Jump to content

Constant IP blocks


Recommended Posts

hey guys, I noticed a few others had similar issues and I was going to follow along until I also noticed that each thread is really for that one person's computer. So I figured I'd start another one.

First, I had a message appear on my windows desktop, not a window, just embedded in the background, "This copy of Windows is not Licensed... " or something to that order. Considering I bought this from bestbuy, anything can happened, but it does have the window's sticker if that means anything.

So I figured it was probably malware i got through p2p files. I scanned with Norton and nothing came up and then I downloaded MBAM and still nothing came up, but then with the MBAM pro, I began to get all the IP blocked messages. So, that led to me to do some searching and led me back here to this forum.

Hopefully this can be resolved, or at least figure out if I still have (and can get rid of) any malware still on my PC.

I really appreciate what you guys are doing here and the time you put in. Thanks for any help.

So I followed, "I'm infected, what do I do now?" section, and hopefully got everything right.

Here it goes.

DDS (Ver_10-03-17.01) - NTFSX64

Run by Rory Harper at 17:42:00.54 on Fri 06/11/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.1510 [GMT -7:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Gehry Technologies\Digital Project V1,R4\DSB19\win_b64\code\bin\CATSysDemon.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe

C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe

C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\System32\spool\drivers\x64\3\E_IATIFHA.EXE

C:\Users\Rory Harper\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Users\Rory Harper\AppData\Local\Autobahn\autobahn.exe

C:\Users\Rory Harper\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\MagicDisc\MagicDisc.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rory Harper\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\conhost.exe

C:\Windows\regedit.exe

C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://floridastate.rivals.com/

uDefault_Page_URL = hxxp://asus.msn.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\syswow64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files (x86)\common files\doubletwist\IEPodcastPlugin.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [Google Update] "c:\users\rory harper\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [steam] "c:\program files (x86)\steam\Steam.exe" -silent

uRun: [EasyTether] "c:\program files (x86)\mobile stream\easytether\easytthr.exe"

uRun: [spybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe

uRun: [EPSON WorkForce 310 Series] c:\windows\system32\spool\drivers\x64\3\e_iatifha.exe /fu "c:\users\roryha~1\appdata\local\temp\E_S2689.tmp" /EF "HKCU"

uRun: [Desktop Software] "c:\program files (x86)\common files\supportsoft\bin\bcont.exe" /ini "c:\program files (x86)\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden

uRun: [AdobeBridge]

mRun: [updateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [updateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [HControlUser] c:\program files (x86)\asus\atk hotkey\HControlUser.exe

mRun: [ATKMEDIA] c:\program files (x86)\asus\atk media\DMedia.exe

mRun: [ATKOSD2] c:\program files (x86)\asus\atkosd2\ATKOSD2.exe

mRun: [setwallpaper] c:\programdata\SetWallpaper.cmd

mRun: [Turbine Download Manager Tray Icon] "c:\program files (x86)\turbine\turbine download manager\TurbineDownloadManagerIcon.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [EEventManager] c:\progra~2\epsons~1\eventm~1\EEventManager.exe

mRun: [FUFAXSTM] "c:\program files (x86)\epson software\fax utility\FUFAXSTM.exe"

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime

mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files (x86)\google\gmail notifier\gnotify.exe

mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"

mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\roryha~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\autobahn.lnk - c:\users\rory harper\appdata\local\autobahn\autobahn.exe

StartupFolder: c:\users\roryha~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\rory harper\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\roryha~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe

StartupFolder: c:\users\roryha~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL

Trusted Zone: cinemanow.com

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll

BHO-X64: Windows Live Family Safety Browser Helper - No File

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\roryha~1\appdata\roaming\mozilla\firefox\profiles\t0iv01rd.default\

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll

FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\rory harper\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\users\rory harper\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\users\rory harper\appdata\roaming\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\users\rory harper\appdata\roaming\mozilla\firefox\profiles\t0iv01rd.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\users\rory harper\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-6 69152]

R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2008-1-2 24848]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-9-29 359552]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 27136]

R2 ASMMAP64;ASMMAP64;c:\program files\atkgfnex\ASMMAP64.sys [2009-9-29 14904]

R2 BBDemon;Backbone Service;c:\program files\gehry technologies\digital project v1,r4\dsb19\win_b64\code\bin\CATSysDemon.exe [2008-2-2 46592]

R2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-11 127352]

R2 FastBootAgent;FastBootAgent;c:\windows\syswow64\fast boot\FastBootAgent.exe [2009-9-29 306232]

R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-3-9 14952]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352320]

R2 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files (x86)\turbine\turbine download manager\TurbineMessageService.exe [2009-11-3 271856]

R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-6-11 304464]

R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-5-29 1153368]

R3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [2010-4-8 14336]

R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-9-29 60416]

R3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files (x86)\turbine\turbine download manager\TurbineNetworkService.exe [2009-11-3 218608]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-11 24664]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\drivers\NETw5s64.sys [2009-9-15 6952960]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-9-29 215040]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]

S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-3-26 136176]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-3-8 25832]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-12-8 1436424]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-30 61280]

S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2009-5-13 5435904]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSG664.sys [2009-6-10 56832]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-9 1255736]

============== File Associations ===============

.scr=AutoCADScriptFile

.txt=

=============== Created Last 30 ================

2010-06-12 00:41:52 525824 ----a-w- c:\windows\dds.scr

2010-06-12 00:36:33 525824 ----a-w- c:\windows\dds

2010-06-11 22:26:20 0 d-----w- c:\users\roryha~1\appdata\roaming\Malwarebytes

2010-06-11 22:26:07 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-11 22:26:07 0 d-----w- c:\programdata\Malwarebytes

