# System Hacked Into/Hijacked?



## dramstad (Nov 18, 2011)

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista Home Premium, Service Pack 2, 32 bit
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+, x64 Family 15 Model 107 Stepping 1
Processor Count: 2
RAM: 1981 Mb
Graphics Card: NVIDIA GeForce 6150SE nForce 430, 64 Mb
Hard Drives: C: Total - 228136 MB, Free - 137626 MB; D: Total - 10239 MB, Free - 4299 MB;
Motherboard: Dell Inc., 0RY206
Antivirus: Norton 360, Updated and Enabled

Someone has e-mailed me and suggested my system has been hijacked by them. I did a scan using Loaris Trojan Remover and it reported that I was infected with a worm (Sohanad). System is slow and person who e-mailed me seems to have info that is stored on my system, that only I would know about.

Please Help! Thanks.

Here is the Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:56:52 PM, on 11/18/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL Desktop 9.6\waol.exe
C:\Program Files\AOL Desktop 9.6\shellmon.exe
C:\Program Files\Common Files\aol\1262709377\ee\aolsoftware.exe
C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.8\iobitToolbarIE.dll
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.8\iobitToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Xfinity.com Toolbar - {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files\xfinitytb\xfinitydx.dll
O2 - BHO: Updater For Xfinity.com Toolbar 3.5 - {e6d0b79e-ecac-411b-8bf6-7a574981af30} - C:\Program Files\xfinitytb\auxi\xfinityAu.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Xfinity.com Toolbar - {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files\xfinitytb\xfinitydx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.8\iobitToolbarIE.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [TMWebProtectTray] "C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-CHRJ2.exe" /REG /REGSVRMODE
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://icmsweb.starsinc.com/evolv_cs/smsx.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\SymcPCCULaunchSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\ccSvcHst.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe
O23 - Service: Trend Micro Web Protection Add-On Service (TMWebProtect) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10554 bytes


----------



## flavallee (May 12, 2002)

After you received that unsolicited E-mail, did you reply to it and allow someone to remote-access your computer?

-------------------------------------------------------

While I'm reviewing your HiJackThis scan log, do the following:

Start HiJackThis, but don't run a scan.

Click on the "Open The Misc Tools Section" button. 

Click on the "Open Uninstall Manager" button. 

Click on the "Save List" button. 

Save the "uninstall_list.txt" file somewhere. 

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here. 

--------------------------------------------------------


----------



## flavallee (May 12, 2002)

Start HiJackThis, then click "Do a system scan only".

When the scan is finished, put a checkmark in these log entries:

*R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.8\iobitToolbarIE.dll

R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.8\iobitToolbarIE.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Xfinity.com Toolbar - {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files\xfinitytb\xfinitydx.dll

O2 - BHO: Updater For Xfinity.com Toolbar 3.5 - {e6d0b79e-ecac-411b-8bf6-7a574981af30} - C:\Program Files\xfinitytb\auxi\xfinityAu.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Xfinity.com Toolbar - {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files\xfinitytb\xfinitydx.dll

O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.8\iobitToolbarIE.dll

O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)*

After you confirm that you selected the correct log entries, click "Fix Checked - Yes".

Close HiJackThis, then restart the computer.

--------------------------------------------------


----------



## dramstad (Nov 18, 2011)

The e-mail was not unsolicited -- it's someone I know but not well. I have _only_ been communicating with this person using my YAHOO e-mail account (no IM's just e-mail to this person's g-mail account). This person has recently been e-mailing me suggesting they hacked into/hijacked my system. I have been communicating with this person since about October. 
Uninstall log pasted below. THANKS VERY MUCH!

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Advanced SystemCare 5
AOL Install
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bing Rewards Client Installer
Bonjour
Browser Address Error Redirector
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Comcast Desktop Software (v1.2.0.9)
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
D3DX10
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center
Desktop Doctor
Digital Line Detect
DivX Web Player
Download Updater (AOL LLC)
eMusic Download Manager 4.1.3.1
Funambol Outlook Sync Client 7.2.2
Google Chrome
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Internet Explorer (Enable DEP)
Internet Service Offers Launcher
IObit Malware Fighter
IObit Toolbar v4.8
iTunes
Java(TM) 6 Update 27
Junk Mail filter update
Loaris Trojan Remover 1.2


----------



## dramstad (Nov 18, 2011)

Was I hacked/hijacked??? Thanks So Much!


----------



## flavallee (May 12, 2002)

Do the following in the order that I've listed them.

It's going to take you awhile, so I'll check back with you in the morning. :up:

-----------------------------------------------------

Click Start - Run, then type in

*%temp%*

and then click OK.

Click Start - Run, then type in

*c:\windows\temp*

and then click OK.

Once those 2 temp folders appear and you can view their contents, select and delete EVERYTHING that's inside them.

If a few files resist being deleted, that's normal behavior. Leave them alone and delete EVERYTHING else.

After you're done, restart the computer.

-----------------------------------------------------

Go to Control Panel - Programs And Features, then uninstall:

*Advanced SystemCare 5*(by IObit)

*IObit Malware Fighter

IObit Toolbar 4.8

Loran Trojan Remover 1.2*

After they've all been uninstalled, restart the computer.

-----------------------------------------------------

Download and save the free version of

*Malwarebytes Anti-Malware 1.51.2.1300*

*SUPERAntiSpyware 5.0.0.1136*

then close all open windows first, then install them.

Make sure to update their definition files during the install process.

After they've been installed, restart the computer.

-----------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Scanner(tab) - *Perform quick scan* - Scan".

If infections or problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that *EVERYTHING* is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

-----------------------------------------------------

Start SUPERAntiSpyware.

Select the "*Quick Scan*" option, then click "Scan your Computer".

If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

When the scan is finished and the scan summary window appears, click "Continue".

Make sure that *EVERYTHING* in the list is selected, then click "Remove Threats".

Click "OK - Finish".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

-----------------------------------------------------


----------



## dramstad (Nov 18, 2011)

Hi,
Thanks again for your help. I did everything you said. Below are the Malwarebytes and Superantispyware scan logs you requested. *ALSO*: I had my computer disconnected from the internet/modem for a few hours after I performed the functions you instructed me to do. When I turned it back on, I had an alert from Norton 360 stating that TWO viruses had been discovered during the idle scan process (THE VIRUSES WERE QUARANTINED). The two viruses that Norton 360 detected were both Trojan.gen.2 contained in c:\users\d\downloads\gmer (1) zip 
They did not turn up in the Malwarebytes or Superantispyware scans.
THANKS!

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8191
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
11/18/2011 9:27:56 PM
mbam-log-2011-11-18 (21-27-56).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 327641
Time elapsed: 2 hour(s), 52 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/18/2011 at 06:29 PM
Application Version : 5.0.1136
Core Rules Database Version : 7965
Trace Rules Database Version: 5777
Scan type : Quick Scan
Total Scan Time : 00:10:24
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 684
Memory threats detected : 0
Registry items scanned : 30308
Registry threats detected : 0
File items scanned : 7086
File threats detected : 17
Adware.Tracking Cookie
C:\Users\D\AppData\Local\Temp\Cookies\X3AIGT3G.txt [ /mm.chitika.net ]
C:\Users\D\AppData\Local\Temp\Cookies\SEUJETXA.txt [ /at.atwola.com ]
C:\Users\D\AppData\Local\Temp\Cookies\1D0S0NHY.txt [ /cdn.at.atwola.com ]
C:\Users\D\AppData\Local\Temp\Cookies\V82GZIP8.txt [ /adserver.adtechus.com ]
C:\Users\D\AppData\Local\Temp\Cookies\ILRRPF16.txt [ /legolas-media.com ]
C:\Users\D\AppData\Local\Temp\Cookies\B7PO9GZE.txt [ /ar.atwola.com ]
C:\Users\D\AppData\Local\Temp\Cookies\H83TSVVE.txt [ /tacoda.at.atwola.com ]
C:\Users\D\AppData\Local\Temp\Cookies\PRVQYQFE.txt [ /liveperson.net ]
C:\Users\D\AppData\Local\Temp\Cookies\EZWPE364.txt [ /atwola.com ]
C:\Users\D\AppData\Local\Temp\Cookies\IKB52LWP.txt [ /liveperson.net ]
C:\USERS\D\AppData\Roaming\Microsoft\Windows\Cookies\Low\6U9VEIKR.txt [ Cookie:[email protected]/ ]
C:\USERS\D\AppData\Roaming\Microsoft\Windows\Cookies\Low\T5MO5NWD.txt [ Cookie:[email protected]/pagead/conversion/1070847646/ ]
C:\USERS\D\AppData\Roaming\Microsoft\Windows\Cookies\Low\P33R2GPL.txt [ Cookie:[email protected]/ ]
C:\USERS\D\AppData\Roaming\Microsoft\Windows\Cookies\Low\6US8L61N.txt [ Cookie:[email protected]/ ]
C:\USERS\D\AppData\Roaming\Microsoft\Windows\Cookies\Low\RNE1CF5S.txt [ Cookie:[email protected]/ ]
C:\USERS\D\AppData\Roaming\Microsoft\Windows\Cookies\Low\9R0JBHA0.txt [ Cookie:[email protected]/hc/19452074 ]
C:\USERS\D\AppData\Roaming\Microsoft\Windows\Cookies\Low\W0XZTSRV.txt [ Cookie:[email protected]/ ]


----------



## flavallee (May 12, 2002)

I need you to follow the below instructions and submit a new "uninstall_list.txt" log.

The first you submitted is incomplete and is missing everything below

*Loaris Trojan Remover 1.2 *

-------------------------------------------------------

Start HiJackThis, but don't run a scan.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

---------------------------------------------------------


----------



## dramstad (Nov 18, 2011)

Here's the uninstall list -- Thanks.

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
AOL Install
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bing Rewards Client Installer
Bonjour
Browser Address Error Redirector
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Comcast Desktop Software (v1.2.0.9)
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
D3DX10
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center
Desktop Doctor
Digital Line Detect
DivX Web Player
Download Updater (AOL LLC)
eMusic Download Manager 4.1.3.1
Funambol Outlook Sync Client 7.2.2
Google Chrome
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Internet Explorer (Enable DEP)
Internet Service Offers Launcher
iTunes
Java(TM) 6 Update 27
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Default Manager
Microsoft Fix it Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft VC9 runtime libraries
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Modem Diagnostic Tool
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Music, Photos & Videos Launcher
NetWaiting
Norton 360
Norton PC Checkup
NVIDIA Drivers
NVIDIANetworkDiagnostic
OGA Notifier 2.0.0048.0
Product Documentation Launcher
QuickTime
Realtek High Definition Audio Driver
RTC Client API v1.2
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Segoe UI
Sonic Activation Module
SUPERAntiSpyware
Symantec Technical Support Web Controls
Trend Micro Web Protection Add-On
TweakNow PowerPack 2011
TweakNow SecureDelete
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guides
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Messenger
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinPcap 4.1.1
Xfinity.com Toolbar 3.5


----------



## flavallee (May 12, 2002)

You haven't advised me if you completed the instructions in post #3.

---------------------------------------------------------

Let me review your now-complete "uninstall_list.txt" log, then I'll get back to you.

--------------------------------------------------------


----------



## flavallee (May 12, 2002)

Go to Control Panel - Programs And Features, then uninstall:

*Bing Bar

CCleaner*(unless you REALLY know how to use it safely)

*Google Toolbar For Internet Explorer*(unless you actually need and use it)

*Microsoft Default Manager

TweakNow PowerPack 2011

TweakNow SecureDelete

Viewpoint Media Player

Xfinity.com Toolbar*

Note: Stay away from cleaner/optimizer/booster/tuneup/tweak type programs, especially the ones that "fix" and "clean" the registry. They do little-to-nothing to improve speed, but what they can do is damage Windows and some of your programs.

-----------------------------------------------------------------------------------

*Adobe Shockwave Player 11.5* needs to be updated to *Adobe Shockwave Player 11.6.3.633*

*Java(TM) 6 Update 27* needs to be updated to *Java Runtime Environment 6 Update 29*

*Mozilla Firefox 8.0* needs to be updated to *Mozilla Firefox 8.0.1*

-----------------------------------------------------------------------------------


----------



## dramstad (Nov 18, 2011)

Hi, Yes completed all of the previous steps. I'm now going to uninstall the programs you advised me to. Thanks


----------



## flavallee (May 12, 2002)

Advise me when you're completely done with post #11.

-------------------------------------------------------


----------



## dramstad (Nov 18, 2011)

I could not locate microsoft definition manager but uninstalled the rest of them


----------



## dramstad (Nov 18, 2011)

MS DEFAULT Manager was not on uninstall list but did show up when I searched in start menu ... should I uninstall from here?


----------



## flavallee (May 12, 2002)

dramstad said:


> I could not locate microsoft definition manager but uninstalled the rest of them


I believe *Bing Bar* and *MSN Toolbar* and *Microsoft Default Manager* are all associated with each other, so they may not all show appear in the "Programs And Features" list. Don't worry about it.

Advise me when you're done with ALL of the uninstalls and installs.

---------------------------------------------------------


----------



## dramstad (Nov 18, 2011)

I don't know if this is relevant info or not but three things: I changed my default web browser from IE to Mozilla Firefox from control panel last night. Also, The Loaris Trojan Remover apparently did not uninstall completely after I (attempted to) uninstalled it from control panel. The Loaris files showed up in Start Menu and I deleted them from their stored location (not sure if I should have done that?) -- one Loaris file remained which was a technical question I sent them 2 days ago. Also, Norton 360 updates were suddenly way behind and one Norton 360 feature (Norton Activity Map Data) is suddenly not working/failed to update.


----------



## dramstad (Nov 18, 2011)

All the installs and uninstalls are complete.


----------



## flavallee (May 12, 2002)

dramstad said:


> I don't know if this is relevant info or not but three things: I changed my default web browser from IE to Mozilla Firefox from control panel last night. Also, The Loaris Trojan Remover apparently did not uninstall completely after I (attempted to) uninstalled it from control panel. The Loaris files showed up in Start Menu and I deleted them from their stored location (not sure if I should have done that?) -- one Loaris file remained which was a technical question I sent them 2 days ago. Also, Norton 360 updates were suddenly way behind and one Norton 360 feature (Norton Activity Map Data) is suddenly not working/failed to update.


Sometimes after you uninstall a program, it's shortcut will remain the Start menu and its folder will remain inside the *C:\Programs Files* folder.

As long as you know you've already uninstalled the program, it's okay to delete those afterwards.

---------------------------------------------------------


----------



## flavallee (May 12, 2002)

Close all open windows first, then start HiJackThis and click "Do a system scan and save a log file", then save the new log that appears, then submit it here.

--------------------------------------------------------


----------



## flavallee (May 12, 2002)

Click "Edit" in posts #21 and #22, then delete them both.

The log in both posts is running all together and is unreadable.

--------------------------------------------------------

Open *Notepad*, then make sure "Format - Word Wrap" is selected, then close it.

Do another scan and save the log and submit it.

Hopefully, it'll display correctly this time.

--------------------------------------------------------


----------



## flavallee (May 12, 2002)

For some reason, you ran a scan while in "Safe mode" instead of while in "Normal mode".

Delete post #22, then restart in normal mode, then try it again.

--------------------------------------------------------


----------



## dramstad (Nov 18, 2011)

For some reason now, my computer is booting/running entirely in safe mode now and I dont know why. I rebooted choosing safe mode and also checked using start run typing misconfig, etc. to see if boot in safe mode was checked ... it wasn't. Help. Thanks.


----------



## flavallee (May 12, 2002)

Let me see if I can get a gold/blue shield malware removal expert to assist you.

They're very busy, so don't expect a quick reply.

---------------------------------------------------------


----------



## dramstad (Nov 18, 2011)

Okay, Hi ... I fixed the problem. All okay with that boot issue. Please have a look at my Hijackthis log as you previously requested.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:00:54 PM, on 11/20/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [TMWebProtectTray] "C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://icmsweb.starsinc.com/evolv_cs/smsx.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\SymcPCCULaunchSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\ccSvcHst.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe
O23 - Service: Trend Micro Web Protection Add-On Service (TMWebProtect) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8167 bytes


----------



## flavallee (May 12, 2002)

What have you recently installed in that computer that I'm not aware of?

--------------------------------------------------------

Go to Control Panel - Programs And Features.

What's listed there for *Norton* and *Trend Micro*?

--------------------------------------------------------


----------



## flavallee (May 12, 2002)

Start HiJackThis, then click "Do a system scan only".

When the scan is finished, put a checkmark in these log entries:

*O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)*

then click "Fix Checked - Yes".

Close HiJackThis.

------------------------------------------------------


----------



## dramstad (Nov 18, 2011)

I added a mozilla add on called "No Script" using the Mozilla add-ons manager. I have subsequently uninstalled and gone back to Internet Exploer as my default browser. I tried Mozilla for a few days because I was told it was safer to use.


----------



## dramstad (Nov 18, 2011)

Norton 360, Norton PC Checkup, and Trend Micro Web Protection add-on.


----------



## dramstad (Nov 18, 2011)

I ran Hijackthis checked the items -- an "error #5" occured regarding removal of Windows Live One Care and Eset.


----------



## flavallee (May 12, 2002)

dramstad said:


> Norton 360, Norton PC Checkup, and Trend Micro Web Protection add-on.


Keep *Norton 360* and uninstall the other 2.

I'm going off-line shortly, so I'll get back with you in the morning.

--------------------------------------------------------


----------



## dramstad (Nov 18, 2011)

I removed the other two and kept Norton 360. Thanks.


----------



## flavallee (May 12, 2002)

dramstad said:


> I removed the other two and kept Norton 360. Thanks.


OK, good. :up:

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then submit it here.

