 | 000,000,272 | ---- | C] () -- C:\Users\Rory Harper\Documents\norton case file.rtf [2010/06/09 10:11:36 | 004,364,649 | ---- | C] () -- C:\Users\Rory Harper\Desktop\harper_rory_portfolio.pdf [2010/06/07 13:28:32 | 001,317,091 | ---- | C] () -- C:\Users\Rory Harper\Desktop\urbandesign.pdf [2010/06/07 10:42:17 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010/06/07 10:41:49 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010/06/03 20:54:52 | 001,684,928 | ---- | C] () -- C:\Users\Rory Harper\Documents\DEMONFORD.tif [2010/06/03 20:54:24 | 002,976,281 | ---- | C] () -- C:\Users\Rory Harper\Documents\DEMONFORD.pdf [2010/06/03 14:35:57 | 000,000,209 | ---- | C] () -- C:\Users\Rory Harper\Desktop\Comcast Email.url [2010/06/03 14:35:57 | 000,000,203 | ---- | C] () -- C:\Users\Rory Harper\Desktop\Comcast Security.url [2010/06/03 14:33:37 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\Comcast Desktop Software.lnk [2010/05/30 11:10:50 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe [2010/05/30 06:27:30 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010/05/29 20:17:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\w32apiw.dll [2010/05/20 00:18:51 | 000,002,363 | ---- | C] () -- C:\Users\Public\Desktop\Digital Project V1,R4 (64-bit) License Administrator .lnk [2010/05/20 00:18:50 | 000,002,363 | ---- | C] () -- C:\Users\Public\Desktop\Digital Project V1,R4 (64-bit).lnk [2010/05/18 19:52:12 | 034,097,731 | ---- | C] () -- C:\Users\Rory Harper\Desktop\Harper_Rory_ Porfolio.zip [2010/05/18 19:50:29 | 034,299,476 | ---- | C] () -- C:\Users\Rory Harper\Desktop\Harper, Rory_ Porfolio.zip [2010/05/18 18:06:56 | 002,758,604 | ---- | C] () -- C:\Users\Rory Harper\Desktop\portfolio.xfl [2010/05/18 18:06:43 | 002,789,376 | ---- | C] () -- C:\Users\Rory Harper\Desktop\portfolio.indd [2010/05/14 18:24:28 | 000,001,624 | ---- | C] () -- C:\Users\Rory Harper\Desktop\DivX Movies.lnk [2010/05/10 11:51:43 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010/05/04 13:03:38 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010/05/04 13:03:38 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010/04/16 21:59:23 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll [2010/04/02 14:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010/01/31 09:14:26 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2010/01/31 09:08:35 | 000,000,060 | ---- | C] () -- C:\Windows\EPWF310.ini [2009/11/18 23:25:56 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll [2009/11/18 23:25:55 | 000,651,264 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll [2009/11/03 20:25:34 | 000,743,594 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/11/02 17:41:47 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2009/10/28 08:11:43 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2009/10/20 11:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2009/09/29 17:27:05 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll [2009/09/29 17:22:29 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009/09/29 17:22:29 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009/08/19 01:33:09 | 000,000,031 | ---- | C] () -- C:\Windows\OOBEPlayer.ini [2009/07/28 22:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008/12/01 18:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll [2008/10/07 06:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008/10/07 06:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2006/05/18 20:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2004/03/23 13:38:40 | 000,086,016 | R--- | C] () -- C:\Windows\SysWow64\X3DGlCtl.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 1072 bytes -> C:\Users\Rory Harper\AppData\Local\cRMgB1fJII:WcDn3eLPnLcf2DagYy9uOYG < End of report > The post was too long to accept, so I attached the extras.txt Thanks Extras.Txt
  6. harper.rb
    hey guys, I noticed a few others had similar issues and I was going to follow along until I also noticed that each thread is really for that one person's computer. So I figured I'd start another one. First, I had a message appear on my windows desktop, not a window, just embedded in the background, "This copy of Windows is not Licensed... " or something to that order. Considering I bought this from bestbuy, anything can happened, but it does have the window's sticker if that means anything. So I figured it was probably malware i got through p2p files. I scanned with Norton and nothing came up and then I downloaded MBAM and still nothing came up, but then with the MBAM pro, I began to get all the IP blocked messages. So, that led to me to do some searching and led me back here to this forum. Hopefully this can be resolved, or at least figure out if I still have (and can get rid of) any malware still on my PC. I really appreciate what you guys are doing here and the time you put in. Thanks for any help. So I followed, "I'm infected, what do I do now?" section, and hopefully got everything right. Here it goes. DDS (Ver_10-03-17.01) - NTFSX64 Run by Rory Harper at 17:42:00.54 on Fri 06/11/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.1510 [GMT -7:00] SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\FBAgent.exe C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Gehry Technologies\Digital Project V1,R4\DSB19\win_b64\code\bin\CATSysDemon.