2010-06-11 22:26:05 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-06-07 22:34:27 0 d-----w- c:\users\roryha~1\appdata\roaming\Guitar Pro 6

2010-06-07 22:34:27 0 d-----w- c:\programdata\Guitar Pro 6

2010-06-07 22:29:16 0 d-----w- c:\program files (x86)\Guitar Pro 6

2010-06-07 17:42:06 0 d-----w- c:\program files (x86)\common files\PX Storage Engine

2010-06-07 17:41:54 0 d-----w- c:\program files\DivX

2010-06-06 13:35:19 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-06-03 21:33:36 0 d-----w- c:\program files (x86)\common files\SupportSoft

2010-06-03 21:33:36 0 d-----w- c:\program files (x86)\ComcastUI

2010-05-30 18:10:50 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-05-30 13:34:55 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-05-30 13:27:31 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-05-30 13:27:26 0 d-----w- c:\programdata\Lavasoft

2010-05-30 13:27:26 0 d-----w- c:\program files (x86)\Lavasoft

2010-05-30 04:22:59 0 d-----w- c:\program files\Defraggler

2010-05-30 03:17:41 0 ----a-w- c:\windows\syswow64\w32apiw.dll

2010-05-30 03:17:39 0 d-----w- c:\users\roryha~1\appdata\roaming\nCleaner

2010-05-30 03:16:46 0 d-----w- c:\program files (x86)\NKProds

2010-05-30 00:07:49 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-05-30 00:07:49 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy

2010-05-28 08:25:57 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-05-28 08:25:57 2048 ----a-w- c:\windows\system32\tzres.dll

2010-05-22 12:38:35 411368 ----a-w- c:\windows\syswow64\deployJava1.dll

2010-05-22 12:38:35 153376 ----a-w- c:\windows\syswow64\javaws.exe

2010-05-22 12:38:35 145184 ----a-w- c:\windows\syswow64\javaw.exe

2010-05-22 12:38:35 145184 ----a-w- c:\windows\syswow64\java.exe

2010-05-21 23:59:33 0 d-----w- c:\programdata\Solidshield

2010-05-20 07:19:48 90112 ----a-w- c:\windows\unvise32.exe

2010-05-20 07:19:34 0 d-----w- c:\program files\SlikSvn

2010-05-20 07:02:07 0 d-----w- c:\users\roryha~1\appdata\roaming\Gehry Technologies

2010-05-20 06:51:37 0 d-----w- c:\programdata\Gehry Technologies

2010-05-20 06:51:34 0 d-----w- c:\users\roryha~1\appdata\roaming\DassaultSystemes

2010-05-20 06:51:34 0 d-----w- c:\programdata\DassaultSystemes

2010-05-20 06:47:14 0 d-----w- c:\program files\Gehry Technologies

2010-05-20 06:36:56 0 d-----w- C:\DPV1R4_GA+SP5

2010-05-17 20:23:52 0 d-----w- C:\Temp

2010-05-15 01:24:02 0 d-----w- c:\program files (x86)\common files\DivX Shared

2010-05-15 01:23:36 0 d-----w- c:\program files (x86)\DivX

2010-05-15 01:23:18 0 d-----w- c:\programdata\DivX

==================== Find3M ====================

2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll

2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll

2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll

2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-05-20 07:00:11 49528 ----a-w- c:\windows\fonts\SymbC.ttf

2010-05-20 07:00:11 38464 ----a-w- c:\windows\fonts\SymbP.ttf

2010-05-20 07:00:11 32640 ----a-w- c:\windows\fonts\SymbM.ttf

2010-05-20 07:00:10 57168 ----a-w- c:\windows\fonts\CoureB.ttf

2010-05-20 07:00:10 54272 ----a-w- c:\windows\fonts\Coure.ttf

2010-05-20 07:00:10 52000 ----a-w- c:\windows\fonts\CoureBI.ttf

2010-05-20 07:00:10 51924 ----a-w- c:\windows\fonts\CoureI.ttf

2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll

2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll

2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys

2010-04-27 18:45:56 72856 ----a-w- c:\windows\syswow64\xliveinstallhost.exe

2010-04-27 18:45:56 187544 ----a-w- c:\windows\syswow64\xliveinstall.dll

2010-04-17 04:59:04 151552 ----a-w- c:\windows\syswow64\nvRegDev.dll

2010-04-08 17:33:00 95520 ----a-w- c:\windows\system32\dnssd.dll

2010-04-08 17:33:00 119584 ----a-w- c:\windows\system32\dns-sd.exe

2010-04-08 17:20:02 91424 ----a-w- c:\windows\syswow64\dnssd.dll

2010-04-08 17:20:02 107808 ----a-w- c:\windows\syswow64\dns-sd.exe

2010-04-06 18:06:38 72080 ----a-w- c:\users\rory harper\g2mdlhlpx.exe

2010-04-02 21:17:52 15426200 ----a-w- c:\windows\syswow64\xlive.dll

2010-04-02 21:17:52 13642904 ----a-w- c:\windows\syswow64\xlivefnt.dll

2010-04-01 18:06:09 45056 ----a-w- c:\windows\system32\acovcnt.exe

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-05-15 02:02:10 3392872 ----a-w- c:\program files (x86)\common files\adlmint_libFNP.dll

2009-05-15 02:02:10 3298152 ----a-w- c:\program files (x86)\common files\adlmint.dll

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-11-22 13:26:38 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2010-01-15 20:32:12 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat

2010-01-15 20:32:12 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat

2010-01-15 20:32:12 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat

2010-01-22 14:51:28 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2010-01-29 15:04:21 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:42:23.40 ===============

Attach.zip

Link to post
Share on other sites

Hello ,

And :angry: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)

Link to post
Share on other sites

Hello ,

And :angry: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)

</b>Here is the OTList</b>

OTL logfile created on: 6/12/2010 12:29:13 PM - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Rory Harper\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 41.00% Memory free

8.00 Gb Paging File | 5.00 Gb Available in Paging File | 64.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 283.44 Gb Total Space | 24.87 Gb Free Space | 8.77% Space Free | Partition Type: NTFS

Drive D: | 8.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Unable to calculate disk information.