---------------------------------------------------------


----------



## dramstad (Nov 18, 2011)

HI, For some reason, when I'M NOT IN SAFE MODE (I.E., system booted in normal mode) and do a hijackthis scan, the logfile says it was done in safe mode. I had this problem yesterday but then the logfiles to you started showing as having been completed in normal mode again. The logfiles started showing safe mode again today (again I was not booted in safe mode) I've tried start-run Config - checked safe mode (not checked), system restore, boot in normal mode. This happened yesterday too but then suddenly the hijackthis file started showing that the scan was completed in normal mode (as it's supposed to be). Any chance this could be Malware causing this? I scanned my system with the ESET ONLINE SCAN (which is recommended on hijack this) and TURNED UP THIS AS AN INFECTION: c:\users\D\downloads\ms2200fr.exe 
I'm going to try another hijackthis scan and see if the logfile reads as normal mode or safe mode. I'll send it to you either way to see what you think. Hopefully it will read as having been done in normal mode. Thanks for all your help!


----------



## dramstad (Nov 18, 2011)

As explained in previous entry to you, I am not booted in safe mode but the hijackthis logfile states that I am. Here is the current hijackthis logfile.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:23:59 PM, on 11/18/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Xfinity.com Toolbar - {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files\xfinitytb\xfinitydx.dll
O2 - BHO: Updater For Xfinity.com Toolbar 3.5 - {e6d0b79e-ecac-411b-8bf6-7a574981af30} - C:\Program Files\xfinitytb\auxi\xfinityAu.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Xfinity.com Toolbar - {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files\xfinitytb\xfinitydx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL Desktop 9.6\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll


----------



## dramstad (Nov 18, 2011)

Also, I noticed when I click on "Default" to set default home page, the following now appears: http://go.microsoft.com/fwlink/?LinkId=69157


----------



## flavallee (May 12, 2002)

You submitted a 3-day old HiJackThis log.

Go to Control Panel - User Accounts.

Turn off and disable the User Account Control(UAC) feature, then apply the change.

Restart the computer.

Run a new scan with HiJackThis, then submit the new log here.

--------------------------------------------------------

I fear you may have damaged Windows by using IObit Advanced SystemCare and TweakNow PowerPack and the others.

-------------------------------------------------------


----------



## flavallee (May 12, 2002)

Your HiJackThis log in post #1, dated 3:56 P.M., 11/18/2011, shows *IObit Advanced SystemCare 5*.

Your HiJackThis log in post #35, dated 12:23 P.M., 11/18/2011, shows *IObit Advanced SystemCare 4*.

What's going on?

--------------------------------------------------------


----------



## dramstad (Nov 18, 2011)

I applied the change to user account feature. Here's the log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:39 AM, on 11/22/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1262709377\ee\aolsoftware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] "%windir%\WindowsMobile\wmdc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] "RtHDVCpl.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1262709377\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://icmsweb.starsinc.com/evolv_cs/smsx.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9355 bytes


----------



## dramstad (Nov 18, 2011)

... I don't know about the Iobit 4 and 5 ... I uninstalled it from my system then saw remnants of it again when I searched for something unrelated in the start box. I removed whatever was there. Thanks.


----------



## flavallee (May 12, 2002)

Start HiJackThis, then click "Do a system scan only".

When the scan is finished, put a checkmark in these log entries:

*O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)*

then click "Fix Checked - Yes".

Close HiJackThis.

-------------------------------------------------------

Click Start - Run, then type in *MSCONFIG* and then click OK - "Startup" tab.

Write down the names in the "Startup Item" column that have a checkmark.

If the column isn't wide enough to see the entire name of any of them, widen the column.

Submit those names here in a vertical list.

Make sure to spell them exactly as you see them there.

-------------------------------------------------------


----------



## dramstad (Nov 18, 2011)

I Checked/Fixed checked Items from HiJackThis scan. 

Start-Up Items (The whole list was checked): Adobe Reader and Acrobat Manager, Macrovision FLEXnet Connect, Jave Platform SE Auto Updater 2.0, Microsoft Windows Mobile Device Center, HD Audio Control Center, Default Manager, Malwarbytes' Anti-Malware, Malwarebytes' Anti-Malware, Macrovision FLEXnet Connect, Aol Services Libraries, Adobe Reader Speed Launcher, Messenger (Yahoo!), Microsoft Office One Note, Digital Line Detection


----------



## dramstad (Nov 18, 2011)

I mispelled Java in previous eresponse re start-up items (Java not Jave), AOL (not Aol)


----------



## dramstad (Nov 18, 2011)

I'm sorry, you wanted the checked start-up items in a VERTICAL list:

Adobe Reader and Acrobat Manager
Macrovision FLEXnet Connect
Java Platform SE Auto Updater 2.0
Microsoft Windows Mobile Device Center
Default Manager
Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware
Macrovision FLEXnet Connect
AOL Services Libraries
Adobe Reader Speed Launcher
Messenger (Yahoo!)
Microsoft Office OneNote
Digital Line Detection


----------



## flavallee (May 12, 2002)

These startup entries can be unchecked in Start - Run - MSCONFIG - OK - "Startup" tab:

*Adobe Reader and Acrobat Manager

Java(TM) Platform SE Auto Updater 2.0

Microsoft Default Manager

Malwarebytes Anti-Malware*(the free version doesn't have "real time" monitoring)

*Adobe Reader Speed Launcher

Microsoft Office OneNote

Digital Line Detection*

After you're done, click Apply - OK/Close - Restart.

Start HiJackThis and click "Do a system scan and save a log file".

Save the new log that appears and then submit it here.

---------------------------------------------------


----------



## dramstad (Nov 18, 2011)

Ok, I unchecked the items you instructrd me to. Here's the HijackThis scan logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:39 AM, on 11/22/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1262709377\ee\aolsoftware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] "%windir%\WindowsMobile\wmdc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] "RtHDVCpl.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1262709377\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://icmsweb.starsinc.com/evolv_cs/smsx.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9355 bytes


----------



## flavallee (May 12, 2002)

Your last log is dated *11:19 A.M., 11/22/2011*, so it's not displaying a current picture of your computer.

Are you leaving the UAC setting turned off or are you going back and turning it back on?

----------------------------------------------------------


----------



## dramstad (Nov 18, 2011)

I noticed on the last HiJackThis scan/logfile I submitted to you here that it was saved for 11/22/2011 at 11:19 AM (which was yesterday). Every time I run/save a scan the time/day stays the same -- for 11/22/2011 at 11:19 AM -- and not for today, 11/23/2011.


----------



## flavallee (May 12, 2002)

Without seeing a log with the current time and date, I don't know what you've done or haven't done.

If you're turning the User Account Control(UAC) feature on and off, you need to leave it off until we're done.

Is the computer running okay?

Are you still having the original problem?

---------------------------------------------------------


----------



## dramstad (Nov 18, 2011)

Hi, yes the UAC was turned back on ... turned it off and will keep it off. Here is the current HiJackThis log. I informed you at the beginning of this thread that someone I know was sending me emails from their g-mail to my yahoo account (and I had clicked on several links which were for you.tube videos which they sent with the e-mails -- the you.tube links may have been infected ... ). They suggested they had hacked or hijacked my computer. My computer was sluggish, and they were providing me with information which is generally only stored on my computer.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:06:48 PM, on 11/23/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1262709377\ee\aolsoftware.exe
C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Windows Mobile Device Center] "%windir%\WindowsMobile\wmdc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] "RtHDVCpl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1262709377\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://icmsweb.starsinc.com/evolv_cs/smsx.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7758 bytes


----------



## flavallee (May 12, 2002)

Let me look at a new "uninstall_list.txt" log and see if anything jumps out at me.

I've done pretty much what I can do from here, and it appears you're getting frustrated, so I may end my involvement shortly.

Start HiJackThis, but don't run a scan.

Click on the "Open The Misc Tools Section" button. 

Click on the "Open Uninstall Manager" button. 

Click on the "Save List" button. 

Save the "uninstall_list.txt" file somewhere. 

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here. 

---------------------------------------------------------


----------



## dramstad (Nov 18, 2011)

Hi. I appreciate your help. Not frustrated.

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
AOL Install
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Rewards Client Installer
Bonjour
Browser Address Error Redirector
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Comcast Desktop Software (v1.2.0.9)
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
D3DX10
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center
Desktop Doctor
Digital Line Detect
DivX Web Player
Download Updater (AOL LLC)
eMusic Download Manager 4.1.3.1
ESET Online Scanner v3
Funambol Outlook Sync Client 7.2.2
Google Chrome
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Internet Explorer (Enable DEP)
Internet Service Offers Launcher
iTunes
Java(TM) 6 Update 29
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Default Manager
Microsoft Fix it Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft VC9 runtime libraries
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Modem Diagnostic Tool
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Music, Photos & Videos Launcher
NetWaiting
Norton 360
NVIDIA Drivers
NVIDIANetworkDiagnostic
OGA Notifier 2.0.0048.0
Product Documentation Launcher
QuickTime
Realtek High Definition Audio Driver
RTC Client API v1.2
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Segoe UI
Sonic Activation Module
SUPERAntiSpyware
swMSM
Symantec Technical Support Web Controls
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guides
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Messenger
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinPcap 4.1.1


----------



## dramstad (Nov 18, 2011)

What are your impressions at this point? Does it look like I was hacked/hijacked? Anything else I need to do? Malware expert? Or does everything appear to be okay at this time? Thanks again.


----------



## flavallee (May 12, 2002)

I'm not a "gold shield" malware expert, but I don't see anything obvious to indicate your computer has been hacked.

Do you use any of the America Online(AOL) stuff in that computer?

---------------------------------------------------------


----------



## dramstad (Nov 18, 2011)

Aol 9.6


----------



## dramstad (Nov 18, 2011)

Yes, I use AOL 9.6. Mainly just checking AOL e-mail.


----------



## flavallee (May 12, 2002)

It may be an AOL-related issue.

I have a friend who uses AOL, and I regularly receive E-mail from her with suspicious links in the text box. She's not sending them and has gotten the same complaint from others in her contacts list.

--------------------------------------------------------


----------



## dramstad (Nov 18, 2011)

Hi There,
This person was using her G-mail account and was sending links to my Yahoo e-mail account (the links were You.Tube videos, which I opened probably 20 of). What do you think? How's everything look? Anything suspicious? Anything further you recommend? I did not use AOL for any of this, in fact, I never open anything from anybody on AOL except from people I know for sure. The same goes for any other e-mail account I have. The computer is still sluggish, seems to operate even in idle mode, some desktop icons have been changed, running in safe mode when it's not supposed to, default web page changes, etc. Again, just concerned that this person (I previously described situation to you) has hacked my system. In general, I'd just like to know if my system has been compromised -- hacked/hijacked through a backdoor, virus/trojan, etc. Referring me to a Malware Gold Shield Expert would help me. I really appreciate all of your time and effort. Please advise. Happy Thanksgiving!


----------



## dramstad (Nov 18, 2011)

... the you.tube links were spelled youtu.be


----------



## flavallee (May 12, 2002)

I've requested a gold/blue shield malware removal expert assist you.

This section is very busy, so you may not get a reply from one for 24 - 48 hours.

---------------------------------------------------------


----------



## eddie5659 (Mar 19, 2001)

Hi

Just replying, but give me a bit to re-read the whole thread and then I'll come back to you 

eddie


----------



## eddie5659 (Mar 19, 2001)

Okay, just read the entire thread, so have an idea of what's been tried already 

So, lets try a few things to see what may be lurking.

Just so you know, I'll be back tomorrow, as my Fridays are nomally booked in advance, but just post the below logs, and I'll look at them as soon as I get back 

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

--------

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


Regards

eddie


----------



## flavallee (May 12, 2002)

Eddie:

Thanks for jumping in and taking over. :up:

--------------------------------------------------------


----------



## dramstad (Nov 18, 2011)

Thanks again for all of your help -- truly appreciated!


----------



## flavallee (May 12, 2002)

dramstad said:


> Thanks again for all of your help -- truly appreciated!


You're welcome. 

I'll leave you with Eddie. :up:

-------------------------------------------------------


----------



## dramstad (Nov 18, 2011)

Results of screen317's Security Check version 0.99.28 
Windows Vista Service Pack 2 x86 (UAC is enabled) 
Internet Explorer 9 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Disabled! 
ESET Online Scanner v3 
Norton 360 
WMI entry may not exist for antivirus; attempting automatic update. 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
Malwarebytes' Anti-Malware 
CCleaner 
Java(TM) 6 Update 29 
Adobe Flash Player 11.1.102.55 
Adobe Reader X (10.1.1) 
Mozilla Firefox (8.0.1) 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
Norton ccSvcHst.exe 
Malwarebytes' Anti-Malware mbamservice.exe 
*``````````End of Log````````````*


----------



## dramstad (Nov 18, 2011)

OTL logfile created on: 11/25/2011 2:42:33 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\D\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 52.30% Memory free
4.88 Gb Paging File | 3.87 Gb Available in Paging File | 79.28% Paging File free
Paging file location(s): c:\pagefile.sys 3072 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 114.99 Gb Free Space | 51.61% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.24 Gb Free Space | 42.42% Space Free | Partition Type: NTFS