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\System32\spool\drivers\x64\3\E_IATIFHA.EXE C:\Users\Rory Harper\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Users\Rory Harper\AppData\Local\Autobahn\autobahn.exe C:\Users\Rory Harper\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rory Harper\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\conhost.exe C:\Windows\regedit.exe C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uStart Page = hxxp://floridastate.rivals.com/ uDefault_Page_URL = hxxp://asus.msn.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\syswow64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files (x86)\common files\doubletwist\IEPodcastPlugin.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File uRun: [Google Update] "c:\users\rory harper\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [steam] "c:\program files (x86)\steam\Steam.exe" -silent uRun: [EasyTether] "c:\program files (x86)\mobile stream\easytether\easytthr.exe" uRun: [spybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe uRun: [EPSON WorkForce 310 Series] c:\windows\system32\spool\drivers\x64\3\e_iatifha.exe /fu "c:\users\roryha~1\appdata\local\temp\E_S2689.tmp" /EF "HKCU" uRun: [Desktop Software] "c:\program files (x86)\common files\supportsoft\bin\bcont.exe" /ini "c:\program files (x86)\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden uRun: [AdobeBridge] mRun: [updateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [updateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [HControlUser] c:\program files (x86)\asus\atk hotkey\HControlUser.exe mRun: [ATKMEDIA] c:\program files (x86)\asus\atk media\DMedia.exe mRun: [ATKOSD2] c:\program files (x86)\asus\atkosd2\ATKOSD2.exe mRun: [setwallpaper] c:\programdata\SetWallpaper.cmd mRun: [Turbine Download Manager Tray Icon] "c:\program files (x86)\turbine\turbine download manager\TurbineDownloadManagerIcon.exe" mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [EEventManager] c:\progra~2\epsons~1\eventm~1\EEventManager.exe mRun: [FUFAXSTM] "c:\program files (x86)\epson software\fax utility\FUFAXSTM.exe" mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files (x86)\google\gmail notifier\gnotify.exe mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe" mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\roryha~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\autobahn.lnk - c:\users\rory harper\appdata\local\autobahn\autobahn.exe StartupFolder: c:\users\roryha~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\rory harper\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\roryha~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe StartupFolder: c:\users\roryha~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL Trusted Zone: cinemanow.com DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll BHO-X64: Windows Live Family Safety Browser Helper - No File TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe ================= FIREFOX =================== FF - ProfilePath - c:\users\roryha~1\appdata\roaming\mozilla\firefox\profiles\t0iv01rd.default\ FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\IPSFFPl.dll FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\rory harper\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\users\rory harper\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\users\rory harper\appdata\roaming\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\users\rory harper\appdata\roaming\mozilla\firefox\profiles\t0iv01rd.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\users\rory harper\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-6 69152] R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2008-1-2 24848] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904] R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-9-29 359552] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 27136] R2 ASMMAP64;ASMMAP64;c:\program files\atkgfnex\ASMMAP64.sys [2009-9-29 14904] R2 BBDemon;Backbone Service;c:\program files\gehry technologies\digital project v1,r4\dsb19\win_b64\code\bin\CATSysDemon.exe [2008-2-2 46592] R2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-11 127352] R2 FastBootAgent;FastBootAgent;c:\windows\syswow64\fast boot\FastBootAgent.exe [2009-9-29 306232] R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-3-9 14952] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352320] R2 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files (x86)\turbine\turbine download manager\TurbineMessageService.exe [2009-11-3 271856] R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-6-11 304464] R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016] R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-5-29 1153368] R3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [2010-4-8 14336] R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-9-29 60416] R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files (x86)\turbine\turbine download manager\TurbineNetworkService.exe [2009-11-3 218608] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-11 24664] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\drivers\NETw5s64.sys [2009-9-15 6952960] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-9-29 215040] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920] S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-3-26 136176] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-3-8 25832] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-12-8 1436424] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-30 61280] S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2009-5-13 5435904] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSG664.sys [2009-6-10 56832] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-9 1255736] ============== File Associations =============== .scr=AutoCADScriptFile .txt= =============== Created Last 30 ================ 2010-06-12 00:41:52 525824 ----a-w- c:\windows\dds.scr 2010-06-12 00:36:33 525824 ----a-w- c:\windows\dds 2010-06-11 22:26:20 0 d-----w- c:\users\roryha~1\appdata\roaming\Malwarebytes 2010-06-11 22:26:07 24664 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-11 22:26:07 0 d-----w- c:\programdata\Malwarebytes 2010-06-11 22:26:05 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-06-07 22:34:27 0 d-----w- c:\users\roryha~1\appdata\roaming\Guitar Pro 6 2010-06-07 22:34:27 0 d-----w- c:\programdata\Guitar Pro 6 2010-06-07 22:29:16 0 d-----w- c:\program files (x86)\Guitar Pro 6 2010-06-07 17:42:06 0 d-----w- c:\program files (x86)\common files\PX Storage Engine 2010-06-07 17:41:54 0 d-----w- c:\program files\DivX 2010-06-06 13:35:19 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-06-03 21:33:36 0 d-----w- c:\program files (x86)\common files\SupportSoft 2010-06-03 21:33:36 0 d-----w- c:\program files (x86)\ComcastUI 2010-05-30 18:10:50 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-05-30 13:34:55 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-05-30 13:27:31 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-05-30 13:27:26 0 d-----w- c:\programdata\Lavasoft 2010-05-30 13:27:26 0 d-----w- c:\program files (x86)\Lavasoft 2010-05-30 04:22:59 0 d-----w- c:\program files\Defraggler 2010-05-30 03:17:41 0 ----a-w- c:\windows\syswow64\w32apiw.dll 2010-05-30 03:17:39 0 d-----w- c:\users\roryha~1\appdata\roaming\nCleaner 2010-05-30 03:16:46 0 d-----w- c:\program files (x86)\NKProds 2010-05-30 00:07:49 0 d-----w- c:\programdata\Spybot - Search & Destroy 2010-05-30 00:07:49 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy 2010-05-28 08:25:57 2048 ----a-w- c:\windows\syswow64\tzres.dll 2010-05-28 08:25:57 2048 ----a-w- c:\windows\system32\tzres.dll 2010-05-22 12:38:35 411368 ----a-w- c:\windows\syswow64\deployJava1.dll 2010-05-22 12:38:35 153376 ----a-w- c:\windows\syswow64\javaws.exe 2010-05-22 12:38:35 145184 ----a-w- c:\windows\syswow64\javaw.exe 2010-05-22 12:38:35 145184 ----a-w- c:\windows\syswow64\java.exe 2010-05-21 23:59:33 0 d-----w- c:\programdata\Solidshield 2010-05-20 07:19:48 90112 ----a-w- c:\windows\unvise32.exe 2010-05-20 07:19:34 0 d-----w- c:\program files\SlikSvn 2010-05-20 07:02:07 0 d-----w- c:\users\roryha~1\appdata\roaming\Gehry Technologies 2010-05-20 06:51:37 0 d-----w- c:\programdata\Gehry Technologies 2010-05-20 06:51:34 0 d-----w- c:\users\roryha~1\appdata\roaming\DassaultSystemes 2010-05-20 06:51:34 0 d-----w- c:\programdata\DassaultSystemes 2010-05-20 06:47:14 0 d-----w- c:\program files\Gehry Technologies 2010-05-20 06:36:56 0 d-----w- C:\DPV1R4_GA+SP5 2010-05-17 20:23:52 0 d-----w- C:\Temp 2010-05-15 01:24:02 0 d-----w- c:\program files (x86)\common files\DivX Shared 2010-05-15 01:23:36 0 d-----w- c:\program files (x86)\DivX 2010-05-15 01:23:18 0 d-----w- c:\programdata\DivX ==================== Find3M ==================== 2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll 2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll 2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll 2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll 2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll 2010-05-20 07:00:11 49528 ----a-w- c:\windows\fonts\SymbC.ttf 2010-05-20 07:00:11 38464 ----a-w- c:\windows\fonts\SymbP.ttf 2010-05-20 07:00:11 32640 ----a-w- c:\windows\fonts\SymbM.ttf 2010-05-20 07:00:10 57168 ----a-w- c:\windows\fonts\CoureB.ttf 2010-05-20 07:00:10 54272 ----a-w- c:\windows\fonts\Coure.ttf 2010-05-20 07:00:10 52000 ----a-w- c:\windows\fonts\CoureBI.ttf 2010-05-20 07:00:10 51924 ----a-w- c:\windows\fonts\CoureI.ttf 2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll 2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll 2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll 2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll 2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys 2010-04-27 18:45:56 72856 ----a-w- c:\windows\syswow64\xliveinstallhost.exe 2010-04-27 18:45:56 187544 ----a-w- c:\windows\syswow64\xliveinstall.dll 2010-04-17 04:59:04 151552 ----a-w- c:\windows\syswow64\nvRegDev.dll 2010-04-08 17:33:00 95520 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 17:33:00 119584 ----a-w- c:\windows\system32\dns-sd.exe 2010-04-08 17:20:02 91424 ----a-w- c:\windows\syswow64\dnssd.dll 2010-04-08 17:20:02 107808 ----a-w- c:\windows\syswow64\dns-sd.exe 2010-04-06 18:06:38 72080 ----a-w- c:\users\rory harper\g2mdlhlpx.exe 2010-04-02 21:17:52 15426200 ----a-w- c:\windows\syswow64\xlive.dll 2010-04-02 21:17:52 13642904 ----a-w- c:\windows\syswow64\xlivefnt.dll 2010-04-01 18:06:09 45056 ----a-w- c:\windows\system32\acovcnt.exe 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-05-15 02:02:10 3392872 ----a-w- c:\program files (x86)\common files\adlmint_libFNP.dll 2009-05-15 02:02:10 3298152 ----a-w- c:\program files (x86)\common files\adlmint.dll 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-11-22 13:26:38 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2010-01-15 20:32:12 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat 2010-01-15 20:32:12 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat 2010-01-15 20:32:12 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat 2010-01-22 14:51:28 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2010-01-29 15:04:21 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 17:42:23.40 =============== Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.