F: Drive not present or media not loaded

Drive G: | 3.72 Gb Total Space | 1.30 Gb Free Space | 34.88% Space Free | Partition Type: FAT32

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: REDKINGIV

Current User Name: Rory Harper

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/12 12:28:50 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Rory Harper\Desktop\OTL.exe

PRC - [2010/06/10 07:42:46 | 000,395,048 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2010/06/06 06:34:26 | 001,352,320 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2010/06/06 06:34:26 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2010/06/02 17:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/06/02 12:28:43 | 000,218,608 | ---- | M] (Turbine, Inc.) -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe

PRC - [2010/06/02 12:28:12 | 000,472,568 | ---- | M] (Turbine, Inc.) -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe

PRC - [2010/06/02 12:27:27 | 000,271,856 | ---- | M] (Turbine, Inc.) -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe

PRC - [2010/06/01 22:57:48 | 000,945,648 | ---- | M] (Google Inc.) -- C:\Users\Rory Harper\AppData\Local\Google\Chrome\Application\chrome.exe

PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2010/05/12 05:58:40 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/04/19 11:44:56 | 000,083,440 | ---- | M] (Google) -- C:\Users\Rory Harper\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

PRC - [2010/04/16 05:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/04/04 11:33:34 | 000,040,448 | ---- | M] (Mobile Stream) -- C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe

PRC - [2010/03/20 19:49:45 | 000,654,648 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\bittorrent.exe

PRC - [2010/03/18 11:24:26 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Rory Harper\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe

PRC - [2010/02/25 22:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Rory Harper\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe

PRC - [2009/09/29 17:29:03 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe

PRC - [2009/09/17 12:32:28 | 000,711,384 | ---- | M] () -- C:\Users\Rory Harper\AppData\Local\Autobahn\autobahn.exe

PRC - [2009/08/19 08:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

PRC - [2009/08/19 08:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

PRC - [2009/07/24 10:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

PRC - [2009/07/23 17:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe

PRC - [2009/07/22 17:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

PRC - [2009/07/16 10:07:54 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

PRC - [2009/07/07 11:20:56 | 008,493,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

PRC - [2009/06/24 12:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe

PRC - [2009/06/11 15:13:40 | 000,158,584 | ---- | M] () -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe

PRC - [2009/06/11 15:13:40 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe

PRC - [2009/06/11 15:13:30 | 002,088,296 | ---- | M] (CinemaNow Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe

PRC - [2009/05/18 15:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

PRC - [2009/04/20 11:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

PRC - [2009/03/12 14:39:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe

PRC - [2009/03/05 13:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/02/23 17:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe

PRC - [2009/02/05 22:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

PRC - [2009/01/26 12:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2009/01/12 07:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

PRC - [2008/08/13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe

PRC - [2008/07/18 19:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2008/03/31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

PRC - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

PRC - [2006/12/01 18:35:40 | 000,139,268 | ---- | M] () -- C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe

PRC - [2005/07/15 14:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

========== Modules (SafeList) ==========

MOD - [2010/06/12 12:28:50 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Rory Harper\Desktop\OTL.exe

MOD - [2009/07/13 18:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll

MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/01 12:40:48 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2010/03/09 05:18:24 | 001,255,736 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV:64bit: - [2009/09/15 13:21:58 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)

SRV:64bit: - [2009/07/13 18:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)

SRV:64bit: - [2009/07/13 18:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)

SRV:64bit: - [2009/07/13 18:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)

SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)

SRV:64bit: - [2009/07/13 18:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)

SRV:64bit: - [2009/07/13 18:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)

SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)

SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)

SRV:64bit: - [2009/07/13 18:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)

SRV:64bit: - [2009/07/13 18:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)

SRV:64bit: - [2009/07/13 18:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 18:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)

SRV:64bit: - [2009/07/13 18:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)

SRV:64bit: - [2009/07/13 18:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)

SRV:64bit: - [2009/07/13 18:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)

SRV:64bit: - [2009/07/13 18:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)

SRV:64bit: - [2009/07/13 18:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)

SRV:64bit: - [2009/07/13 18:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)

SRV:64bit: - [2009/07/13 18:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)

SRV:64bit: - [2009/07/13 18:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)

SRV:64bit: - [2009/07/13 18:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)

SRV:64bit: - [2009/07/13 18:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)

SRV:64bit: - [2009/03/12 14:39:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe -- (mi-raysat_3dsmax2010_64)

SRV:64bit: - [2008/02/02 04:33:16 | 000,046,592 | ---- | M] (Dassault Systemes) [Auto | Running] -- C:\Program Files\Gehry Technologies\Digital Project V1,R4\DSB19\win_b64\code\bin\CATSysDemon.exe -- (BBDemon)