Computer Name: D-PC | User Name: D | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/25 14:40:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\D\Downloads\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2010/03/08 00:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1262709377\ee\aolsoftware.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2007/09/24 02:41:02 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2009/12/17 17:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/10/20 11:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/01/29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 08:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 08:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2011/11/19 00:19:30 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111125.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/19 00:19:30 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111125.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/14 12:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 10:45:47 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/09 10:45:46 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/09/09 08:35:42 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111124.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/06 00:24:08 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 20:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 20:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 17:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 19:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/26 23:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 18:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2009/12/13 04:21:40 | 000,002,560 | ---- | M] (SupportSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssrangdr.sys -- (ssrangdr)
DRV - [2009/10/20 11:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/29 02:40:28 | 001,062,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/01 13:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/10/18 11:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mozillafirefox.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Users\D\Desktop\Downloads\etunes downloads\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Users\D\Desktop\Downloads\etunes downloads\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Users\D\Desktop\Downloads\etunes downloads\eMusic Download Manager\xulrunner\components [2011/11/21 13:08:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Users\D\Desktop\Downloads\etunes downloads\eMusic Download Manager\xulrunner\plugins [2011/11/21 13:08:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/28 03:03:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/10/05 21:43:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_3_6 [2011/11/24 21:51:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/25 06:36:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/21 13:08:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/01/02 22:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D\AppData\Roaming\Mozilla\Extensions
[2009/05/12 17:23:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/11/20 17:23:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\lg8n8qu6.default\extensions
[2011/11/20 00:30:47 | 000,000,000 | ---D | M] (WOT) -- C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\lg8n8qu6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/25 06:36:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/19 16:00:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2009/12/12 00:25:05 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\USERS\D\DESKTOP\DOWNLOADS\ETUNES DOWNLOADS\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2009/12/12 00:25:05 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\USERS\D\DESKTOP\DOWNLOADS\ETUNES DOWNLOADS\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2009/12/12 00:25:05 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\USERS\D\DESKTOP\DOWNLOADS\ETUNES DOWNLOADS\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/11/20 21:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/19 16:00:34 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/20 18:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 18:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=685749&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Users\D\Desktop\Downloads\etunes downloads\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O4 - HKLM..\Run: [(default)] File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1262709377\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Mobile Device Center] "%windir%\WindowsMobile\wmdc.exe" File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://icmsweb.starsinc.com/evolv_cs/smsx.cab (MeadCo ScriptX)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C63BB0-190C-469D-BF4B-2E14F0B49D93}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4f26b8c3-f356-11de-be96-00038a000015}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/24 23:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/11/24 23:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/24 12:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/11/24 12:33:22 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Yahoo!
[2011/11/22 21:34:19 | 000,000,000 | ---D | C] -- C:\Users\D\Documents\tdsskiller
[2011/11/21 19:58:57 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/21 13:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/21 13:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/21 13:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/21 13:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/21 13:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/21 13:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/21 12:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/18 17:55:16 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/18 17:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/17 10:21:50 | 000,000,000 | ---D | C] -- C:\Users\D\Documents\WHELAN SECURITY ATT00001
[2011/11/15 12:48:26 | 000,000,000 | ---D | C] -- C:\f15f0e428f1dae71b94e
[2011/11/13 22:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/10 10:18:22 | 000,000,000 | ---D | C] -- C:\565d2d70ae0aeb31ac49877334668f
[2 C:\Users\D\Documents\*.tmp files -> C:\Users\D\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/25 14:26:56 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/25 14:26:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/25 11:50:55 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 11:50:55 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 07:59:48 | 000,001,356 | ---- | M] () -- C:\Users\D\AppData\Local\d3d9caps.dat
[2011/11/25 06:36:23 | 000,000,832 | ---- | M] () -- C:\Users\D\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/25 06:36:23 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/25 00:10:35 | 000,006,320 | ---- | M] () -- C:\Users\D\Documents\cc_20111125_001027.reg
[2011/11/24 23:14:51 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/24 22:20:01 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/24 21:55:16 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/24 21:55:16 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/24 12:12:57 | 000,001,852 | ---- | M] () -- C:\Users\D\Documents\Firefox Sync Key.html
[2011/11/23 21:06:38 | 000,002,475 | ---- | M] () -- C:\Users\D\Desktop\HiJackThis.lnk
[2011/11/23 20:39:17 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/11/23 13:46:34 | 000,006,122 | ---- | M] () -- C:\Users\D\Documents\hijackthisuninstall_list
[2011/11/22 21:29:11 | 000,376,394 | ---- | M] () -- C:\Users\D\AppData\Local\census.cache
[2011/11/22 21:29:09 | 000,180,986 | ---- | M] () -- C:\Users\D\AppData\Local\ars.cache
[2011/11/21 13:07:49 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/21 13:02:27 | 000,001,626 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/20 11:53:26 | 000,008,256 | ---- | M] () -- C:\Users\D\Desktop\hijackthis3
[2011/11/20 11:52:27 | 000,008,223 | ---- | M] () -- C:\Users\D\Desktop\hijackthis2
[2011/11/18 17:54:37 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/18 17:48:53 | 000,000,892 | ---- | M] () -- C:\Users\D\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/18 15:45:12 | 000,000,518 | ---- | M] () -- C:\Users\D\Desktop\Everyone MUST read this BEFORE posting for help in this forum - Tech Support Guy Forums.url
[2011/11/18 15:01:02 | 000,000,186 | ---- | M] () -- C:\Users\D\Desktop\HijackThis - Trend Micro USA.url
[2011/11/18 14:00:09 | 014,790,445 | ---- | M] () -- C:\Users\D\AppData\Roaming\SMRBackup210.dat
[2011/11/17 11:30:05 | 000,000,292 | ---- | M] () -- C:\Users\D\Desktop\Universal Careers.url
[2011/11/17 10:57:34 | 000,000,575 | ---- | M] () -- C:\Users\D\Desktop\Seeking Security Officer-Denver Area Aurora Job.url
[2011/11/17 10:54:19 | 000,000,342 | ---- | M] () -- C:\Users\D\Desktop\Employment Application - C&D Security Jobs.url
[2011/11/17 10:21:50 | 000,146,074 | ---- | M] () -- C:\Users\D\Documents\WHELAN SECURITY ATT00001.zip
[2011/11/17 00:09:35 | 000,000,181 | ---- | M] () -- C:\Users\D\Desktop\Lien - Wikipedia, the free encyclopedia.url
[2011/11/16 20:48:48 | 000,000,147 | ---- | M] () -- C:\Users\D\Desktop\Simply Hired Support Center Job Seekers.url
[2011/11/16 20:40:30 | 000,000,205 | ---- | M] () -- C:\Users\D\Desktop\View Current Job Listings at Arapahoe-Douglas Mental Health Network - Arapahoe-Douglas Mental Health Network Jobs.url
[2011/11/16 20:19:02 | 010,708,058 | ---- | M] () -- C:\Users\D\Documents\Warrior Soul_06_Jump for Joy.mp3
[2011/11/16 20:19:02 | 010,391,815 | ---- | M] () -- C:\Users\D\Documents\Warrior Soul_03_Drugs, God, and the New Republic.mp3
[2011/11/16 20:19:02 | 007,580,485 | ---- | M] () -- C:\Users\D\Documents\Warrior Soul_07_My Time.mp3
[2011/11/16 20:19:02 | 005,202,513 | ---- | M] () -- C:\Users\D\Documents\Warrior Soul_05_Rocket 88.mp3
[2011/11/16 20:19:02 | 004,023,537 | ---- | M] () -- C:\Users\D\Documents\Warrior Soul_02_Interzone.mp3
[2011/11/16 20:19:01 | 010,290,250 | ---- | M] () -- C:\Users\D\Documents\Various Artists_06_Under The Sun-Everyday Comes And Goes.mp3
[2011/11/16 20:19:01 | 008,018,387 | ---- | M] () -- C:\Users\D\Documents\Various Artists_11_Production.mp3
[2011/11/16 20:19:01 | 008,006,121 | ---- | M] () -- C:\Users\D\Documents\Various Artists_41_Summer Of 81.mp3
[2011/11/16 20:19:01 | 007,650,781 | ---- | M] () -- C:\Users\D\Documents\Various Artists_10_After Forever.mp3
[2011/11/16 20:19:01 | 006,482,608 | ---- | M] () -- C:\Users\D\Documents\Various Artists_19_Preacher's Confession.mp3
[2011/11/16 20:19:00 | 008,726,352 | ---- | M] () -- C:\Users\D\Documents\Various Artists_01_12_Behind The Wall Of Sleep.mp3
[2011/11/16 20:19:00 | 005,484,528 | ---- | M] () -- C:\Users\D\Documents\Various Artists_03_Lady Scarface.mp3
[2011/11/16 20:19:00 | 003,887,100 | ---- | M] () -- C:\Users\D\Documents\Various Artists_01_Contort Yourself.mp3
[2011/11/16 20:18:59 | 009,453,339 | ---- | M] () -- C:\Users\D\Documents\Various Artists_01_10_Tod Und Sieg.mp3
[2011/11/16 20:18:59 | 008,808,960 | ---- | M] () -- C:\Users\D\Documents\Various Artists - Earache_12_Cornucopia.mp3
[2011/11/16 20:18:58 | 008,056,929 | ---- | M] () -- C:\Users\D\Documents\Various Artists - Earache_08_Lord Of This World - Brutal Death.mp3
[2011/11/16 20:18:57 | 005,948,850 | ---- | M] () -- C:\Users\D\Documents\Various Artists - Earache_02_Snowblind.mp3
[2011/11/16 20:18:56 | 008,526,142 | ---- | M] () -- C:\Users\D\Documents\Various Artists - Earache_01_Wheels Of Confusion.mp3
[2011/11/16 20:18:55 | 005,425,128 | ---- | M] () -- C:\Users\D\Documents\Various Artists - Cleopatra Records_04_My Michelle - Phil Lewis of LA Guns.mp3
[2011/11/16 20:18:55 | 004,179,690 | ---- | M] () -- C:\Users\D\Documents\Various Artists - Cleopatra Records_09_Break Stuff.mp3
[2011/11/16 20:18:54 | 007,987,593 | ---- | M] () -- C:\Users\D\Documents\Various Artists - Cleopatra Records_04_For Whom The Bells Tolls - Spew.mp3
[2011/11/16 20:18:53 | 006,910,365 | ---- | M] () -- C:\Users\D\Documents\Various Artists - Cleopatra Records_02_South Of Heaven - Abbadon Of Venom.mp3
[2011/11/16 20:18:52 | 005,282,786 | ---- | M] () -- C:\Users\D\Documents\Various Artists - Cleopatra Records_01_You're Crazy - Steve Rachelle of Tuff.mp3
[2011/11/16 20:18:51 | 010,430,268 | ---- | M] () -- C:\Users\D\Documents\Triumph_04_Magic Power.mp3
[2011/11/16 20:18:51 | 007,923,480 | ---- | M] () -- C:\Users\D\Documents\Van Halen_08_Feel Your Love Tonight.mp3
[2011/11/16 20:18:50 | 012,683,536 | ---- | M] () -- C:\Users\D\Documents\Triumph_02_Hold On.mp3
[2011/11/16 20:18:48 | 004,825,740 | ---- | M] () -- C:\Users\D\Documents\The Yardbirds_01_For Your Love.mp3
[2011/11/16 20:18:48 | 004,559,708 | ---- | M] () -- C:\Users\D\Documents\The Southern Death Cult_03_The Girl.mp3
[2011/11/16 20:18:48 | 004,135,278 | ---- | M] () -- C:\Users\D\Documents\The Southern Death Cult_05_Today.mp3
[2011/11/16 20:18:48 | 003,971,385 | ---- | M] () -- C:\Users\D\Documents\The Southern Death Cult_09_The Crypt.mp3
[2011/11/16 20:18:47 | 008,479,931 | ---- | M] () -- C:\Users\D\Documents\The Rolling Stones_08_Gomper.mp3
[2011/11/16 20:18:47 | 007,607,352 | ---- | M] () -- C:\Users\D\Documents\The Rolling Stones_10_Salt Of The Earth.mp3
[2011/11/16 20:18:47 | 007,594,549 | ---- | M] () -- C:\Users\D\Documents\The Rolling Stones_09_2000 Light Years From Home.mp3
[2011/11/16 20:18:46 | 013,938,098 | ---- | M] () -- C:\Users\D\Documents\The Rolling Stones_05_Sing This All Together (See What Happens).mp3
[2011/11/16 20:18:46 | 008,853,090 | ---- | M] () -- C:\Users\D\Documents\The Rolling Stones_07_Worried About You.mp3
[2011/11/16 20:18:46 | 007,377,940 | ---- | M] () -- C:\Users\D\Documents\The Rolling Stones_06_She's A Rainbow.mp3
[2011/11/16 20:18:46 | 005,160,807 | ---- | M] () -- C:\Users\D\Documents\The Rolling Stones_04_2000 Man.mp3
[2011/11/16 20:18:45 | 007,909,006 | ---- | M] () -- C:\Users\D\Documents\The Rolling Stones_01_Undercover (Of The Night).mp3
[2011/11/16 20:18:45 | 005,943,760 | ---- | M] () -- C:\Users\D\Documents\The Rolling Stones_01_Sing This All Together.mp3
[2011/11/16 20:18:45 | 005,619,036 | ---- | M] () -- C:\Users\D\Documents\The Rolling Stones_02_02_Street Fighting Man.mp3
[2011/11/16 20:18:45 | 004,450,606 | ---- | M] () -- C:\Users\D\Documents\The Rolling Stones_02_Citadel.mp3
[2011/11/16 20:18:44 | 010,861,387 | ---- | M] () -- C:\Users\D\Documents\The ***** Problem_13_Witch.mp3
[2011/11/16 20:18:44 | 007,379,003 | ---- | M] () -- C:\Users\D\Documents\The ***** Problem_12_Omegaville.mp3
[2011/11/16 20:18:44 | 006,572,277 | ---- | M] () -- C:\Users\D\Documents\The Obsessed_10_Endless Circles.mp3
[2011/11/16 20:18:44 | 005,182,986 | ---- | M] () -- C:\Users\D\Documents\The ***** Problem_11_2 Inch Dick Mobile.mp3
[2011/11/16 20:18:44 | 003,784,083 | ---- | M] () -- C:\Users\D\Documents\The Obsessed_02_Bardo.mp3
[2011/11/16 20:18:44 | 002,967,303 | ---- | M] () -- C:\Users\D\Documents\The Rolling Stones_01_05_As Tears Go By.mp3
[2011/11/16 20:18:43 | 006,626,157 | ---- | M] () -- C:\Users\D\Documents\The ***** Problem_05_Miss Jones.mp3
[2011/11/16 20:18:43 | 005,020,325 | ---- | M] () -- C:\Users\D\Documents\The ***** Problem_06_Buzzing.mp3