SRV:64bit: - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2010/06/10 07:42:46 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/06/06 06:34:26 | 001,352,320 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/06/02 12:28:43 | 000,218,608 | ---- | M] (Turbine, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService)

SRV - [2010/06/02 12:27:27 | 000,271,856 | ---- | M] (Turbine, Inc.) [Auto | Running] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService)

SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2010/05/04 16:52:07 | 002,478,640 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\rswin_3697.dll -- (Akamai)

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/04/16 05:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/03/08 14:49:39 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)

SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)

SRV - [2010/01/29 15:50:50 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/11/06 07:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2009/10/20 11:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2009/08/05 19:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2009/07/23 17:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe -- (FastBootAgent)

SRV - [2009/07/13 20:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)

SRV - [2009/07/13 20:20:14 | 000,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)

SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/13 13:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)

SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2009/06/11 15:13:40 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)

SRV - [2009/06/10 13:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

SRV - [2009/01/26 12:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008/06/13 02:05:48 | 001,539,224 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)

SRV - [2008/03/31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

SRV - [2007/12/16 21:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)

SRV - [2007/01/10 21:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

SRV - [2006/12/01 18:35:40 | 000,139,268 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe -- (DCPFLICS)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/11 17:54:00 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2010/06/06 06:34:29 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)

DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2010/04/28 22:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys -- (SymIRON)

DRV:64bit: - [2010/04/21 20:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys -- (SymEFA)

DRV:64bit: - [2010/04/21 19:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2010/03/13 03:56:40 | 000,014,336 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)

DRV:64bit: - [2010/03/09 21:00:06 | 000,014,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\iPodDrv.sys -- (iPodDrv)

DRV:64bit: - [2010/02/26 19:23:21 | 000,505,392 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2010/02/25 17:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys -- (ccHP)

DRV:64bit: - [2010/02/03 18:40:52 | 000,451,120 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symtdiv.sys -- (SYMTDIV)

DRV:64bit: - [2010/02/03 18:40:47 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys -- (SymDS)

DRV:64bit: - [2009/12/11 03:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)

DRV:64bit: - [2009/10/20 11:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2009/09/29 17:26:11 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)

DRV:64bit: - [2009/09/25 23:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)

DRV:64bit: - [2009/09/15 17:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®

DRV:64bit: - [2009/08/28 17:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2009/08/13 19:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/08/05 20:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2009/07/20 02:48:31 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/07/20 02:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)

DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)

DRV:64bit: - [2009/07/13 18:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)

DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 18:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)

DRV:64bit: - [2009/07/13 18:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)

DRV:64bit: - [2009/07/13 18:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)

DRV:64bit: - [2009/07/13 18:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)

DRV:64bit: - [2009/07/13 18:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)

DRV:64bit: - [2009/07/13 17:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)

DRV:64bit: - [2009/07/13 17:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV:64bit: - [2009/07/13 17:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV:64bit: - [2009/07/13 17:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)

DRV:64bit: - [2009/07/13 17:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)

DRV:64bit: - [2009/07/13 17:07:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifimp.sys -- (vwifimp)

DRV:64bit: - [2009/07/13 17:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)

DRV:64bit: - [2009/07/13 17:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)

DRV:64bit: - [2009/07/13 17:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)

DRV:64bit: - [2009/07/13 17:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)

DRV:64bit: - [2009/07/13 17:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)

DRV:64bit: - [2009/07/13 17:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)

DRV:64bit: - [2009/07/13 17:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV:64bit: - [2009/07/13 17:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)

DRV:64bit: - [2009/07/13 17:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV:64bit: - [2009/07/13 17:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)

DRV:64bit: - [2009/07/13 17:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)

DRV:64bit: - [2009/07/13 17:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)

DRV:64bit: - [2009/07/13 17:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)

DRV:64bit: - [2009/07/13 16:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)

DRV:64bit: - [2009/07/13 16:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)

DRV:64bit: - [2009/07/13 16:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)

DRV:64bit: - [2009/07/13 16:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009/07/13 16:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)

DRV:64bit: - [2009/07/13 16:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)

DRV:64bit: - [2009/07/13 16:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)

DRV:64bit: - [2009/07/13 16:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)

DRV:64bit: - [2009/06/25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)

DRV:64bit: - [2009/06/25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)

DRV:64bit: - [2009/06/25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)

DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/06/10 13:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 03:54:35 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/05/22 07:52:29 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/05/20 01:11:05 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/13 17:51:39 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel®

DRV:64bit: - [2009/05/12 18:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)

DRV:64bit: - [2009/04/29 14:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV:64bit: - [2009/03/09 16:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)

DRV:64bit: - [2009/02/24 16:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)

DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)

DRV:64bit: - [2008/05/23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV:64bit: - [2008/01/02 00:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver)

DRV:64bit: - [2007/07/24 11:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

DRV - [2010/06/11 01:00:00 | 001,773,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100612.003\EX64.SYS -- (NAVEX15)

DRV - [2010/06/11 01:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2010/06/11 01:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100612.003\ENG64.SYS -- (NAVENG)

DRV - [2010/05/28 12:33:18 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100604.004\IDSviA64.sys -- (IDSVia64)

DRV - [2010/04/29 10:44:04 | 000,678,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100429.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/13 18:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)

DRV - [2009/07/13 18:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)

DRV - [2009/06/10 14:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)

DRV - [2009/06/10 14:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)

DRV - [2009/02/24 16:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

DRV - [2008/09/05 18:05:40 | 000,614,400 | ---- | M] (Autodesk, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Autodesk\Backburner\monitor.exe -- (monitor)

DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\adfs.sys -- (adfs)

DRV - [2006/05/18 20:39:57 | 000,015,497 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\snp2uvc.ini -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com

IE - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://floridastate.rivals.com/

IE - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1

FF - prefs.js..extensions.enabledItems: 6

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: 49

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.5

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/09 21:00:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\ [2010/06/11 19:22:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn\ [2010/06/11 17:54:54 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/05 07:42:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/22 05:38:35 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/05/09 12:15:54 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/05/14 18:24:24 | 000,000,000 | ---D | M]

[2009/11/10 17:43:49 | 000,000,000 | ---D | M] -- C:\Users\Rory Harper\AppData\Roaming\Mozilla\Extensions

[2010/01/07 15:25:57 | 000,000,000 | ---D | M] -- C:\Users\Rory Harper\AppData\Roaming\Mozilla\Firefox\Profiles\t0iv01rd.default\extensions

[2009/11/12 16:48:40 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Rory Harper\AppData\Roaming\Mozilla\Firefox\Profiles\t0iv01rd.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010/05/22 05:38:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/05/22 05:38:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/05/22 05:38:15 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/06 20:23:47 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd File not found

O4 - HKLM..\Run: [Turbine Download Manager Tray Icon] C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe (Turbine, Inc.)

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000..\Run: [AdobeBridge] File not found

O4 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)

O4 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000..\Run: [EasyTether] C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)

O4 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000..\Run: [EPSON WorkForce 310 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIFHA.EXE File not found

O4 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - Startup: C:\Users\Rory Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autobahn.lnk = C:\Users\Rory Harper\AppData\Local\Autobahn\autobahn.exe ()

O4 - Startup: C:\Users\Rory Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rory Harper\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

O4 - Startup: C:\Users\Rory Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

O4 - Startup: C:\Users\Rory Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O4 - Startup: C:\Users\Rory Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O7 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\..Trusted Domains: cinemanow.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-2399041059-1940010937-2689063756-1000\..Trusted Domains: cinemanow.com ([]https in Trusted sites)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/05/11 14:21:16 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2008/10/20 18:08:11 | 000,000,049 | R--- | M] () - D:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{9d06a055-082c-11df-a1b3-84379de8e149}\Shell - "" = AutoRun

O33 - MountPoints2\{9d06a055-082c-11df-a1b3-84379de8e149}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/12 12:28:50 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Rory Harper\Desktop\OTL.exe

[2010/06/11 20:43:08 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys

[2010/06/11 20:43:08 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys

[2010/06/11 20:43:08 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys

[2010/06/11 20:43:08 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys

[2010/06/11 20:43:07 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys

[2010/06/11 20:43:07 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys

[2010/06/11 20:43:07 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys

[2010/06/11 20:42:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C

[2010/06/11 18:44:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/06/11 18:18:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2010/06/11 18:07:08 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Roaming\Wireshark

[2010/06/11 18:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap

[2010/06/11 18:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark

[2010/06/11 17:54:07 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2010/06/11 17:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2010/06/11 17:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2010/06/11 17:53:50 | 000,615,040 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.sys

[2010/06/11 17:53:50 | 000,505,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.sys

[2010/06/11 17:53:50 | 000,451,120 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symtdiv.sys

[2010/06/11 17:53:50 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SymDS64.sys

[2010/06/11 17:53:50 | 000,221,232 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SymEFA64.sys

[2010/06/11 17:53:50 | 000,149,552 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Ironx64.sys

[2010/06/11 17:53:50 | 000,032,304 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.sys

[2010/06/11 17:53:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64

[2010/06/11 17:53:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1106000.020

[2010/06/11 17:53:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security

[2010/06/11 15:26:20 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Roaming\Malwarebytes

[2010/06/11 15:26:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/06/11 15:26:07 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/06/11 15:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/06/11 15:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/06/10 17:15:11 | 000,000,000 | R--D | C] -- C:\Users\Rory Harper\Documents\Scanned Documents

[2010/06/10 17:15:10 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\Documents\Fax

[2010/06/09 10:16:47 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\Desktop\New folder (2)

[2010/06/09 04:29:15 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll

[2010/06/09 04:29:15 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll

[2010/06/09 04:29:14 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2010/06/09 04:29:14 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2010/06/09 04:29:14 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2010/06/09 04:29:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2010/06/09 04:29:07 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll

[2010/06/09 04:29:07 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll

[2010/06/09 04:29:07 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll

[2010/06/09 04:29:06 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll

[2010/06/09 04:29:06 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll

[2010/06/09 04:29:06 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll

[2010/06/09 04:29:06 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll

[2010/06/09 04:29:06 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll

[2010/06/09 04:29:06 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll

[2010/06/09 04:29:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll

[2010/06/07 15:34:27 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Roaming\Guitar Pro 6

[2010/06/07 15:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6

[2010/06/07 15:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guitar Pro 6

[2010/06/07 13:08:33 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\Desktop\optima fonts

[2010/06/07 10:42:24 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Roaming\DivX

[2010/06/07 10:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine

[2010/06/07 10:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[2010/06/06 06:35:19 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys

[2010/06/03 14:35:57 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Local\SupportSoft

[2010/06/03 14:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SupportSoft

[2010/06/03 14:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ComcastUI

[2010/05/30 06:34:55 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2010/05/30 06:27:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

[2010/05/30 06:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2010/05/30 06:27:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft

[2010/05/29 21:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler

[2010/05/29 20:17:39 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Roaming\nCleaner

[2010/05/29 20:16:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NKProds

[2010/05/29 17:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010/05/29 17:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2010/05/23 05:46:43 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\Documents\Subscriptions

[2010/05/22 05:38:35 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2010/05/22 05:38:35 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2010/05/22 05:38:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2010/05/22 05:38:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2010/05/21 17:24:41 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\Documents\Dawn of Discovery Venice

[2010/05/21 16:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield

[2010/05/20 00:19:48 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe

[2010/05/20 00:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\SlikSvn

[2010/05/20 00:02:07 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Roaming\Gehry Technologies

[2010/05/20 00:02:07 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Local\Gehry Technologies

[2010/05/19 23:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Gehry Technologies

[2010/05/19 23:51:34 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Roaming\DassaultSystemes

[2010/05/19 23:51:34 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Local\DassaultSystemes

[2010/05/19 23:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes

[2010/05/19 23:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Gehry Technologies

[2010/05/19 23:36:56 | 000,000,000 | ---D | C] -- C:\DPV1R4_GA+SP5

[2010/05/19 21:01:28 | 000,000,000 | ---D | C] -- C:\Users\Rory Harper\AppData\Roaming\FileZilla

[2010/05/19 21:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client

[2010/05/17 13:23:52 | 000,000,000 | ---D | C] -- C:\Temp

[2010/05/14 18:24:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared

[2010/05/14 18:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX

[2010/05/14 18:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

========== Files - Modified Within 30 Days ==========

[2010/06/12 12:31:42 | 005,505,024 | -HS- | M] () -- C:\Users\Rory Harper\NTUSER.DAT

[2010/06/12 12:29:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2399041059-1940010937-2689063756-1000UA.job

[2010/06/12 12:28:50 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Rory Harper\Desktop\OTL.exe

[2010/06/12 12:22:21 | 000,727,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/06/12 12:22:21 | 000,624,128 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/06/12 12:22:21 | 000,107,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/06/12 12:19:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/12 09:17:15 | 001,136,744 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Cat.DB

[2010/06/11 19:28:19 | 000,000,943 | ---- | M] () -- C:\Users\Rory Harper\Desktop\MBAMlog.csv

[2010/06/11 19:26:41 | 000,004,706 | ---- | M] () -- C:\Users\Rory Harper\Desktop\Attach.zip

[2010/06/11 18:19:03 | 000,001,110 | ---- | M] () -- C:\Users\Rory Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2010/06/11 18:18:47 | 000,000,930 | ---- | M] () -- C:\Users\Rory Harper\Desktop\NTREGOPT.lnk

[2010/06/11 18:18:47 | 000,000,911 | ---- | M] () -- C:\Users\Rory Harper\Desktop\ERUNT.lnk

[2010/06/11 17:54:00 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2010/06/11 17:54:00 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2010/06/11 17:54:00 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2010/06/11 17:53:55 | 000,002,567 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2010/06/11 17:53:27 | 000,001,302 | ---- | M] () -- C:\Users\Rory Harper\Desktop\Norton Installation Files.lnk

[2010/06/11 17:26:50 | 000,525,824 | ---- | M] () -- C:\Windows\dds.scr

[2010/06/11 17:26:50 | 000,525,824 | ---- | M] () -- C:\Users\Rory Harper\Desktop\dds.scr

[2010/06/11 17:26:50 | 000,525,824 | ---- | M] () -- C:\Windows\dds

[2010/06/11 17:20:26 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/06/11 17:20:26 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/06/11 17:17:25 | 000,002,228 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini

[2010/06/11 17:17:25 | 000,001,903 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini

[2010/06/11 17:14:37 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/11 17:13:18 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2010/06/11 17:13:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/06/11 17:12:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/06/11 17:12:55 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/11 17:12:08 | 004,304,409 | -H-- | M] () -- C:\Users\Rory Harper\AppData\Local\IconCache.db

[2010/06/11 16:44:46 | 000,000,272 | ---- | M] () -- C:\Users\Rory Harper\Documents\norton case file.rtf

[2010/06/11 14:43:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2399041059-1940010937-2689063756-1000Core.job

[2010/06/11 08:47:27 | 000,127,848 | ---- | M] () -- C:\Users\Rory Harper\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/06/11 08:39:08 | 003,410,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/06/10 20:13:00 | 000,000,510 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Rory Harper.job

[2010/06/09 15:30:39 | 000,002,436 | ---- | M] () -- C:\Users\Rory Harper\Desktop\Google Chrome.lnk

[2010/06/09 10:14:57 | 004,364,649 | ---- | M] () -- C:\Users\Rory Harper\Desktop\harper_rory_portfolio.pdf

[2010/06/07 13:28:32 | 001,317,091 | ---- | M] () -- C:\Users\Rory Harper\Desktop\urbandesign.pdf

[2010/06/07 10:42:51 | 000,001,624 | ---- | M] () -- C:\Users\Rory Harper\Desktop\DivX Movies.lnk

[2010/06/07 10:42:17 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2010/06/07 10:41:50 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk

[2010/06/06 06:34:29 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys

[2010/06/03 20:55:08 | 001,684,928 | ---- | M] () -- C:\Users\Rory Harper\Documents\DEMONFORD.tif

[2010/06/03 20:54:29 | 002,976,281 | ---- | M] () -- C:\Users\Rory Harper\Documents\DEMONFORD.pdf

[2010/06/03 14:35:58 | 000,000,203 | ---- | M] () -- C:\Users\Rory Harper\Desktop\Comcast Security.url