[2011/11/16 20:18:43 | 004,753,514 | ---- | M] () -- C:\Users\D\Documents\The ***** Problem_10_Macarthur Park.mp3
[2011/11/16 20:18:43 | 003,357,673 | ---- | M] () -- C:\Users\D\Documents\The ***** Problem_08_Ghetto Godot.mp3
[2011/11/16 20:18:42 | 006,260,134 | ---- | M] () -- C:\Users\D\Documents\The ***** Problem_03_Submarine Down.mp3
[2011/11/16 20:18:42 | 005,736,568 | ---- | M] () -- C:\Users\D\Documents\The ***** Problem_01_Birdcage.mp3
[2011/11/16 20:18:42 | 004,676,440 | ---- | M] () -- C:\Users\D\Documents\The ***** Problem_02_If You Would Have Traveled On the 93 North Today.mp3
[2011/11/16 20:18:42 | 003,523,899 | ---- | M] () -- C:\Users\D\Documents\The Monkees_16_The Girl I Knew Somewhere.mp3
[2011/11/16 20:18:41 | 006,911,624 | ---- | M] () -- C:\Users\D\Documents\The Lemonheads_09_Don't Tell Yourself.mp3
[2011/11/16 20:18:41 | 006,495,194 | ---- | M] () -- C:\Users\D\Documents\The Lemonheads_11_Fed Up.mp3
[2011/11/16 20:18:41 | 004,027,590 | ---- | M] () -- C:\Users\D\Documents\The Lemonheads_07_Belt.mp3
[2011/11/16 20:18:41 | 003,440,784 | ---- | M] () -- C:\Users\D\Documents\The Lemonheads_10_Uhhh.mp3
[2011/11/16 20:18:40 | 004,114,753 | ---- | M] () -- C:\Users\D\Documents\The Lemonheads_02_3-9-4.mp3
[2011/11/16 20:18:40 | 003,798,206 | ---- | M] () -- C:\Users\D\Documents\The Lemonheads_01_I Don't Wanna.mp3
[2011/11/16 20:18:40 | 003,273,210 | ---- | M] () -- C:\Users\D\Documents\The Lemonheads_06_Amazing Grace.mp3
[2011/11/16 20:18:40 | 002,321,652 | ---- | M] () -- C:\Users\D\Documents\The Lemonheads_05_Sneakyville.mp3
[2011/11/16 20:18:39 | 012,448,152 | ---- | M] () -- C:\Users\D\Documents\The Jimi Hendrix Experience_09_Third Stone From The Sun.mp3
[2011/11/16 20:18:39 | 007,203,822 | ---- | M] () -- C:\Users\D\Documents\The Electric Flag_01_Spotlight.mp3
[2011/11/16 20:18:39 | 007,042,606 | ---- | M] () -- C:\Users\D\Documents\The Jimi Hendrix Experience_06_I Don't Live Today.mp3
[2011/11/16 20:18:39 | 006,189,863 | ---- | M] () -- C:\Users\D\Documents\The Doors_18_Moonlight Drive.mp3
[2011/11/16 20:18:38 | 004,875,089 | ---- | M] () -- C:\Users\D\Documents\The Doors_09_End Of The Night.mp3
[2011/11/16 20:18:38 | 004,682,106 | ---- | M] () -- C:\Users\D\Documents\The Doors_08_I Looked At You.mp3
[2011/11/16 20:18:37 | 007,987,338 | ---- | M] () -- C:\Users\D\Documents\The Doors_06_L'America.mp3
[2011/11/16 20:18:37 | 003,403,332 | ---- | M] () -- C:\Users\D\Documents\The Doors_04_Unhappy Girl.mp3
[2011/11/16 20:18:37 | 003,230,703 | ---- | M] () -- C:\Users\D\Documents\The Doors_05_Horse Latitudes.mp3
[2011/11/16 20:18:36 | 008,930,239 | ---- | M] () -- C:\Users\D\Documents\The Doors_01_The Changeling.mp3
[2011/11/16 20:18:36 | 006,591,914 | ---- | M] () -- C:\Users\D\Documents\The Church_12_Under The Milky Way.mp3
[2011/11/16 20:18:35 | 005,640,885 | ---- | M] () -- C:\Users\D\Documents\The 13th Floor Elevators_02_Slip Inside This House - Original (Original Single Edited Version).mp3
[2011/11/16 20:18:35 | 004,330,028 | ---- | M] () -- C:\Users\D\Documents\The Animals_04_San Franciscan Nights.mp3
[2011/11/16 20:18:34 | 005,642,464 | ---- | M] () -- C:\Users\D\Documents\T.S.O.L_09_Wash Away.mp3
[2011/11/16 20:18:34 | 005,294,257 | ---- | M] () -- C:\Users\D\Documents\T.S.O.L_11_Dance With Me.mp3
[2011/11/16 20:18:34 | 003,941,752 | ---- | M] () -- C:\Users\D\Documents\The 13th Floor Elevators_01_You're Gonna Miss Me - Original.mp3
[2011/11/16 20:18:33 | 005,274,402 | ---- | M] () -- C:\Users\D\Documents\T.S.O.L_04_Beneath The Shadows.mp3
[2011/11/16 20:18:33 | 003,180,334 | ---- | M] () -- C:\Users\D\Documents\T.S.O.L_05_I'm Tired Of Life.mp3
[2011/11/16 20:18:32 | 006,653,379 | ---- | M] () -- C:\Users\D\Documents\Super Heroines_19_Children Of The Light.mp3
[2011/11/16 20:18:32 | 006,536,970 | ---- | M] () -- C:\Users\D\Documents\T.S.O.L_01_Sounds Of Laughter.mp3
[2011/11/16 20:18:32 | 005,141,443 | ---- | M] () -- C:\Users\D\Documents\T.S.O.L_01_Soft Focus.mp3
[2011/11/16 20:18:32 | 004,321,497 | ---- | M] () -- C:\Users\D\Documents\T.S.O.L_03_She'll Be Saying.mp3
[2011/11/16 20:18:31 | 005,604,298 | ---- | M] () -- C:\Users\D\Documents\Super Heroines_10_Run From Reality.mp3
[2011/11/16 20:18:31 | 005,559,708 | ---- | M] () -- C:\Users\D\Documents\Super Heroines_07_Remember To Die.mp3
[2011/11/16 20:18:31 | 003,343,638 | ---- | M] () -- C:\Users\D\Documents\Super Heroines_05_I'm Not Here.mp3
[2011/11/16 20:18:30 | 016,567,267 | ---- | M] () -- C:\Users\D\Documents\Stray_01_01_All In Your Mind.mp3
[2011/11/16 20:18:30 | 012,850,513 | ---- | M] () -- C:\Users\D\Documents\Stray_01_08_Suicide.mp3
[2011/11/16 20:18:30 | 007,621,654 | ---- | M] () -- C:\Users\D\Documents\Super Heroines_03_Convicts.mp3
[2011/11/16 20:18:30 | 007,332,717 | ---- | M] () -- C:\Users\D\Documents\Stray_01_04_Yesterday's Promises.mp3
[2011/11/16 20:18:29 | 010,492,511 | ---- | M] () -- C:\Users\D\Documents\Sisters Of Mercy_05_When You Don't See Me.mp3
[2011/11/16 20:18:29 | 008,709,127 | ---- | M] () -- C:\Users\D\Documents\Sisters Of Mercy_04_Something Fast.mp3
[2011/11/16 20:18:29 | 008,558,712 | ---- | M] () -- C:\Users\D\Documents\Sleep_01_Dragonaut.mp3
[2011/11/16 20:18:29 | 006,619,419 | ---- | M] () -- C:\Users\D\Documents\Sisters Of Mercy_03_Detonation Boulevard.mp3
[2011/11/16 20:18:28 | 011,576,610 | ---- | M] () -- C:\Users\D\Documents\Seal_06_Don't Cry.mp3
[2011/11/16 20:18:28 | 010,141,214 | ---- | M] () -- C:\Users\D\Documents\Sisters Of Mercy_02_Ribbons.mp3
[2011/11/16 20:18:28 | 008,324,965 | ---- | M] () -- C:\Users\D\Documents\Sisters Of Mercy_01_Black Planet.mp3
[2011/11/16 20:18:28 | 008,033,517 | ---- | M] () -- C:\Users\D\Documents\Saint Vitus_09_War Is Our Destiny.mp3
[2011/11/16 20:18:27 | 011,226,597 | ---- | M] () -- C:\Users\D\Documents\Saint Vitus_01_Born Too Late.mp3
[2011/11/16 20:18:27 | 010,319,989 | ---- | M] () -- C:\Users\D\Documents\Saint Vitus_05_Bitter Truth.mp3
[2011/11/16 20:18:27 | 006,453,861 | ---- | M] () -- C:\Users\D\Documents\Rozz Williams_10_Days Of Glory.mp3
[2011/11/16 20:18:27 | 004,139,875 | ---- | M] () -- C:\Users\D\Documents\Saint Vitus_01_The Creeps.mp3
[2011/11/16 20:18:26 | 005,945,750 | ---- | M] () -- C:\Users\D\Documents\Rozz Williams_05_Nothing.mp3
[2011/11/16 20:18:26 | 005,944,419 | ---- | M] () -- C:\Users\D\Documents\Rozz Williams_04_Who's In Charge Here (Beneath The Triumph Of Shadows ).mp3
[2011/11/16 20:18:26 | 004,645,864 | ---- | M] () -- C:\Users\D\Documents\Rozz Williams_01_Neue Sachlichkeit.mp3
[2011/11/16 20:18:26 | 003,908,424 | ---- | M] () -- C:\Users\D\Documents\Rozz Williams_01_Love Lies.mp3
[2011/11/16 20:18:25 | 009,782,995 | ---- | M] () -- C:\Users\D\Documents\Rikk Agnew_10_Section 8.mp3
[2011/11/16 20:18:25 | 004,323,742 | ---- | M] () -- C:\Users\D\Documents\Rikk Agnew_08_It's Doing Something.mp3
[2011/11/16 20:18:25 | 003,389,457 | ---- | M] () -- C:\Users\D\Documents\Rikk Agnew_06_Falling Out.mp3
[2011/11/16 20:18:24 | 005,739,986 | ---- | M] () -- C:\Users\D\Documents\Rikk Agnew_04_Everyday.mp3
[2011/11/16 20:18:24 | 003,744,935 | ---- | M] () -- C:\Users\D\Documents\Rikk Agnew_02_10.mp3
[2011/11/16 20:18:23 | 004,157,569 | ---- | M] () -- C:\Users\D\Documents\Rikk Agnew's Yard Sale_13_Rip Off.mp3
[2011/11/16 20:18:23 | 003,513,538 | ---- | M] () -- C:\Users\D\Documents\Rikk Agnew_01_Cannon.mp3
[2011/11/16 20:18:22 | 007,682,943 | ---- | M] () -- C:\Users\D\Documents\Rikk Agnew's Yard Sale_03_Never Let Me Down Again.mp3
[2011/11/16 20:18:22 | 006,978,933 | ---- | M] () -- C:\Users\D\Documents\Rikk Agnew's Yard Sale_07_Feel For Me.mp3
[2011/11/16 20:18:21 | 006,710,294 | ---- | M] () -- C:\Users\D\Documents\Redd Kross_02_Play My Song.mp3
[2011/11/16 20:18:21 | 003,587,540 | ---- | M] () -- C:\Users\D\Documents\Rikk Agnew's Yard Sale_02_Another Day In Paradise.mp3
[2011/11/16 20:18:20 | 006,287,877 | ---- | M] () -- C:\Users\D\Documents\Red Lorry Yellow Lorry_01_Beating My Head (Album Version).mp3
[2011/11/16 20:18:20 | 005,617,898 | ---- | M] () -- C:\Users\D\Documents\Red Lorry Yellow Lorry_08_Strange Dream (Album Version).mp3
[2011/11/16 20:18:19 | 008,227,911 | ---- | M] () -- C:\Users\D\Documents\Ratt_07_Back For More.mp3
[2011/11/16 20:18:19 | 006,866,577 | ---- | M] () -- C:\Users\D\Documents\Ratt_08_The Morning After.mp3
[2011/11/16 20:18:18 | 007,928,590 | ---- | M] () -- C:\Users\D\Documents\Rainbow_01_Man On The Silver Mountain.mp3
[2011/11/16 20:18:18 | 007,366,320 | ---- | M] () -- C:\Users\D\Documents\Rainbow_07_Street Of Dreams.mp3
[2011/11/16 20:18:18 | 007,361,280 | ---- | M] () -- C:\Users\D\Documents\Rainbow_01_Long Live Rock N Roll.mp3
[2011/11/16 20:18:17 | 011,880,188 | ---- | M] () -- C:\Users\D\Documents\Quiet Riot_12_Slick Black Cadillac.mp3
[2011/11/16 20:18:17 | 010,282,678 | ---- | M] () -- C:\Users\D\Documents\R.E.M_08_Bang And Blame.mp3
[2011/11/16 20:18:17 | 008,585,725 | ---- | M] () -- C:\Users\D\Documents\R.E.M_01_What's The Frequency, Kenneth.mp3
[2011/11/16 20:18:16 | 010,808,447 | ---- | M] () -- C:\Users\D\Documents\Quiet Riot_11_Danger Zone.mp3
[2011/11/16 20:18:16 | 008,286,051 | ---- | M] () -- C:\Users\D\Documents\Quiet Riot_07_Run For Cover.mp3
[2011/11/16 20:18:16 | 003,831,676 | ---- | M] () -- C:\Users\D\Documents\Quiet Riot_08_Battle Axe.mp3
[2011/11/16 20:18:15 | 009,721,528 | ---- | M] () -- C:\Users\D\Documents\Quiet Riot_04_Slick Black Cadillac.mp3
[2011/11/16 20:18:15 | 009,370,052 | ---- | M] () -- C:\Users\D\Documents\Quiet Riot_03_Don't Wanna Let You Go.mp3
[2011/11/16 20:18:15 | 007,651,565 | ---- | M] () -- C:\Users\D\Documents\Quiet Riot_06_Metal Health (Bang Your Head).mp3
[2011/11/16 20:18:14 | 011,710,132 | ---- | M] () -- C:\Users\D\Documents\Quiet Riot_01_Metal Health (Bang Your Head).mp3
[2011/11/16 20:18:14 | 009,695,092 | ---- | M] () -- C:\Users\D\Documents\Prong_03_Rude Awakening.mp3
[2011/11/16 20:18:14 | 009,175,163 | ---- | M] () -- C:\Users\D\Documents\Plasmatics_17_Doom Song.mp3
[2011/11/16 20:18:14 | 007,043,424 | ---- | M] () -- C:\Users\D\Documents\Pickin' On Series_08_Shoot To Thrill.mp3
[2011/11/16 20:18:13 | 009,611,279 | ---- | M] () -- C:\Users\D\Documents\Ozzy Osbourne_01_07_Flying High Again.mp3
[2011/11/16 20:18:13 | 009,549,076 | ---- | M] () -- C:\Users\D\Documents\Ozzy Osbourne_01_10_Bark At The Moon.mp3
[2011/11/16 20:18:13 | 006,704,813 | ---- | M] () -- C:\Users\D\Documents\Ozzy Osbourne_01_09_Paranoid.mp3
[2011/11/16 20:18:12 | 011,168,599 | ---- | M] () -- C:\Users\D\Documents\Nosferatu_01_Witching Hour.mp3
[2011/11/16 20:18:12 | 010,008,710 | ---- | M] () -- C:\Users\D\Documents\Nosferatu_09_Graveyard Shift.mp3
[2011/11/16 20:18:11 | 007,299,019 | ---- | M] () -- C:\Users\D\Documents\Nirvana_10_Mr. Moustache.mp3
[2011/11/16 20:18:11 | 006,320,221 | ---- | M] () -- C:\Users\D\Documents\Nirvana_12_Big Cheese.mp3
[2011/11/16 20:18:11 | 003,716,382 | ---- | M] () -- C:\Users\D\Documents\Nirvana_13_Downer.mp3
[2011/11/16 20:18:10 | 006,119,650 | ---- | M] () -- C:\Users\D\Documents\Nirvana_07_Negative Creep.mp3
[2011/11/16 20:18:10 | 006,053,424 | ---- | M] () -- C:\Users\D\Documents\Nirvana_09_Swap Meet.mp3
[2011/11/16 20:18:09 | 007,539,952 | ---- | M] () -- C:\Users\D\Documents\Nirvana_05_Love Buzz.mp3
[2011/11/16 20:18:09 | 005,506,109 | ---- | M] () -- C:\Users\D\Documents\Nirvana_03_About a Girl.mp3
[2011/11/16 20:18:09 | 005,077,752 | ---- | M] () -- C:\Users\D\Documents\Nirvana_04_School.mp3
[2011/11/16 20:18:08 | 007,463,133 | ---- | M] () -- C:\Users\D\Documents\Nine Inch Nails_09_The Only Time.mp3
[2011/11/16 20:18:08 | 006,952,263 | ---- | M] () -- C:\Users\D\Documents\Nine Inch Nails_11_Get Down, Make Love.mp3
[2011/11/16 20:18:08 | 004,254,941 | ---- | M] () -- C:\Users\D\Documents\Nirvana_02_Floyd the Barber.mp3
[2011/11/16 20:18:07 | 008,933,648 | ---- | M] () -- C:\Users\D\Documents\Nine Inch Nails_04_Sanctified.mp3
[2011/11/16 20:18:07 | 008,498,731 | ---- | M] () -- C:\Users\D\Documents\Nine Inch Nails_05_Something I Can Never Have.mp3
[2011/11/16 20:18:07 | 007,779,954 | ---- | M] () -- C:\Users\D\Documents\Nine Inch Nails_06_Kinda I Want To.mp3
[2011/11/16 20:18:07 | 006,661,499 | ---- | M] () -- C:\Users\D\Documents\Nine Inch Nails_08_That's What I Get.mp3
[2011/11/16 20:18:06 | 012,040,803 | ---- | M] () -- C:\Users\D\Documents\My Bloody Valentine_11_Soon.mp3
[2011/11/16 20:18:06 | 010,672,120 | ---- | M] () -- C:\Users\D\Documents\My Bloody Valentine_10_What You Want.mp3
[2011/11/16 20:18:06 | 005,731,628 | ---- | M] () -- C:\Users\D\Documents\Nine Inch Nails_03_Down In It.mp3
[2011/11/16 20:18:05 | 011,711,477 | ---- | M] () -- C:\Users\D\Documents\My Bloody Valentine_06_I Only Said.mp3
[2011/11/16 20:18:05 | 007,248,093 | ---- | M] () -- C:\Users\D\Documents\My Bloody Valentine_07_Come In Alone.mp3
[2011/11/16 20:18:05 | 005,708,481 | ---- | M] () -- C:\Users\D\Documents\My Bloody Valentine_09_Blown A Wish.mp3
[2011/11/16 20:18:04 | 007,376,232 | ---- | M] () -- C:\Users\D\Documents\My Bloody Valentine_05_When You Sleep.mp3
[2011/11/16 20:18:04 | 005,526,191 | ---- | M] () -- C:\Users\D\Documents\My Bloody Valentine_02_Loomer.mp3
[2011/11/16 20:18:03 | 008,742,958 | ---- | M] () -- C:\Users\D\Documents\Motörhead_02_11_Motorhead.mp3
[2011/11/16 20:18:03 | 008,716,091 | ---- | M] () -- C:\Users\D\Documents\My Bloody Valentine_01_Only Shallow.mp3
[2011/11/16 20:18:03 | 005,090,251 | ---- | M] () -- C:\Users\D\Documents\Motörhead_05_Mean Machine.mp3
[2011/11/16 20:18:02 | 005,862,659 | ---- | M] () -- C:\Users\D\Documents\Motörhead_02_10_Bomber.mp3
[2011/11/16 20:18:02 | 005,027,252 | ---- | M] () -- C:\Users\D\Documents\Motörhead_02_04_The Hammer.mp3
[2011/11/16 20:18:01 | 006,067,741 | ---- | M] () -- C:\Users\D\Documents\Motörhead_01_Motorhead.mp3
[2011/11/16 20:18:01 | 004,780,123 | ---- | M] () -- C:\Users\D\Documents\Motörhead_01_08_Iron Fist.mp3
[2011/11/16 20:18:00 | 007,873,679 | ---- | M] () -- C:\Users\D\Documents\Motörhead_01_06_Killed By Death.mp3
[2011/11/16 20:18:00 | 006,103,290 | ---- | M] () -- C:\Users\D\Documents\Motörhead_01_08_(We Are) The Roadcrew.mp3
[2011/11/16 20:17:59 | 008,865,477 | ---- | M] () -- C:\Users\D\Documents\Loverboy_03_The Kid Is Hot Tonite.mp3
[2011/11/16 20:17:59 | 005,921,801 | ---- | M] () -- C:\Users\D\Documents\Lydia Lunch_03_The Closet.mp3
[2011/11/16 20:17:59 | 004,939,544 | ---- | M] () -- C:\Users\D\Documents\Motörhead_01_02_Stay Clean.mp3
[2011/11/16 20:17:58 | 007,433,396 | ---- | M] () -- C:\Users\D\Documents\Love and Rockets_10_Everybody Wants to Go to Heaven.mp3
[2011/11/16 20:17:58 | 006,907,357 | ---- | M] () -- C:\Users\D\Documents\Love and Rockets_12_Youth.mp3
[2011/11/16 20:17:58 | 005,479,356 | ---- | M] () -- C:\Users\D\Documents\Love and Rockets_13_Mirror People (Slow Version).mp3
[2011/11/16 20:17:57 | 005,122,406 | ---- | M] () -- C:\Users\D\Documents\Love and Rockets_09_Telephone Is Empty.mp3
[2011/11/16 20:17:57 | 004,687,266 | ---- | M] () -- C:\Users\D\Documents\Love and Rockets_08_Rain Bird.mp3
[2011/11/16 20:17:57 | 004,480,310 | ---- | M] () -- C:\Users\D\Documents\Love and Rockets_06_Lazy.mp3
[2011/11/16 20:17:56 | 013,649,906 | ---- | M] () -- C:\Users\D\Documents\Love and Rockets_06_Haunted When the Minutes Drag.mp3
[2011/11/16 20:17:56 | 004,662,139 | ---- | M] () -- C:\Users\D\Documents\Love and Rockets_05_Here on Earth.mp3