[2010/06/03 14:35:57 | 000,000,209 | ---- | M] () -- C:\Users\Rory Harper\Desktop\Comcast Email.url

[2010/06/03 14:33:38 | 000,002,296 | ---- | M] () -- C:\Users\Public\Desktop\Comcast Desktop Software.lnk

[2010/05/30 06:34:52 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2010/05/30 06:34:11 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe

[2010/05/30 06:27:30 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2010/05/29 21:42:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\w32apiw.dll

[2010/05/27 00:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2010/05/26 23:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2010/05/26 21:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2010/05/26 20:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2010/05/22 05:38:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2010/05/22 05:38:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2010/05/22 05:38:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2010/05/22 05:38:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2010/05/20 22:52:30 | 001,192,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll

[2010/05/20 22:47:27 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll

[2010/05/20 22:18:06 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll

[2010/05/20 22:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll

[2010/05/20 00:18:51 | 000,002,363 | ---- | M] () -- C:\Users\Public\Desktop\Digital Project V1,R4 (64-bit) License Administrator .lnk

[2010/05/20 00:18:50 | 000,002,363 | ---- | M] () -- C:\Users\Public\Desktop\Digital Project V1,R4 (64-bit).lnk

[2010/05/18 19:54:58 | 002,789,376 | ---- | M] () -- C:\Users\Rory Harper\Desktop\portfolio.indd

[2010/05/18 19:52:48 | 034,097,731 | ---- | M] () -- C:\Users\Rory Harper\Desktop\Harper_Rory_ Porfolio.zip

[2010/05/18 19:50:32 | 034,299,476 | ---- | M] () -- C:\Users\Rory Harper\Desktop\Harper, Rory_ Porfolio.zip

[2010/05/18 18:07:11 | 002,758,604 | ---- | M] () -- C:\Users\Rory Harper\Desktop\portfolio.xfl

[2010/05/13 23:32:01 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\isolate.ini

========== Files Created - No Company Name ==========

[2010/06/11 20:43:08 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.cat

[2010/06/11 20:43:08 | 000,007,787 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnetv64.cat

[2010/06/11 20:43:08 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.cat

[2010/06/11 20:43:08 | 000,007,368 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnet64.cat

[2010/06/11 20:43:08 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa.inf

[2010/06/11 20:43:08 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds.inf

[2010/06/11 20:43:08 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnetv.inf

[2010/06/11 20:43:08 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnet.inf

[2010/06/11 20:43:08 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.inf

[2010/06/11 20:43:07 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.cat

[2010/06/11 20:43:07 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.cat

[2010/06/11 20:43:07 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\iron.cat

[2010/06/11 20:43:07 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.cat

[2010/06/11 20:43:07 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.inf

[2010/06/11 20:43:07 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.inf

[2010/06/11 20:43:07 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\iron.inf

[2010/06/11 20:42:48 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\isolate.ini

[2010/06/11 19:28:16 | 000,000,943 | ---- | C] () -- C:\Users\Rory Harper\Desktop\MBAMlog.csv

[2010/06/11 19:26:40 | 000,004,706 | ---- | C] () -- C:\Users\Rory Harper\Desktop\Attach.zip

[2010/06/11 18:19:03 | 000,001,110 | ---- | C] () -- C:\Users\Rory Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2010/06/11 18:18:47 | 000,000,930 | ---- | C] () -- C:\Users\Rory Harper\Desktop\NTREGOPT.lnk

[2010/06/11 18:18:47 | 000,000,911 | ---- | C] () -- C:\Users\Rory Harper\Desktop\ERUNT.lnk

[2010/06/11 17:54:21 | 001,136,744 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Cat.DB

[2010/06/11 17:54:07 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2010/06/11 17:54:07 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2010/06/11 17:53:55 | 000,002,567 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2010/06/11 17:53:44 | 000,003,374 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SymEFA.inf

[2010/06/11 17:53:44 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SymDS.inf

[2010/06/11 17:53:44 | 000,001,838 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\ccHPx64.inf

[2010/06/11 17:53:44 | 000,001,473 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SymNetV.inf

[2010/06/11 17:53:44 | 000,001,445 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SymNet.inf

[2010/06/11 17:53:44 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.inf

[2010/06/11 17:53:44 | 000,001,421 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.inf

[2010/06/11 17:53:44 | 000,000,771 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Iron.inf

[2010/06/11 17:53:43 | 000,007,787 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symnetv64.cat

[2010/06/11 17:53:43 | 000,007,414 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.cat

[2010/06/11 17:53:43 | 000,007,412 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SymEFA64.cat

[2010/06/11 17:53:43 | 000,007,410 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.cat

[2010/06/11 17:53:43 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\SymDS64.cat

[2010/06/11 17:53:43 | 000,007,402 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\iron.cat

[2010/06/11 17:53:43 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symnet64.cat

[2010/06/11 17:53:43 | 000,007,358 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.cat

[2010/06/11 17:53:43 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\isolate.ini

[2010/06/11 17:41:52 | 000,525,824 | ---- | C] () -- C:\Windows\dds.scr

[2010/06/11 17:36:33 | 000,525,824 | ---- | C] () -- C:\Windows\dds

[2010/06/11 17:26:50 | 000,525,824 | ---- | C] () -- C:\Users\Rory Harper\Desktop\dds.scr

[2010/06/11 16:54:38 | 000,001,302 | ---- | C] () -- C:\Users\Rory Harper\Desktop\Norton Installation Files.lnk