[2011/11/16 20:17:55 | 010,927,259 | ---- | M] () -- C:\Users\D\Documents\Love and Rockets_03_The Dog-End of a Day Gone By.mp3
[2011/11/16 20:17:55 | 006,001,380 | ---- | M] () -- C:\Users\D\Documents\Love and Rockets_02_Light.mp3
[2011/11/16 20:17:55 | 005,162,362 | ---- | M] () -- C:\Users\D\Documents\Love and Rockets_03_Welcome Tomorrow.mp3
[2011/11/16 20:17:54 | 011,142,377 | ---- | M] () -- C:\Users\D\Documents\Lords Of The New Church_01_07_Pretty Baby Scream.mp3
[2011/11/16 20:17:54 | 007,359,638 | ---- | M] () -- C:\Users\D\Documents\Love and Rockets_02_It Could Be Sunshine.mp3
[2011/11/16 20:17:53 | 008,444,371 | ---- | M] () -- C:\Users\D\Documents\Led Zeppelin_09_Bron-Y-Aur Stomp.mp3
[2011/11/16 20:17:53 | 007,322,532 | ---- | M] () -- C:\Users\D\Documents\Lords Of The New Church_01_02_Livin' On Livin'.mp3
[2011/11/16 20:17:53 | 003,477,332 | ---- | M] () -- C:\Users\D\Documents\Lemmy - Slim Jim - Danny B_06_Well… All Right.mp3
[2011/11/16 20:17:52 | 010,161,838 | ---- | M] () -- C:\Users\D\Documents\Led Zeppelin_06_Gallows Pole.mp3
[2011/11/16 20:17:52 | 009,871,779 | ---- | M] () -- C:\Users\D\Documents\Led Zeppelin_08_That's The Way.mp3
[2011/11/16 20:17:52 | 006,081,772 | ---- | M] () -- C:\Users\D\Documents\Led Zeppelin_07_Tangerine.mp3
[2011/11/16 20:17:51 | 014,258,603 | ---- | M] () -- C:\Users\D\Documents\Led Zeppelin_04_Since I've Been Loving You.mp3
[2011/11/16 20:17:51 | 007,279,313 | ---- | M] () -- C:\Users\D\Documents\Led Zeppelin_02_Friends.mp3
[2011/11/16 20:17:51 | 005,244,259 | ---- | M] () -- C:\Users\D\Documents\Led Zeppelin_01_Immigrant Song.mp3
[2011/11/16 20:17:51 | 004,627,894 | ---- | M] () -- C:\Users\D\Documents\Leafhound_07_Growers of Mushroom.mp3
[2011/11/16 20:17:50 | 017,557,290 | ---- | M] () -- C:\Users\D\Documents\Leafhound_04_Work My Body.mp3
[2011/11/16 20:17:50 | 008,162,463 | ---- | M] () -- C:\Users\D\Documents\Leafhound_06_With a Minute to Go.mp3
[2011/11/16 20:17:50 | 007,653,429 | ---- | M] () -- C:\Users\D\Documents\Leafhound_05_Stray.mp3
[2011/11/16 20:17:50 | 006,572,684 | ---- | M] () -- C:\Users\D\Documents\Leafhound_01_Freelance Fiend.mp3
[2011/11/16 20:17:49 | 006,959,031 | ---- | M] () -- C:\Users\D\Documents\L.A. Guns_20_Rip N Tear.mp3
[2011/11/16 20:17:49 | 005,915,060 | ---- | M] () -- C:\Users\D\Documents\L.A. Guns_19_Give A Little.mp3
[2011/11/16 20:17:49 | 004,752,381 | ---- | M] () -- C:\Users\D\Documents\L.A. Guns_17_Disbelief.mp3
[2011/11/16 20:17:48 | 006,928,189 | ---- | M] () -- C:\Users\D\Documents\L.A. Guns_12_Face Down.mp3
[2011/11/16 20:17:48 | 006,864,228 | ---- | M] () -- C:\Users\D\Documents\L.A. Guns_11_Never Enough.mp3
[2011/11/16 20:17:48 | 005,953,875 | ---- | M] () -- C:\Users\D\Documents\L.A. Guns_15_Kiss My Love Goodbye.mp3
[2011/11/16 20:17:48 | 001,695,201 | ---- | M] () -- C:\Users\D\Documents\L.A. Guns_16_Letting Go.mp3
[2011/11/16 20:17:47 | 009,992,982 | ---- | M] () -- C:\Users\D\Documents\L.A. Guns_07_Over The Edge.mp3
[2011/11/16 20:17:47 | 007,207,308 | ---- | M] () -- C:\Users\D\Documents\L.A. Guns_09_Time.mp3
[2011/11/16 20:17:47 | 005,781,888 | ---- | M] () -- C:\Users\D\Documents\L.A. Guns_10_Long Time Dead.mp3
[2011/11/16 20:17:47 | 004,120,528 | ---- | M] () -- C:\Users\D\Documents\L.A. Guns_06_Nothing Better To Do.mp3
[2011/11/16 20:17:46 | 006,275,940 | ---- | M] () -- C:\Users\D\Documents\L.A. Guns_02_Sex Action.mp3
[2011/11/16 20:17:46 | 006,166,583 | ---- | M] () -- C:\Users\D\Documents\L.A. Guns_01_Slap In The Face.mp3
[2011/11/16 20:17:46 | 006,117,284 | ---- | M] () -- C:\Users\D\Documents\L.A. Guns_04_Electric Gypsy.mp3
[2011/11/16 20:17:45 | 011,829,596 | ---- | M] () -- C:\Users\D\Documents\Korn_06_Faget.mp3
[2011/11/16 20:17:45 | 005,825,459 | ---- | M] () -- C:\Users\D\Documents\Kiss_09_Plaster Caster.mp3
[2011/11/16 20:17:45 | 005,099,742 | ---- | M] () -- C:\Users\D\Documents\Kiss_10_Then She Kissed Me.mp3
[2011/11/16 20:17:44 | 006,496,286 | ---- | M] () -- C:\Users\D\Documents\Kiss_07_Watchin' You.mp3
[2011/11/16 20:17:44 | 006,276,704 | ---- | M] () -- C:\Users\D\Documents\Kiss_08_Mainline.mp3
[2011/11/16 20:17:44 | 004,312,148 | ---- | M] () -- C:\Users\D\Documents\Kiss_09_Comin' Home.mp3
[2011/11/16 20:17:43 | 006,504,358 | ---- | M] () -- C:\Users\D\Documents\Kiss_04_Shock Me.mp3
[2011/11/16 20:17:43 | 005,564,599 | ---- | M] () -- C:\Users\D\Documents\Kiss_06_All The Way.mp3
[2011/11/16 20:17:43 | 005,516,702 | ---- | M] () -- C:\Users\D\Documents\Kiss_06_Love Gun.mp3
[2011/11/16 20:17:43 | 005,067,382 | ---- | M] () -- C:\Users\D\Documents\Kiss_07_Hooligan.mp3
[2011/11/16 20:17:42 | 006,015,521 | ---- | M] () -- C:\Users\D\Documents\Kiss_03_Goin' Blind.mp3
[2011/11/16 20:17:42 | 005,935,038 | ---- | M] () -- C:\Users\D\Documents\Kiss_04_Hotter Than Hell.mp3
[2011/11/16 20:17:42 | 005,782,669 | ---- | M] () -- C:\Users\D\Documents\Kiss_03_Got Love For Sale.mp3
[2011/11/16 20:17:42 | 004,628,893 | ---- | M] () -- C:\Users\D\Documents\Kiss_04_Getaway.mp3
[2011/11/16 20:17:41 | 010,675,808 | ---- | M] () -- C:\Users\D\Documents\King Diamond_08_Abigail.mp3
[2011/11/16 20:17:41 | 006,428,812 | ---- | M] () -- C:\Users\D\Documents\Kiss_01_Got To Choose.mp3
[2011/11/16 20:17:41 | 005,222,149 | ---- | M] () -- C:\Users\D\Documents\Kiss_02_Parasite.mp3
[2011/11/16 20:17:41 | 005,175,638 | ---- | M] () -- C:\Users\D\Documents\Kiss_01_I Stole Your Love.mp3
[2011/11/16 20:17:40 | 013,822,243 | ---- | M] () -- C:\Users\D\Documents\Judas Priest_13_Starbreaker.mp3
[2011/11/16 20:17:40 | 010,647,206 | ---- | M] () -- C:\Users\D\Documents\King Diamond_03_A Mansion In Darkness.mp3
[2011/11/16 20:17:40 | 006,485,476 | ---- | M] () -- C:\Users\D\Documents\Juliana Hatfield_08_Outsider.mp3
[2011/11/16 20:17:40 | 006,040,625 | ---- | M] () -- C:\Users\D\Documents\Juliana Hatfield_11_Hotels.mp3
[2011/11/16 20:17:39 | 016,828,848 | ---- | M] () -- C:\Users\D\Documents\Judas Priest_08_Genocide.mp3
[2011/11/16 20:17:39 | 009,324,181 | ---- | M] () -- C:\Users\D\Documents\Judas Priest_11_Delivering The Goods.mp3
[2011/11/16 20:17:39 | 007,827,624 | ---- | M] () -- C:\Users\D\Documents\Judas Priest_10_Rock Forever.mp3
[2011/11/16 20:17:39 | 006,292,853 | ---- | M] () -- C:\Users\D\Documents\Judas Priest_12_Hell Bent For Leather.mp3
[2011/11/16 20:17:38 | 015,938,200 | ---- | M] () -- C:\Users\D\Documents\Judas Priest_07_Victim Of Changes.mp3
[2011/11/16 20:17:38 | 010,705,106 | ---- | M] () -- C:\Users\D\Documents\Judas Priest_06_Saints In Hell.mp3
[2011/11/16 20:17:38 | 009,259,031 | ---- | M] () -- C:\Users\D\Documents\Judas Priest_05_Desert Plains.mp3
[2011/11/16 20:17:38 | 007,568,752 | ---- | M] () -- C:\Users\D\Documents\Judas Priest_05_The Green Manalishi (With The Two Pronged Crown).mp3
[2011/11/16 20:17:37 | 017,343,236 | ---- | M] () -- C:\Users\D\Documents\Judas Priest_03_Sinner.mp3
[2011/11/16 20:17:37 | 011,887,034 | ---- | M] () -- C:\Users\D\Documents\Judas Priest_01_Victim of Changes.mp3
[2011/11/16 20:17:37 | 011,526,188 | ---- | M] () -- C:\Users\D\Documents\Judas Priest_01_Exciter.mp3
[2011/11/16 20:17:37 | 006,105,464 | ---- | M] () -- C:\Users\D\Documents\Judas Priest_04_The Ripper.mp3
[2011/11/16 20:17:37 | 004,130,995 | ---- | M] () -- C:\Users\D\Documents\Judas Priest_02_Ripper.mp3
[2011/11/16 20:17:36 | 006,391,888 | ---- | M] () -- C:\Users\D\Documents\Journey_06_Where Were You.mp3
[2011/11/16 20:17:36 | 006,016,364 | ---- | M] () -- C:\Users\D\Documents\Journey_04_City Of The Angels.mp3
[2011/11/16 20:17:36 | 005,923,803 | ---- | M] () -- C:\Users\D\Documents\Jimi Hendrix Experience_04_Wait Until Tomorrow.mp3
[2011/11/16 20:17:36 | 004,999,828 | ---- | M] () -- C:\Users\D\Documents\Joan Jett and the Blackhearts_10_Jezebel.mp3
[2011/11/16 20:17:35 | 011,733,768 | ---- | M] () -- C:\Users\D\Documents\Iron Monkey_04_666 Pack.mp3
[2011/11/16 20:17:35 | 010,930,422 | ---- | M] () -- C:\Users\D\Documents\Iron Maiden_11_Drifter.mp3
[2011/11/16 20:17:35 | 010,539,084 | ---- | M] () -- C:\Users\D\Documents\Irish Coffee_02_The Beginning of the End.mp3
[2011/11/16 20:17:35 | 010,377,079 | ---- | M] () -- C:\Users\D\Documents\Intronaut_01_A Monolithic Vulgarity.mp3
[2011/11/16 20:17:34 | 011,308,643 | ---- | M] () -- C:\Users\D\Documents\Iggy And The Stooges_06_I Need Somebody.mp3
[2011/11/16 20:17:34 | 009,928,821 | ---- | M] () -- C:\Users\D\Documents\Impaler_01_Intro.mp3
[2011/11/16 20:17:34 | 008,333,864 | ---- | M] () -- C:\Users\D\Documents\Iggy And The Stooges_02_Gimme Danger.mp3
[2011/11/16 20:17:34 | 002,140,735 | ---- | M] () -- C:\Users\D\Documents\Ill Repute_01_Oxnard.mp3
[2011/11/16 20:17:33 | 010,496,753 | ---- | M] () -- C:\Users\D\Documents\Guns N' Roses_08_One In A Million.mp3
[2011/11/16 20:17:33 | 009,999,549 | ---- | M] () -- C:\Users\D\Documents\Hawkwind_01_Silver Machine.mp3
[2011/11/16 20:17:33 | 008,641,671 | ---- | M] () -- C:\Users\D\Documents\Heart_01_City's Burning.mp3
[2011/11/16 20:17:32 | 009,605,370 | ---- | M] () -- C:\Users\D\Documents\Guns N' Roses_05_Patience.mp3
[2011/11/16 20:17:32 | 006,709,815 | ---- | M] () -- C:\Users\D\Documents\Guns N' Roses_04_Mama Kin.mp3
[2011/11/16 20:17:32 | 005,707,735 | ---- | M] () -- C:\Users\D\Documents\Guns N' Roses_06_Used To Love Her.mp3
[2011/11/16 20:17:31 | 011,372,003 | ---- | M] () -- C:\Users\D\Documents\Foghat_01_Stone Blue.mp3
[2011/11/16 20:17:31 | 009,074,945 | ---- | M] () -- C:\Users\D\Documents\Foghat_01_I Just Want To Make Love To You.mp3
[2011/11/16 20:17:31 | 006,432,681 | ---- | M] () -- C:\Users\D\Documents\Guns N' Roses_03_Move To The City.mp3
[2011/11/16 20:17:31 | 005,848,631 | ---- | M] () -- C:\Users\D\Documents\Guns N' Roses_01_Reckless Life.mp3
[2011/11/16 20:17:31 | 003,876,500 | ---- | M] () -- C:\Users\D\Documents\Gitane DeMone_01_Angel In My Head.mp3
[2011/11/16 20:17:30 | 009,930,708 | ---- | M] () -- C:\Users\D\Documents\Foghat_01_Fool For The City.mp3
[2011/11/16 20:17:30 | 009,054,122 | ---- | M] () -- C:\Users\D\Documents\Fleetwood Mac_11_I'm So Afraid.mp3
[2011/11/16 20:17:30 | 008,432,245 | ---- | M] () -- C:\Users\D\Documents\Fleetwood Mac_09_World Turning.mp3
[2011/11/16 20:17:30 | 007,719,261 | ---- | M] () -- C:\Users\D\Documents\Fleetwood Mac_10_Sugar Daddy.mp3
[2011/11/16 20:17:30 | 005,897,238 | ---- | M] () -- C:\Users\D\Documents\Fleetwood Mac_09_I Don't Want To Know.mp3
[2011/11/16 20:17:29 | 008,352,801 | ---- | M] () -- C:\Users\D\Documents\Fleetwood Mac_07_The Chain.mp3
[2011/11/16 20:17:29 | 008,170,525 | ---- | M] () -- C:\Users\D\Documents\Fleetwood Mac_07_Say You Love Me.mp3
[2011/11/16 20:17:29 | 007,043,892 | ---- | M] () -- C:\Users\D\Documents\Fleetwood Mac_05_Go Your Own Way.mp3
[2011/11/16 20:17:29 | 005,505,103 | ---- | M] () -- C:\Users\D\Documents\Fleetwood Mac_06_Songbird.mp3
[2011/11/16 20:17:29 | 005,457,114 | ---- | M] () -- C:\Users\D\Documents\Fleetwood Mac_08_Landslide.mp3
[2011/11/16 20:17:28 | 007,479,228 | ---- | M] () -- C:\Users\D\Documents\Fleetwood Mac_04_Rhiannon.mp3
[2011/11/16 20:17:28 | 006,831,501 | ---- | M] () -- C:\Users\D\Documents\Fleetwood Mac_02_Warm Ways.mp3
[2011/11/16 20:17:28 | 006,787,372 | ---- | M] () -- C:\Users\D\Documents\Fleetwood Mac_04_Don't Stop.mp3
[2011/11/16 20:17:28 | 005,449,230 | ---- | M] () -- C:\Users\D\Documents\Fleetwood Mac_03_Blue Letter.mp3
[2011/11/16 20:17:27 | 014,172,039 | ---- | M] () -- C:\Users\D\Documents\Faster *****cat_01_Nonstop To Nowhere.mp3
[2011/11/16 20:17:27 | 011,825,066 | ---- | M] () -- C:\Users\D\Documents\Electric Wizard_04_Barbarian.mp3
[2011/11/16 20:17:27 | 007,456,562 | ---- | M] () -- C:\Users\D\Documents\Fleetwood Mac_02_Dreams.mp3
[2011/11/16 20:17:27 | 007,343,919 | ---- | M] () -- C:\Users\D\Documents\Faster *****cat_01_Don't Change That Song.mp3
[2011/11/16 20:17:26 | 014,109,770 | ---- | M] () -- C:\Users\D\Documents\Earth_02_Geometry of Murder.mp3
[2011/11/16 20:17:26 | 009,975,219 | ---- | M] () -- C:\Users\D\Documents\Dokken_04_Just Got Lucky.mp3
[2011/11/16 20:17:26 | 007,839,303 | ---- | M] () -- C:\Users\D\Documents\Dokken_01_Breaking The Chains.mp3
[2011/11/16 20:17:25 | 006,564,375 | ---- | M] () -- C:\Users\D\Documents\Devo_11_Freedom Of Choice.mp3
[2011/11/16 20:17:25 | 006,252,776 | ---- | M] () -- C:\Users\D\Documents\Devo_08_Puppet Boy.mp3
[2011/11/16 20:17:24 | 006,326,065 | ---- | M] () -- C:\Users\D\Documents\Devo_06_Here To Go.mp3
[2011/11/16 20:17:24 | 003,765,383 | ---- | M] () -- C:\Users\D\Documents\Devo_07_Too Much Paranoias.mp3
[2011/11/16 20:17:23 | 006,948,882 | ---- | M] () -- C:\Users\D\Documents\Devo_05_Mongoloid.mp3
[2011/11/16 20:17:23 | 006,144,640 | ---- | M] () -- C:\Users\D\Documents\Devo_02_Through Being Cool.mp3
[2011/11/16 20:17:22 | 006,479,550 | ---- | M] () -- C:\Users\D\Documents\Devo_01_Uncontrollable Urge.mp3
[2011/11/16 20:17:22 | 004,127,948 | ---- | M] () -- C:\Users\D\Documents\Delaney & Bonnie_12_I've Just Been Feeling Bad.mp3
[2011/11/16 20:17:21 | 006,652,857 | ---- | M] () -- C:\Users\D\Documents\Delaney & Bonnie_02_Someday.mp3
[2011/11/16 20:17:20 | 004,711,166 | ---- | M] () -- C:\Users\D\Documents\Delaney & Bonnie_01_Get Ourselves Together.mp3
[2011/11/16 20:17:20 | 004,274,125 | ---- | M] () -- C:\Users\D\Documents\Delaney & Bonnie_01_A Long Road Ahead.mp3
[2011/11/16 20:17:19 | 005,997,767 | ---- | M] () -- C:\Users\D\Documents\Deicide_06_Homage For Satan.mp3
[2011/11/16 20:17:18 | 008,502,714 | ---- | M] () -- C:\Users\D\Documents\Deep Purple_07_Space Truckin'.mp3
[2011/11/16 20:17:18 | 005,946,418 | ---- | M] () -- C:\Users\D\Documents\Deep Purple_07_Love Child.mp3
[2011/11/16 20:17:17 | 010,760,813 | ---- | M] () -- C:\Users\D\Documents\Deep Purple_05_Smoke On The Water.mp3
[2011/11/16 20:17:17 | 008,416,700 | ---- | M] () -- C:\Users\D\Documents\Deep Purple_05_I Need Love.mp3
[2011/11/16 20:17:17 | 008,186,213 | ---- | M] () -- C:\Users\D\Documents\Deep Purple_06_The Drifter.mp3
[2011/11/16 20:17:16 | 007,524,221 | ---- | M] () -- C:\Users\D\Documents\Deep Purple_04_Never Before.mp3
[2011/11/16 20:17:16 | 007,340,025 | ---- | M] () -- C:\Users\D\Documents\Deep Purple_03_Gettin' Tighter.mp3
[2011/11/16 20:17:15 | 008,930,356 | ---- | M] () -- C:\Users\D\Documents\Deep Purple_02_Maybe I'm A Leo.mp3
[2011/11/16 20:17:15 | 007,766,669 | ---- | M] () -- C:\Users\D\Documents\Deep Purple_01_Comin' Home.mp3
[2011/11/16 20:17:15 | 005,791,024 | ---- | M] () -- C:\Users\D\Documents\Deep Purple_02_Lady Luck.mp3
[2011/11/16 20:17:14 | 010,211,746 | ---- | M] () -- C:\Users\D\Documents\Death Ride 69_13_Long Dirty Needle.mp3
[2011/11/16 20:17:14 | 010,028,023 | ---- | M] () -- C:\Users\D\Documents\Dead Kennedys_12_I am the Owl.mp3
[2011/11/16 20:17:14 | 009,325,518 | ---- | M] () -- C:\Users\D\Documents\Dead Kennedys_14_Moon Over Marin.mp3
[2011/11/16 20:17:14 | 007,894,487 | ---- | M] () -- C:\Users\D\Documents\Death Ride 69_09_Sinister Fetish.mp3
[2011/11/16 20:17:13 | 010,920,272 | ---- | M] () -- C:\Users\D\Documents\Dead Kennedys_10_Riot.mp3
[2011/11/16 20:17:13 | 007,250,395 | ---- | M] () -- C:\Users\D\Documents\David J_01_I'll Be Your Chauffeur.mp3
[2011/11/16 20:17:13 | 004,101,511 | ---- | M] () -- C:\Users\D\Documents\David Bowie_27_Space Oddity.mp3
[2011/11/16 20:17:12 | 013,917,683 | ---- | M] () -- C:\Users\D\Documents\Cult Of Luna_01_Owlwood.mp3
[2011/11/16 20:17:12 | 006,833,077 | ---- | M] () -- C:\Users\D\Documents\Cypress Hill_08_Lil' Putos.mp3
[2011/11/16 20:17:12 | 004,358,498 | ---- | M] () -- C:\Users\D\Documents\Cypress Hill_01_Pigs.mp3
[2011/11/16 20:17:12 | 003,237,440 | ---- | M] () -- C:\Users\D\Documents\Christopher O'Riley_10_oh well, okay.mp3
[2011/11/16 20:17:11 | 005,890,901 | ---- | M] () -- C:\Users\D\Documents\Christian Death_10_Desperate Hell.mp3
[2011/11/16 20:17:11 | 005,859,331 | ---- | M] () -- C:\Users\D\Documents\Christian Death_08_As Evening Falls.mp3
[2011/11/16 20:17:10 | 010,462,410 | ---- | M] () -- C:\Users\D\Documents\Christian Death_02_Sleepwalk.mp3
[2011/11/16 20:17:10 | 009,161,725 | ---- | M] () -- C:\Users\D\Documents\Christian Death_05_Erection.mp3
[2011/11/16 20:17:10 | 005,931,008 | ---- | M] () -- C:\Users\D\Documents\Christian Death_03_The Drowning.mp3
[2011/11/16 20:17:09 | 007,795,753 | ---- | M] () -- C:\Users\D\Documents\Christian Death_01_Awake at the Wall.mp3
[2011/11/16 20:17:09 | 005,350,070 | ---- | M] () -- C:\Users\D\Documents\Celebrity Skin_01_S.O.S.mp3
[2011/11/16 20:17:09 | 003,940,620 | ---- | M] () -- C:\Users\D\Documents\Celebrity Skin_02_Clown Scare.mp3
[2011/11/16 20:17:08 | 017,698,641 | ---- | M] () -- C:\Users\D\Documents\Burning Witch_02_01_Warning Signs.mp3
[2011/11/16 20:17:08 | 006,492,936 | ---- | M] () -- C:\Users\D\Documents\Cat Stevens_07_Peace Train.mp3
[2011/11/16 20:17:08 | 004,943,212 | ---- | M] () -- C:\Users\D\Documents\Cat Stevens_01_Wild World.mp3
[2011/11/16 20:17:07 | 015,363,625 | ---- | M] () -- C:\Users\D\Documents\Burning Witch_01_01_Sacred Predictions.mp3
[2011/11/16 20:17:07 | 007,322,767 | ---- | M] () -- C:\Users\D\Documents\Blue Oyster Cult_08_Cities On Flame With Rock And Roll.mp3
[2011/11/16 20:17:07 | 005,508,411 | ---- | M] () -- C:\Users\D\Documents\Blue Oyster Cult_06_Screams.mp3
[2011/11/16 20:17:06 | 010,344,456 | ---- | M] () -- C:\Users\D\Documents\Blonde Redhead_10_Pink Love.mp3
[2011/11/16 20:17:06 | 006,127,165 | ---- | M] () -- C:\Users\D\Documents\Blonde Redhead_11_Equus.mp3
[2011/11/16 20:17:06 | 005,666,440 | ---- | M] () -- C:\Users\D\Documents\Blonde Redhead_07_Anticipation.mp3
[2011/11/16 20:17:06 | 003,778,739 | ---- | M] () -- C:\Users\D\Documents\Blonde Redhead_09_Magic Mountain.mp3
[2011/11/16 20:17:05 | 007,988,924 | ---- | M] () -- C:\Users\D\Documents\Blonde Redhead_05_Misery Is a Butterfly.mp3
[2011/11/16 20:17:05 | 005,339,328 | ---- | M] () -- C:\Users\D\Documents\Blonde Redhead_02_Messenger.mp3
[2011/11/16 20:17:05 | 005,213,958 | ---- | M] () -- C:\Users\D\Documents\Blonde Redhead_06_Falling Man.mp3
[2011/11/16 20:17:04 | 010,023,296 | ---- | M] () -- C:\Users\D\Documents\Black Sabbath_08_Falling Off The Edge Of The World.mp3
[2011/11/16 20:17:04 | 008,096,468 | ---- | M] () -- C:\Users\D\Documents\Black Sabbath_07_Slipping Away.mp3
[2011/11/16 20:17:04 | 007,879,435 | ---- | M] () -- C:\Users\D\Documents\Blonde Redhead_01_Elephant Woman.mp3
[2011/11/16 20:17:04 | 007,089,992 | ---- | M] () -- C:\Users\D\Documents\Black Sabbath_05_The Mob Rules.mp3
[2011/11/16 20:17:03 | 015,326,062 | ---- | M] () -- C:\Users\D\Documents\Black Sabbath_03_The Sign Of The Southern Cross.mp3
[2011/11/16 20:17:03 | 009,498,995 | ---- | M] () -- C:\Users\D\Documents\Black Sabbath_02_Voodoo.mp3
[2011/11/16 20:17:03 | 008,538,176 | ---- | M] () -- C:\Users\D\Documents\Bee Gees_08_Subway.mp3
[2011/11/16 20:17:03 | 008,146,665 | ---- | M] () -- C:\Users\D\Documents\Black Sabbath_01_Turn Up The Night.mp3
[2011/11/16 20:17:02 | 008,198,589 | ---- | M] () -- C:\Users\D\Documents\Bee Gees_01_You Should Be Dancing.mp3
[2011/11/16 20:17:02 | 007,067,511 | ---- | M] () -- C:\Users\D\Documents\Bee Gees_03_Jive Talkin'.mp3
[2011/11/16 20:17:02 | 006,809,987 | ---- | M] () -- C:\Users\D\Documents\Bee Gees_06_Night Fever.mp3
[2011/11/16 20:17:02 | 004,888,499 | ---- | M] () -- C:\Users\D\Documents\Bad Religion_06_Land Of Competition.mp3
[2011/11/16 20:17:01 | 008,657,343 | ---- | M] () -- C:\Users\D\Documents\Anthrax_02_Caught In A Mosh.mp3
[2011/11/16 20:17:01 | 007,889,671 | ---- | M] () -- C:\Users\D\Documents\Anthrax_02_Lone Justice.mp3
[2011/11/16 20:17:01 | 007,880,937 | ---- | M] () -- C:\Users\D\Documents\Anthrax_08_Medusa.mp3
[2011/11/16 20:17:00 | 010,913,925 | ---- | M] () -- C:\Users\D\Documents\Alice In Chains_05_Sickman.mp3
[2011/11/16 20:17:00 | 010,653,722 | ---- | M] () -- C:\Users\D\Documents\Alice In Chains_07_Junkhead.mp3
[2011/11/16 20:17:00 | 009,768,253 | ---- | M] () -- C:\Users\D\Documents\Anthrax_01_A.I.R.mp3
[2011/11/16 20:16:59 | 012,553,201 | ---- | M] () -- C:\Users\D\Documents\Alice In Chains_03_Rain When I Die.mp3
[2011/11/16 20:16:59 | 007,278,993 | ---- | M] () -- C:\Users\D\Documents\Alice Cooper_10_Vicious Rumours.mp3
[2011/11/16 20:16:58 | 007,056,004 | ---- | M] () -- C:\Users\D\Documents\Alice Cooper_08_You Look Good In Rags.mp3
[2011/11/16 20:16:58 | 006,065,758 | ---- | M] () -- C:\Users\D\Documents\Alice Cooper_07_You Want It, You Got It.mp3
[2011/11/16 20:16:57 | 008,228,900 | ---- | M] () -- C:\Users\D\Documents\Alice Cooper_05_Generation Landslide '81.mp3
[2011/11/16 20:16:57 | 006,776,332 | ---- | M] () -- C:\Users\D\Documents\Alice Cooper_03_Prettiest Cop On The Block.mp3
[2011/11/16 20:16:57 | 006,726,875 | ---- | M] () -- C:\Users\D\Documents\Alice Cooper_06_Skeletons In The Closet.mp3
[2011/11/16 20:16:56 | 008,575,576 | ---- | M] () -- C:\Users\D\Documents\Alice Cooper_01_Who Do You Think We Are.mp3
[2011/11/16 20:16:56 | 005,560,239 | ---- | M] () -- C:\Users\D\Documents\Alice Cooper_02_Seven & Seven Is.mp3
[2011/11/16 20:16:55 | 010,114,833 | ---- | M] () -- C:\Users\D\Documents\Aldo Nova_06_Monkey On Your Back.mp3
[2011/11/16 20:16:55 | 008,382,589 | ---- | M] () -- C:\Users\D\Documents\Aldo Nova_03_Ball And Chain.mp3
[2011/11/16 20:16:54 | 011,345,067 | ---- | M] () -- C:\Users\D\Documents\Accept_01_Balls To The Wall.mp3
[2011/11/16 20:16:54 | 011,022,583 | ---- | M] () -- C:\Users\D\Documents\Aldo Nova_01_Fantasy.mp3
[2011/11/16 20:16:54 | 009,157,188 | ---- | M] () -- C:\Users\D\Documents\Accept_02_Restless And Wild.mp3
[2011/11/16 20:12:46 | 000,005,646 | -HS- | M] () -- C:\Users\D\Documents\Folder.jpg
[2011/11/16 20:12:46 | 000,005,646 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{F34EBB0D-870A-4933-9548-1022A705F739}_Large.jpg
[2011/11/16 20:12:46 | 000,001,818 | -HS- | M] () -- C:\Users\D\Documents\AlbumArtSmall.jpg
[2011/11/16 20:12:46 | 000,001,818 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{F34EBB0D-870A-4933-9548-1022A705F739}_Small.jpg
[2011/11/16 20:11:21 | 000,010,891 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{656D9571-0D2C-4723-B00C-FF298BFD196E}_Large.jpg
[2011/11/16 20:11:21 | 000,002,623 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{656D9571-0D2C-4723-B00C-FF298BFD196E}_Small.jpg
[2011/11/16 20:10:49 | 000,009,190 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{77F7BD85-80C4-4FF8-B5F8-03191902D312}_Large.jpg
[2011/11/16 20:10:41 | 000,002,310 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{77F7BD85-80C4-4FF8-B5F8-03191902D312}_Small.jpg
[2011/11/16 20:10:20 | 000,007,037 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{71754499-BA40-4C3B-A0A2-A754493D81AD}_Large.jpg
[2011/11/16 20:10:20 | 000,001,933 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{71754499-BA40-4C3B-A0A2-A754493D81AD}_Small.jpg
[2011/11/16 20:09:50 | 000,008,804 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{1716BB60-4A34-4E3C-BE7C-4F7AC8405663}_Large.jpg
[2011/11/16 20:09:50 | 000,002,189 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{1716BB60-4A34-4E3C-BE7C-4F7AC8405663}_Small.jpg
[2011/11/16 20:09:00 | 000,006,099 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{7BD32E7C-F48D-4404-9247-726B98FA1342}_Large.jpg
[2011/11/16 20:09:00 | 000,001,836 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{7BD32E7C-F48D-4404-9247-726B98FA1342}_Small.jpg
[2011/11/16 20:06:35 | 000,004,426 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{A25E7FF0-5054-4406-B517-44767E257436}_Large.jpg
[2011/11/16 20:06:34 | 000,011,490 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{92F4B54C-8FD6-49C8-B625-B543E55FED8A}_Large.jpg
[2011/11/16 20:06:34 | 000,001,460 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{A25E7FF0-5054-4406-B517-44767E257436}_Small.jpg
[2011/11/16 20:06:33 | 000,002,736 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{92F4B54C-8FD6-49C8-B625-B543E55FED8A}_Small.jpg
[2011/11/16 20:06:31 | 000,009,511 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{4AFD3401-E4EB-428C-8F19-9B0766E26867}_Large.jpg
[2011/11/16 20:06:31 | 000,002,239 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{4AFD3401-E4EB-428C-8F19-9B0766E26867}_Small.jpg
[2011/11/16 20:06:14 | 000,011,145 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{D4FF50B0-43AE-4278-9970-D616AFE083E0}_Large.jpg
[2011/11/16 20:06:14 | 000,002,465 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{D4FF50B0-43AE-4278-9970-D616AFE083E0}_Small.jpg
[2011/11/16 20:06:09 | 000,010,210 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{FFB3584B-FF3C-4FB0-97FB-265FB6E597C8}_Large.jpg
[2011/11/16 20:06:08 | 000,002,591 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{FFB3584B-FF3C-4FB0-97FB-265FB6E597C8}_Small.jpg
[2011/11/16 20:05:55 | 000,009,328 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{2A6DB637-63C5-4CF8-ABC3-EAFB3D17FFD6}_Large.jpg
[2011/11/16 20:05:53 | 000,002,387 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{2A6DB637-63C5-4CF8-ABC3-EAFB3D17FFD6}_Small.jpg
[2011/11/16 20:05:52 | 000,012,726 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{70574E4B-2D4E-4E48-9E6A-1F8D343C2C92}_Large.jpg
[2011/11/16 20:05:52 | 000,003,256 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{70574E4B-2D4E-4E48-9E6A-1F8D343C2C92}_Small.jpg
[2011/11/16 20:05:38 | 000,007,911 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{86569546-C63A-46E7-A246-AE7601A2E1F7}_Large.jpg
[2011/11/16 20:05:38 | 000,002,187 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{86569546-C63A-46E7-A246-AE7601A2E1F7}_Small.jpg
[2011/11/16 20:05:25 | 000,010,693 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{C1A226D4-FCCB-471E-BC35-BE9D40D12365}_Large.jpg
[2011/11/16 20:05:24 | 000,002,739 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{C1A226D4-FCCB-471E-BC35-BE9D40D12365}_Small.jpg
[2011/11/16 19:16:30 | 000,006,817 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{2B6F1161-CD65-42C2-BD21-7D9F5D4C3983}_Large.jpg
[2011/11/16 19:16:30 | 000,002,143 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{2B6F1161-CD65-42C2-BD21-7D9F5D4C3983}_Small.jpg
[2011/11/16 19:16:28 | 000,011,600 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{74F2354D-8A3C-4679-8C04-EEE162FD68CC}_Large.jpg
[2011/11/16 19:16:28 | 000,002,762 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{74F2354D-8A3C-4679-8C04-EEE162FD68CC}_Small.jpg
[2011/11/16 19:16:25 | 000,014,174 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{A2247708-4A28-4660-B30A-E45355E2A6C0}_Large.jpg
[2011/11/16 19:16:25 | 000,003,484 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{A2247708-4A28-4660-B30A-E45355E2A6C0}_Small.jpg
[2011/11/16 19:16:24 | 000,010,833 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{98A311C5-7C49-4D4B-A7ED-24DA66C8F1C2}_Large.jpg
[2011/11/16 19:16:24 | 000,002,718 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{98A311C5-7C49-4D4B-A7ED-24DA66C8F1C2}_Small.jpg
[2011/11/16 19:16:21 | 000,011,414 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{6B28DF4D-633D-4B77-8702-4A34B215F120}_Large.jpg
[2011/11/16 19:16:21 | 000,003,254 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{6B28DF4D-633D-4B77-8702-4A34B215F120}_Small.jpg
[2011/11/16 19:16:16 | 000,008,770 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{19B24432-45E6-4A4C-86AE-0A57B82DB66E}_Large.jpg
[2011/11/16 19:16:16 | 000,002,134 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{19B24432-45E6-4A4C-86AE-0A57B82DB66E}_Small.jpg
[2011/11/16 19:16:13 | 000,010,081 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{DC02F847-4CFF-4391-8311-18C5CDF84A2F}_Large.jpg
[2011/11/16 19:16:13 | 000,002,374 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{DC02F847-4CFF-4391-8311-18C5CDF84A2F}_Small.jpg
[2011/11/16 19:16:12 | 000,008,865 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{F8122DF6-E621-4042-BC53-DA97CD7C759F}_Large.jpg
[2011/11/16 19:16:12 | 000,002,199 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{F8122DF6-E621-4042-BC53-DA97CD7C759F}_Small.jpg
[2011/11/16 19:16:10 | 000,006,029 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{BFE12949-145D-4AC3-B6F3-A891F69F0A16}_Large.jpg
[2011/11/16 19:16:10 | 000,001,811 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{BFE12949-145D-4AC3-B6F3-A891F69F0A16}_Small.jpg
[2011/11/16 19:15:50 | 000,006,775 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{D79B5BE3-9913-4D49-9F95-C2977483FF7B}_Large.jpg
[2011/11/16 19:15:50 | 000,004,538 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{718E7618-60E8-4902-A656-4499FA7A833E}_Large.jpg
[2011/11/16 19:15:50 | 000,002,036 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{D79B5BE3-9913-4D49-9F95-C2977483FF7B}_Small.jpg
[2011/11/16 19:15:50 | 000,001,452 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{718E7618-60E8-4902-A656-4499FA7A833E}_Small.jpg
[2011/11/16 19:15:48 | 000,011,479 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{DBEE14E6-EB0B-407E-9ED3-C48DBC3A9A97}_Large.jpg
[2011/11/16 19:15:48 | 000,002,633 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{DBEE14E6-EB0B-407E-9ED3-C48DBC3A9A97}_Small.jpg
[2011/11/16 19:15:47 | 000,013,788 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{ADA087C0-F61F-41A4-8F42-18B432F9B7CB}_Large.jpg
[2011/11/16 19:15:47 | 000,003,021 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{ADA087C0-F61F-41A4-8F42-18B432F9B7CB}_Small.jpg
[2011/11/16 19:15:46 | 000,011,935 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{ADE4CA9D-3D14-46AC-8DCD-A71ADA475DA5}_Large.jpg
[2011/11/16 19:15:46 | 000,002,670 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{ADE4CA9D-3D14-46AC-8DCD-A71ADA475DA5}_Small.jpg
[2011/11/16 19:15:43 | 000,012,248 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{9013154B-9983-4303-83A5-D5916C7AA9BD}_Large.jpg
[2011/11/16 19:15:43 | 000,002,853 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{9013154B-9983-4303-83A5-D5916C7AA9BD}_Small.jpg
[2011/11/16 19:15:42 | 000,009,082 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{03DF6EBC-E8B8-4FD0-B2BE-96E3CA6EA741}_Large.jpg
[2011/11/16 19:15:42 | 000,002,440 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{03DF6EBC-E8B8-4FD0-B2BE-96E3CA6EA741}_Small.jpg
[2011/11/16 19:15:40 | 000,006,279 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{67A1462C-A08C-4B68-BC0D-68C37CBA24ED}_Large.jpg
[2011/11/16 19:15:40 | 000,001,747 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{67A1462C-A08C-4B68-BC0D-68C37CBA24ED}_Small.jpg
[2011/11/16 19:15:39 | 000,009,494 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{E6B220D1-E944-4692-8D27-591FFB96CEB4}_Large.jpg
[2011/11/16 19:15:39 | 000,002,566 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{E6B220D1-E944-4692-8D27-591FFB96CEB4}_Small.jpg