[2010/06/11 16:44:46 | 000,000,272 | ---- | C] () -- C:\Users\Rory Harper\Documents\norton case file.rtf

[2010/06/09 10:11:36 | 004,364,649 | ---- | C] () -- C:\Users\Rory Harper\Desktop\harper_rory_portfolio.pdf

[2010/06/07 13:28:32 | 001,317,091 | ---- | C] () -- C:\Users\Rory Harper\Desktop\urbandesign.pdf

[2010/06/07 10:42:17 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2010/06/07 10:41:49 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk

[2010/06/03 20:54:52 | 001,684,928 | ---- | C] () -- C:\Users\Rory Harper\Documents\DEMONFORD.tif

[2010/06/03 20:54:24 | 002,976,281 | ---- | C] () -- C:\Users\Rory Harper\Documents\DEMONFORD.pdf

[2010/06/03 14:35:57 | 000,000,209 | ---- | C] () -- C:\Users\Rory Harper\Desktop\Comcast Email.url

[2010/06/03 14:35:57 | 000,000,203 | ---- | C] () -- C:\Users\Rory Harper\Desktop\Comcast Security.url

[2010/06/03 14:33:37 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\Comcast Desktop Software.lnk

[2010/05/30 11:10:50 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe

[2010/05/30 06:27:30 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2010/05/29 20:17:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\w32apiw.dll

[2010/05/20 00:18:51 | 000,002,363 | ---- | C] () -- C:\Users\Public\Desktop\Digital Project V1,R4 (64-bit) License Administrator .lnk

[2010/05/20 00:18:50 | 000,002,363 | ---- | C] () -- C:\Users\Public\Desktop\Digital Project V1,R4 (64-bit).lnk

[2010/05/18 19:52:12 | 034,097,731 | ---- | C] () -- C:\Users\Rory Harper\Desktop\Harper_Rory_ Porfolio.zip

[2010/05/18 19:50:29 | 034,299,476 | ---- | C] () -- C:\Users\Rory Harper\Desktop\Harper, Rory_ Porfolio.zip

[2010/05/18 18:06:56 | 002,758,604 | ---- | C] () -- C:\Users\Rory Harper\Desktop\portfolio.xfl

[2010/05/18 18:06:43 | 002,789,376 | ---- | C] () -- C:\Users\Rory Harper\Desktop\portfolio.indd

[2010/05/14 18:24:28 | 000,001,624 | ---- | C] () -- C:\Users\Rory Harper\Desktop\DivX Movies.lnk

[2010/05/10 11:51:43 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010/05/04 13:03:38 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010/05/04 13:03:38 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010/04/16 21:59:23 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll

[2010/04/02 14:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010/01/31 09:14:26 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2010/01/31 09:08:35 | 000,000,060 | ---- | C] () -- C:\Windows\EPWF310.ini

[2009/11/18 23:25:56 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll

[2009/11/18 23:25:55 | 000,651,264 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll

[2009/11/03 20:25:34 | 000,743,594 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/11/02 17:41:47 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2009/10/28 08:11:43 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini

[2009/10/20 11:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2009/09/29 17:27:05 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll

[2009/09/29 17:22:29 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2009/09/29 17:22:29 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2009/08/19 01:33:09 | 000,000,031 | ---- | C] () -- C:\Windows\OOBEPlayer.ini

[2009/07/28 22:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini

[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2008/12/01 18:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

[2008/10/07 06:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008/10/07 06:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2006/05/18 20:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

[2004/03/23 13:38:40 | 000,086,016 | R--- | C] () -- C:\Windows\SysWow64\X3DGlCtl.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 1072 bytes -> C:\Users\Rory Harper\AppData\Local\cRMgB1fJII:WcDn3eLPnLcf2DagYy9uOYG

< End of report >

The post was too long to accept, so I attached the extras.txt

Thanks

Extras.Txt

Link to post
Share on other sites

Hello again,

P2P WARNING

-------------------

Going over your logs I noticed that you have BitTorrent installed.

[*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites

Hello again,

P2P WARNING

-------------------

Going over your logs I noticed that you have BitTorrent installed.

[*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites

Hello there,

That is good news :P Please take your time and see if the IP blocks do return or not. You also mentioned your wallpaper was changed. How is this now? Do you have any other issues left?

Please do not use the quote button to reply, instead use Add Reply, thanks :P

Please launch MBAM, update it and run a full scan. Post me the resulting log.

Link to post
Share on other sites

Here you go. Everything does seem to be working fine. The "This Windows is not licensed" message is no longer there and I have not had any IP blocks yet either.

Thanks for your help.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4194

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

06/13/10 04:56 PM

mbam-log-2010-06-13 (16-56-26).txt

Scan type: Full scan (C:\|)

Objects scanned: 688446

Time elapsed: 3 hour(s), 12 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Rory Harper\Desktop\adobe cs4 master\MAZUKi\adobe-master-cs4pre-keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\Users\Rory Harper\Desktop\New folder\xf-a2010.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\Users\Rory Harper\Downloads\Adobe After Effects CS4 (Final) [RH]\AAE_CS4_[RH]\Adobe After Effects CS4\ACS4MC- Keygen\Keygen (X-FORCE)\ACS4MC-Keygen (X-FORCE).exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Rory Harper\Downloads\Adobe Illustrator CS4\Key\adobe-master-cs4-keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hello again,

As you may have seen for yourself, using keygens and cracks is not a good idea :)

[*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites

If no infections were found, thee is no need for that :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Run OTL and click the Cleanup button. Allow a reboot. This will remove all tools and logs we used.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.