[2011/11/16 19:15:30 | 000,007,439 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{EA026394-EA1E-473D-BE64-250FEB06466B}_Large.jpg
[2011/11/16 19:15:30 | 000,002,220 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{EA026394-EA1E-473D-BE64-250FEB06466B}_Small.jpg
[2011/11/16 19:15:29 | 000,011,444 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{D02D23AC-9FEE-476D-A71C-D270829FEF89}_Large.jpg
[2011/11/16 19:15:29 | 000,002,832 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{D02D23AC-9FEE-476D-A71C-D270829FEF89}_Small.jpg
[2011/11/16 19:15:19 | 000,010,709 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{7FBAFF55-F68A-4551-B4AC-CEA1306FF8BE}_Large.jpg
[2011/11/16 19:15:19 | 000,002,560 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{7FBAFF55-F68A-4551-B4AC-CEA1306FF8BE}_Small.jpg
[2011/11/16 19:15:17 | 000,008,958 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{2632FC2A-703E-4999-8CF1-52AC7169EB6A}_Large.jpg
[2011/11/16 19:15:17 | 000,008,944 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{4994410E-CF47-405E-8959-FFD8A6D9B38F}_Large.jpg
[2011/11/16 19:15:17 | 000,002,443 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{4994410E-CF47-405E-8959-FFD8A6D9B38F}_Small.jpg
[2011/11/16 19:15:17 | 000,002,215 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{2632FC2A-703E-4999-8CF1-52AC7169EB6A}_Small.jpg
[2011/11/16 19:15:16 | 000,008,819 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{E3F722BC-418C-4075-9C76-8B282EB10619}_Large.jpg
[2011/11/16 19:15:16 | 000,002,487 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{E3F722BC-418C-4075-9C76-8B282EB10619}_Small.jpg
[2011/11/16 19:15:14 | 000,007,173 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{769A2FA5-CE7C-41B3-B7BB-DC3C5CCD53B8}_Large.jpg
[2011/11/16 19:15:14 | 000,002,174 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{769A2FA5-CE7C-41B3-B7BB-DC3C5CCD53B8}_Small.jpg
[2011/11/16 19:15:09 | 000,018,085 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{76D649E3-27B5-4411-9397-1BEB63875369}_Large.jpg
[2011/11/16 19:15:09 | 000,010,718 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{F74E0624-CCD4-4346-A66A-95892EB8098A}_Large.jpg
[2011/11/16 19:15:09 | 000,004,202 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{76D649E3-27B5-4411-9397-1BEB63875369}_Small.jpg
[2011/11/16 19:15:09 | 000,002,647 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{F74E0624-CCD4-4346-A66A-95892EB8098A}_Small.jpg
[2011/11/16 19:15:08 | 000,009,473 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{131B749A-9901-4240-9346-E8826A1F8682}_Large.jpg
[2011/11/16 19:15:08 | 000,006,161 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{A22E0DA9-C421-466F-B7D3-6DF7CAA30FB5}_Large.jpg
[2011/11/16 19:15:08 | 000,002,476 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{131B749A-9901-4240-9346-E8826A1F8682}_Small.jpg
[2011/11/16 19:15:08 | 000,002,018 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{A22E0DA9-C421-466F-B7D3-6DF7CAA30FB5}_Small.jpg
[2011/11/16 19:14:59 | 000,010,986 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{E7CB4C7B-1E9F-4284-AB0E-8AB4C39DA9AA}_Large.jpg
[2011/11/16 19:14:59 | 000,002,749 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{E7CB4C7B-1E9F-4284-AB0E-8AB4C39DA9AA}_Small.jpg
[2011/11/16 19:14:52 | 000,020,402 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{9666FC69-C762-4305-BB15-1A9FB64F1567}_Large.jpg
[2011/11/16 19:14:52 | 000,003,284 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{9666FC69-C762-4305-BB15-1A9FB64F1567}_Small.jpg
[2011/11/16 19:14:51 | 000,006,029 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{DA0F0211-8964-42F4-B9AD-549B4F58FEC0}_Large.jpg
[2011/11/16 19:14:51 | 000,001,804 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{DA0F0211-8964-42F4-B9AD-549B4F58FEC0}_Small.jpg
[2011/11/16 19:14:50 | 000,009,150 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{32433F5D-F7E7-4ECA-9DDB-3BC9FB014D53}_Large.jpg
[2011/11/16 19:14:50 | 000,002,005 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{32433F5D-F7E7-4ECA-9DDB-3BC9FB014D53}_Small.jpg
[2011/11/16 19:14:49 | 000,005,004 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{8F03D171-8D66-4505-BE59-F5CF9330CDD3}_Large.jpg
[2011/11/16 19:14:49 | 000,001,646 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{8F03D171-8D66-4505-BE59-F5CF9330CDD3}_Small.jpg
[2011/11/16 19:14:48 | 000,006,903 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{A4639279-6778-4B2B-82DE-6E4A95F267A8}_Large.jpg
[2011/11/16 19:14:48 | 000,001,920 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{A4639279-6778-4B2B-82DE-6E4A95F267A8}_Small.jpg
[2011/11/16 19:14:47 | 000,008,433 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{B0D62F31-3A88-412A-99A4-0B0D005DCEBB}_Large.jpg
[2011/11/16 19:14:47 | 000,003,284 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{9D442A9E-5173-4C5D-96F3-8A4EC7BDAA3C}_Large.jpg
[2011/11/16 19:14:47 | 000,002,128 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{B0D62F31-3A88-412A-99A4-0B0D005DCEBB}_Small.jpg
[2011/11/16 19:14:47 | 000,001,139 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{9D442A9E-5173-4C5D-96F3-8A4EC7BDAA3C}_Small.jpg
[2011/11/16 19:14:46 | 000,011,749 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{F1E7D38D-98D5-41CA-BB72-8B8B038BE177}_Large.jpg
[2011/11/16 19:14:46 | 000,007,362 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{077E91BD-93A2-469F-B817-4F5344DE4A5C}_Large.jpg
[2011/11/16 19:14:46 | 000,002,635 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{F1E7D38D-98D5-41CA-BB72-8B8B038BE177}_Small.jpg
[2011/11/16 19:14:46 | 000,002,138 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{077E91BD-93A2-469F-B817-4F5344DE4A5C}_Small.jpg
[2011/11/16 19:14:45 | 000,011,299 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{438AAA1B-71C8-4A31-BDBA-4DE9597F29C1}_Large.jpg
[2011/11/16 19:14:45 | 000,007,616 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{5F6606F2-4F60-4205-98B5-6B0BDDB7AC08}_Large.jpg
[2011/11/16 19:14:45 | 000,002,743 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{438AAA1B-71C8-4A31-BDBA-4DE9597F29C1}_Small.jpg
[2011/11/16 19:14:45 | 000,002,116 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{5F6606F2-4F60-4205-98B5-6B0BDDB7AC08}_Small.jpg
[2011/11/16 19:14:44 | 000,008,411 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{6EED8664-3060-4202-BCEB-7041309ACAD2}_Large.jpg
[2011/11/16 19:14:44 | 000,002,177 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{6EED8664-3060-4202-BCEB-7041309ACAD2}_Small.jpg
[2011/11/16 19:14:37 | 000,009,422 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{2D5CC9D1-DD92-401F-95AB-DDFEB32C6A9E}_Large.jpg
[2011/11/16 19:14:37 | 000,002,748 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{2D5CC9D1-DD92-401F-95AB-DDFEB32C6A9E}_Small.jpg
[2011/11/16 19:14:35 | 000,005,811 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{067D3436-C493-4905-A2BC-34720FEBB2C7}_Large.jpg
[2011/11/16 19:14:35 | 000,005,167 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{92408818-6197-406C-849F-C236FD76E321}_Large.jpg
[2011/11/16 19:14:35 | 000,001,943 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{067D3436-C493-4905-A2BC-34720FEBB2C7}_Small.jpg
[2011/11/16 19:14:35 | 000,001,532 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{92408818-6197-406C-849F-C236FD76E321}_Small.jpg
[2011/11/16 19:14:34 | 000,009,580 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{2412B43C-40C0-41C0-ACC0-53B917FC261A}_Large.jpg
[2011/11/16 19:14:34 | 000,008,912 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{5568E2A4-BDEC-4108-94A6-42EE12F95C58}_Large.jpg
[2011/11/16 19:14:34 | 000,006,073 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{25C54D2E-A6EA-4E73-BA5A-8D1CE8AAFCAF}_Large.jpg
[2011/11/16 19:14:34 | 000,002,384 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{5568E2A4-BDEC-4108-94A6-42EE12F95C58}_Small.jpg
[2011/11/16 19:14:34 | 000,002,166 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{2412B43C-40C0-41C0-ACC0-53B917FC261A}_Small.jpg
[2011/11/16 19:14:34 | 000,002,128 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{25C54D2E-A6EA-4E73-BA5A-8D1CE8AAFCAF}_Small.jpg
[2011/11/16 19:14:32 | 000,010,891 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{F4FDE8C1-5822-4C64-B6A5-664300A09CEB}_Large.jpg
[2011/11/16 19:14:32 | 000,002,623 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{F4FDE8C1-5822-4C64-B6A5-664300A09CEB}_Small.jpg
[2011/11/16 19:14:31 | 000,011,273 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{B3423A74-7392-4003-B4F4-68EAA414E8B7}_Large.jpg
[2011/11/16 19:14:31 | 000,002,510 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{B3423A74-7392-4003-B4F4-68EAA414E8B7}_Small.jpg
[2011/11/16 19:14:30 | 000,009,552 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{34A2351A-28EE-4219-9404-33C64C96EC30}_Large.jpg
[2011/11/16 19:14:30 | 000,002,674 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{34A2351A-28EE-4219-9404-33C64C96EC30}_Small.jpg
[2011/11/16 19:14:29 | 000,013,528 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{59A3A155-329A-4F73-8988-F84E9ECF2EE3}_Large.jpg
[2011/11/16 19:14:29 | 000,002,988 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{59A3A155-329A-4F73-8988-F84E9ECF2EE3}_Small.jpg
[2011/11/16 19:14:29 | 000,002,864 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{0639B756-E1B6-49AE-AC5D-A43CE998F3BC}_Large.jpg
[2011/11/16 19:14:29 | 000,000,998 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{0639B756-E1B6-49AE-AC5D-A43CE998F3BC}_Small.jpg
[2011/11/16 19:14:27 | 000,006,716 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{7F7A2029-3FD9-4D5B-9A4E-4F5E14D99E58}_Large.jpg
[2011/11/16 19:14:27 | 000,001,956 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{7F7A2029-3FD9-4D5B-9A4E-4F5E14D99E58}_Small.jpg
[2011/11/16 19:14:21 | 000,010,110 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{FA86EAC9-653A-4637-A992-81B9DDAF20A1}_Large.jpg
[2011/11/16 19:14:21 | 000,002,406 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{FA86EAC9-653A-4637-A992-81B9DDAF20A1}_Small.jpg
[2011/11/16 19:14:16 | 000,008,205 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{CB897A7D-EAB3-4909-BB32-7027D68BACC5}_Large.jpg
[2011/11/16 19:14:16 | 000,002,450 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{CB897A7D-EAB3-4909-BB32-7027D68BACC5}_Small.jpg
[2011/11/16 19:14:09 | 000,003,815 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{AB9E10A3-4086-4A94-B6A5-251B57E41AD7}_Large.jpg
[2011/11/16 19:14:09 | 000,001,347 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{AB9E10A3-4086-4A94-B6A5-251B57E41AD7}_Small.jpg
[2011/11/16 19:14:05 | 000,009,701 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{288C0E4F-1E6A-43F5-9307-D67F1A95C913}_Large.jpg
[2011/11/16 19:14:05 | 000,002,436 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{288C0E4F-1E6A-43F5-9307-D67F1A95C913}_Small.jpg
[2011/11/16 19:14:04 | 000,008,924 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{54DC63C2-1521-4BE4-A3E3-38B8147D0B05}_Large.jpg
[2011/11/16 19:14:04 | 000,002,281 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{54DC63C2-1521-4BE4-A3E3-38B8147D0B05}_Small.jpg
[2011/11/16 19:13:57 | 000,009,704 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{A21887AB-853A-43D1-B7A5-D3DA716C81FF}_Large.jpg
[2011/11/16 19:13:57 | 000,006,879 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{2EB9E5E0-608A-4819-B173-FCA781A37A0B}_Large.jpg
[2011/11/16 19:13:57 | 000,002,557 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{A21887AB-853A-43D1-B7A5-D3DA716C81FF}_Small.jpg
[2011/11/16 19:13:57 | 000,002,091 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{2EB9E5E0-608A-4819-B173-FCA781A37A0B}_Small.jpg
[2011/11/16 19:13:56 | 000,008,095 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{AE4B4E15-3679-4B07-A27F-401F6B2866FA}_Large.jpg
[2011/11/16 19:13:56 | 000,002,280 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{AE4B4E15-3679-4B07-A27F-401F6B2866FA}_Small.jpg
[2011/11/16 19:13:53 | 000,008,368 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{D4A9C1B0-C7CE-4F18-9A5E-6FE0220D473C}_Large.jpg
[2011/11/16 19:13:53 | 000,002,257 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{D4A9C1B0-C7CE-4F18-9A5E-6FE0220D473C}_Small.jpg
[2011/11/16 19:13:49 | 000,011,768 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{3FD5E3B7-19FD-4EF0-B619-E71B154E1F77}_Large.jpg
[2011/11/16 19:13:49 | 000,002,710 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{3FD5E3B7-19FD-4EF0-B619-E71B154E1F77}_Small.jpg
[2011/11/16 19:13:45 | 000,009,626 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{B0D276D6-10E7-4751-96D8-9E8308A17036}_Large.jpg
[2011/11/16 19:13:45 | 000,002,381 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{B0D276D6-10E7-4751-96D8-9E8308A17036}_Small.jpg
[2011/11/16 19:13:44 | 000,014,169 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{3EFE54BB-9E40-498C-843E-CFAF27D967C5}_Large.jpg
[2011/11/16 19:13:44 | 000,003,192 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{3EFE54BB-9E40-498C-843E-CFAF27D967C5}_Small.jpg
[2011/11/16 19:13:40 | 000,011,736 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{3F89ED47-B59A-436D-BB14-37446CBEF416}_Large.jpg
[2011/11/16 19:13:40 | 000,002,655 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{3F89ED47-B59A-436D-BB14-37446CBEF416}_Small.jpg
[2011/11/16 19:13:37 | 000,009,719 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{6EEC61CC-3D5C-4362-B15F-8F8CB6AFD48D}_Large.jpg
[2011/11/16 19:13:37 | 000,002,445 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{6EEC61CC-3D5C-4362-B15F-8F8CB6AFD48D}_Small.jpg
[2011/11/16 19:13:30 | 000,011,918 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{CB1CD5D6-E5C2-47C5-B680-50EA5B632776}_Large.jpg
[2011/11/16 19:13:30 | 000,009,962 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{9829AF1D-62FA-4C27-8AD3-CCAC62509E86}_Large.jpg
[2011/11/16 19:13:30 | 000,002,916 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{CB1CD5D6-E5C2-47C5-B680-50EA5B632776}_Small.jpg
[2011/11/16 19:13:30 | 000,002,561 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{9829AF1D-62FA-4C27-8AD3-CCAC62509E86}_Small.jpg
[2011/11/16 19:13:29 | 000,014,071 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{19D02FCF-5996-4F01-8A6D-21D8A7F7A666}_Large.jpg
[2011/11/16 19:13:29 | 000,003,238 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{19D02FCF-5996-4F01-8A6D-21D8A7F7A666}_Small.jpg
[2011/11/16 19:13:23 | 000,007,784 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{5F755A68-5EAC-41B1-8A79-86414459D483}_Large.jpg
[2011/11/16 19:13:23 | 000,001,923 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{5F755A68-5EAC-41B1-8A79-86414459D483}_Small.jpg
[2011/11/16 19:13:20 | 000,007,840 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{35AB8800-02D2-470B-A6DD-13FA3C2507E6}_Large.jpg
[2011/11/16 19:13:20 | 000,002,119 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{35AB8800-02D2-470B-A6DD-13FA3C2507E6}_Small.jpg
[2011/11/16 19:13:18 | 000,008,124 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{333FDA9A-97DF-4719-991E-189E5577FFA4}_Large.jpg
[2011/11/16 19:13:18 | 000,005,321 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{7C004614-0348-40FF-B59D-D08607A76472}_Large.jpg
[2011/11/16 19:13:18 | 000,002,287 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{333FDA9A-97DF-4719-991E-189E5577FFA4}_Small.jpg
[2011/11/16 19:13:18 | 000,001,821 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{7C004614-0348-40FF-B59D-D08607A76472}_Small.jpg
[2011/11/16 19:13:17 | 000,008,193 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{9DB656F4-0832-4D83-B1ED-82D030C1D425}_Large.jpg
[2011/11/16 19:13:17 | 000,002,358 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{9DB656F4-0832-4D83-B1ED-82D030C1D425}_Small.jpg
[2011/11/16 19:13:14 | 000,008,354 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{DCB934F4-48D4-44D7-9FFF-55446A7F8F0C}_Large.jpg
[2011/11/16 19:13:14 | 000,002,369 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{DCB934F4-48D4-44D7-9FFF-55446A7F8F0C}_Small.jpg
[2011/11/16 19:13:12 | 000,004,465 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{4CF2E615-ACDF-47BF-8519-C22DC6865348}_Large.jpg
[2011/11/16 19:13:12 | 000,001,494 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{4CF2E615-ACDF-47BF-8519-C22DC6865348}_Small.jpg
[2011/11/16 19:13:11 | 000,008,678 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{57C415D0-6885-4B25-954F-DA3AA79ACF09}_Large.jpg
[2011/11/16 19:13:11 | 000,002,100 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{57C415D0-6885-4B25-954F-DA3AA79ACF09}_Small.jpg
[2011/11/16 19:13:10 | 000,010,170 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{1674FDDA-E131-4A04-9734-D933F45DF60A}_Large.jpg
[2011/11/16 19:13:10 | 000,007,858 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{C804F59C-F5A4-4FDC-ADED-F202DEB224FC}_Large.jpg
[2011/11/16 19:13:10 | 000,002,232 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{1674FDDA-E131-4A04-9734-D933F45DF60A}_Small.jpg
[2011/11/16 19:13:10 | 000,001,957 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{C804F59C-F5A4-4FDC-ADED-F202DEB224FC}_Small.jpg
[2011/11/16 19:13:09 | 000,014,730 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{9544E874-7FBB-47CC-8294-F1B6C05519B5}_Large.jpg
[2011/11/16 19:13:09 | 000,007,645 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{57620910-E489-4AB9-B21B-63838DEA010D}_Large.jpg
[2011/11/16 19:13:09 | 000,003,217 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{9544E874-7FBB-47CC-8294-F1B6C05519B5}_Small.jpg
[2011/11/16 19:13:09 | 000,002,327 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{57620910-E489-4AB9-B21B-63838DEA010D}_Small.jpg
[2011/11/16 19:13:08 | 000,013,849 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{27CFBBFD-5265-4EC4-A982-42DE40C7791E}_Large.jpg
[2011/11/16 19:13:08 | 000,012,958 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{AEADE689-53A3-40A0-99B9-2C9763B2053F}_Large.jpg
[2011/11/16 19:13:08 | 000,011,819 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{08CCFF68-CEE4-4625-8381-64C513B0920D}_Large.jpg
[2011/11/16 19:13:08 | 000,008,831 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{3A440638-42DD-4C35-A4F9-F2A1275AE6A3}_Large.jpg
[2011/11/16 19:13:08 | 000,003,001 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{27CFBBFD-5265-4EC4-A982-42DE40C7791E}_Small.jpg
[2011/11/16 19:13:08 | 000,002,965 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{AEADE689-53A3-40A0-99B9-2C9763B2053F}_Small.jpg
[2011/11/16 19:13:08 | 000,002,453 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{08CCFF68-CEE4-4625-8381-64C513B0920D}_Small.jpg
[2011/11/16 19:13:08 | 000,002,185 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{3A440638-42DD-4C35-A4F9-F2A1275AE6A3}_Small.jpg
[2011/11/16 19:13:07 | 000,009,499 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{8687AF4A-BB7D-444F-83EF-5DCF6A903D42}_Large.jpg
[2011/11/16 19:13:07 | 000,002,407 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{8687AF4A-BB7D-444F-83EF-5DCF6A903D42}_Small.jpg
[2011/11/16 19:12:57 | 000,010,889 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{08531D39-8F27-4241-AFF0-BF7005207AA0}_Large.jpg
[2011/11/16 19:12:57 | 000,002,994 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{08531D39-8F27-4241-AFF0-BF7005207AA0}_Small.jpg
[2011/11/16 19:12:56 | 000,004,787 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{32F3ACDC-3959-486C-9272-2C3D317AE359}_Large.jpg
[2011/11/16 19:12:56 | 000,001,593 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{32F3ACDC-3959-486C-9272-2C3D317AE359}_Small.jpg
[2011/11/16 19:12:53 | 000,008,291 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{86C84749-99DF-4996-ABC0-6AB43D7D6F21}_Large.jpg
[2011/11/16 19:12:53 | 000,002,409 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{86C84749-99DF-4996-ABC0-6AB43D7D6F21}_Small.jpg
[2011/11/16 19:12:52 | 000,014,048 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{3D731899-AA26-4F91-9FD6-16A3EBEF28DE}_Large.jpg
[2011/11/16 19:12:52 | 000,011,221 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{8CA9E192-EB19-43BF-9A0F-8A54D1E6A1F4}_Large.jpg
[2011/11/16 19:12:52 | 000,002,984 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{3D731899-AA26-4F91-9FD6-16A3EBEF28DE}_Small.jpg
[2011/11/16 19:12:52 | 000,002,763 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{8CA9E192-EB19-43BF-9A0F-8A54D1E6A1F4}_Small.jpg
[2011/11/16 19:12:49 | 000,008,815 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{36C157AB-DBA1-4C5F-B41C-09D0F6AC6DEC}_Large.jpg
[2011/11/16 19:12:49 | 000,002,273 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{36C157AB-DBA1-4C5F-B41C-09D0F6AC6DEC}_Small.jpg
[2011/11/16 19:12:42 | 000,007,063 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{04B9974E-A018-44F1-9812-53C733FFEDA6}_Large.jpg
[2011/11/16 19:12:42 | 000,002,028 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{04B9974E-A018-44F1-9812-53C733FFEDA6}_Small.jpg
[2011/11/16 19:12:41 | 000,008,542 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{ECA94AE1-6C52-484B-87F1-1CCA0A755699}_Large.jpg
[2011/11/16 19:12:41 | 000,007,437 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{434D1131-7A05-4F42-A7C9-782E7098B2DC}_Large.jpg
[2011/11/16 19:12:41 | 000,002,194 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{434D1131-7A05-4F42-A7C9-782E7098B2DC}_Small.jpg
[2011/11/16 19:12:41 | 000,002,156 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{ECA94AE1-6C52-484B-87F1-1CCA0A755699}_Small.jpg
[2011/11/16 19:12:40 | 000,006,853 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{4AB8827D-EA0E-4A2E-B8B2-77BE178BEEBA}_Large.jpg
[2011/11/16 19:12:40 | 000,002,095 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{4AB8827D-EA0E-4A2E-B8B2-77BE178BEEBA}_Small.jpg
[2011/11/16 19:12:32 | 000,010,977 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{B9488B15-CDC5-4990-8E54-43A7740344B7}_Large.jpg
[2011/11/16 19:12:32 | 000,006,915 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{146E21AC-27ED-484C-8392-81F09771F2B5}_Large.jpg
[2011/11/16 19:12:32 | 000,002,922 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{B9488B15-CDC5-4990-8E54-43A7740344B7}_Small.jpg
[2011/11/16 19:12:32 | 000,002,213 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{146E21AC-27ED-484C-8392-81F09771F2B5}_Small.jpg
[2011/11/16 19:12:25 | 000,008,787 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{B37B6E7E-9016-4A55-860D-3F3A7326F155}_Large.jpg
[2011/11/16 19:12:25 | 000,002,536 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{B37B6E7E-9016-4A55-860D-3F3A7326F155}_Small.jpg
[2011/11/16 19:12:24 | 000,007,538 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{6EB46733-0CA9-4166-9125-FD1C9393CF92}_Large.jpg
[2011/11/16 19:12:24 | 000,002,105 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{6EB46733-0CA9-4166-9125-FD1C9393CF92}_Small.jpg
[2011/11/16 19:12:21 | 000,009,340 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{2D9B922A-6839-471B-A1BC-4B6EBC2A43A4}_Large.jpg
[2011/11/16 19:12:21 | 000,002,313 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{2D9B922A-6839-471B-A1BC-4B6EBC2A43A4}_Small.jpg
[2011/11/16 19:12:20 | 000,008,597 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{6CE1BDF6-9197-45AE-A1C3-EF001E30AF55}_Large.jpg
[2011/11/16 19:12:20 | 000,001,849 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{6CE1BDF6-9197-45AE-A1C3-EF001E30AF55}_Small.jpg
[2011/11/16 19:12:19 | 000,007,823 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{C23F0693-8BB7-4E5C-8A83-E7DACC23A5C7}_Large.jpg
[2011/11/16 19:12:19 | 000,001,900 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{C23F0693-8BB7-4E5C-8A83-E7DACC23A5C7}_Small.jpg
[2011/11/16 19:12:18 | 000,005,495 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{9E5A21C6-EB3D-4E92-8F9C-6FBAA84BE24D}_Large.jpg
[2011/11/16 19:12:18 | 000,001,705 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{9E5A21C6-EB3D-4E92-8F9C-6FBAA84BE24D}_Small.jpg
[2011/11/16 19:12:17 | 000,012,406 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{EF65B9AE-F1B5-454B-95C4-03BF571E285A}_Large.jpg
[2011/11/16 19:12:17 | 000,003,072 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{EF65B9AE-F1B5-454B-95C4-03BF571E285A}_Small.jpg
[2011/11/16 19:12:15 | 000,010,326 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{170D2760-CC34-4E49-A398-1D15A3FCC97A}_Large.jpg
[2011/11/16 19:12:15 | 000,002,321 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{170D2760-CC34-4E49-A398-1D15A3FCC97A}_Small.jpg
[2011/11/16 19:12:14 | 000,010,105 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{1D740947-3C39-4C54-A6B0-078DF497D007}_Large.jpg
[2011/11/16 19:12:14 | 000,002,499 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{1D740947-3C39-4C54-A6B0-078DF497D007}_Small.jpg
[2011/11/16 19:12:12 | 000,009,226 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{AA9757A1-BD04-4006-8760-606B3A8EF507}_Large.jpg
[2011/11/16 19:12:12 | 000,002,521 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{AA9757A1-BD04-4006-8760-606B3A8EF507}_Small.jpg
[2011/11/16 19:12:03 | 000,014,490 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{424E676B-C2B6-4AB1-8B15-CFF95FAFD3C9}_Large.jpg
[2011/11/16 19:12:03 | 000,008,398 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{4B0A7714-933A-4FF9-9BDA-6213EDD5732C}_Large.jpg
[2011/11/16 19:12:03 | 000,003,279 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{424E676B-C2B6-4AB1-8B15-CFF95FAFD3C9}_Small.jpg
[2011/11/16 19:12:03 | 000,002,367 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{4B0A7714-933A-4FF9-9BDA-6213EDD5732C}_Small.jpg
[2011/11/16 19:11:59 | 000,010,281 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{0D61CC38-573E-4879-866A-4E6DAF5F9B22}_Large.jpg
[2011/11/16 19:11:59 | 000,009,892 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{1A45114F-0977-43C4-AA4B-713D4703D7A8}_Large.jpg
[2011/11/16 19:11:59 | 000,006,338 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{18595B40-65F1-47EA-94A4-F924E21245C1}_Large.jpg
[2011/11/16 19:11:59 | 000,002,589 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{0D61CC38-573E-4879-866A-4E6DAF5F9B22}_Small.jpg
[2011/11/16 19:11:59 | 000,002,515 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{1A45114F-0977-43C4-AA4B-713D4703D7A8}_Small.jpg
[2011/11/16 19:11:59 | 000,001,969 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{18595B40-65F1-47EA-94A4-F924E21245C1}_Small.jpg
[2011/11/16 19:11:58 | 000,009,573 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{B883DB08-3C0E-457E-A1F3-7E0584EEE0F7}_Large.jpg
[2011/11/16 19:11:58 | 000,007,520 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{471363A6-8397-4D0A-8D02-5CAE407E9BA9}_Large.jpg
[2011/11/16 19:11:58 | 000,002,452 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{B883DB08-3C0E-457E-A1F3-7E0584EEE0F7}_Small.jpg
[2011/11/16 19:11:58 | 000,001,677 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{471363A6-8397-4D0A-8D02-5CAE407E9BA9}_Small.jpg
[2011/11/16 19:11:51 | 000,010,593 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{7FE0342D-ECC0-4D1B-9FB1-8F9A22E000E4}_Large.jpg
[2011/11/16 19:11:51 | 000,002,829 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{7FE0342D-ECC0-4D1B-9FB1-8F9A22E000E4}_Small.jpg
[2011/11/16 19:11:50 | 000,011,314 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{71404B04-2CF3-4F52-BF1A-59299813F863}_Large.jpg
[2011/11/16 19:11:50 | 000,002,574 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{71404B04-2CF3-4F52-BF1A-59299813F863}_Small.jpg
[2011/11/16 19:11:49 | 000,010,091 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{91123FB4-7642-4DA3-BD9C-BA08B7E5F445}_Large.jpg
[2011/11/16 19:11:49 | 000,002,539 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{91123FB4-7642-4DA3-BD9C-BA08B7E5F445}_Small.jpg
[2011/11/16 19:11:48 | 000,005,520 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{435F8B64-F907-47C4-AC18-C05A8E95673B}_Large.jpg
[2011/11/16 19:11:48 | 000,001,779 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{435F8B64-F907-47C4-AC18-C05A8E95673B}_Small.jpg
[2011/11/16 19:11:44 | 000,010,337 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{CE07D5AE-5A9F-4371-9B34-0973DEC9AF0B}_Large.jpg
[2011/11/16 19:11:44 | 000,002,579 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{CE07D5AE-5A9F-4371-9B34-0973DEC9AF0B}_Small.jpg
[2011/11/16 19:11:43 | 000,009,542 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{873728F2-EE03-4E96-B011-3BAB14ECF06B}_Large.jpg
[2011/11/16 19:11:43 | 000,002,401 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{873728F2-EE03-4E96-B011-3BAB14ECF06B}_Small.jpg
[2011/11/16 19:11:42 | 000,007,002 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{73CAF1FE-C61B-49E4-8EDF-3FE587146305}_Large.jpg
[2011/11/16 19:11:42 | 000,001,664 | -HS- | M] () -- C:\Users\D\Documents\AlbumArt_{73CAF1FE-C61B-49E4-8EDF-3FE587146305}_Small.jpg
[2011/11/16 14:55:45 | 000,000,177 | ---- | M] () -- C:\Users\D\Desktop\Healthcare Jobs & Nursing Jobs in Colorado Centura Health.url
[2011/11/16 14:51:12 | 000,000,254 | ---- | M] () -- C:\Users\D\Desktop\Security Officer Jobs in Castle Rock, CO - Classic Job Search.url
[2011/11/16 11:28:07 | 000,000,128 | ---- | M] () -- C:\Users\D\Desktop\Health Professions Education Foundation.url
[2011/11/16 10:38:44 | 000,000,147 | ---- | M] () -- C:\Users\D\Desktop\Frequently Asked Questions.url
[2011/11/16 10:36:57 | 000,000,162 | ---- | M] () -- C:\Users\D\Desktop\Division of Registrations.url
[2011/11/16 10:36:36 | 000,000,153 | ---- | M] () -- C:\Users\D\Desktop\Licensee - Applicant Services (3).url
[2011/11/16 10:34:56 | 000,000,147 | ---- | M] () -- C:\Users\D\Desktop\Policies.url
[2011/11/16 10:34:03 | 000,000,148 | ---- | M] () -- C:\Users\D\Desktop\Licensee - Applicant Services (2).url
[2011/11/16 10:32:21 | 000,000,131 | ---- | M] () -- C:\Users\D\Desktop\Healthcare Professions Profiling Program (HPPP).url
[2011/11/16 10:20:54 | 000,000,148 | ---- | M] () -- C:\Users\D\Desktop\Licensee - Applicant Services.url
[2011/11/16 00:13:52 | 000,001,169 | ---- | M] () -- C:\Users\D\Desktop\www.sing365.com.url
[2011/11/15 14:08:54 | 000,000,216 | ---- | M] () -- C:\Users\D\Desktop\YouTube videos won't play - YouTube Help.url
[2011/11/15 10:48:23 | 000,000,850 | ---- | M] () -- C:\Users\D\Desktop\Norton Installation Files.lnk
[2011/11/15 00:02:44 | 000,000,916 | ---- | M] () -- C:\Users\D\Documents\WORM MAYBE cc_20111115_000218.reg
[2011/11/13 23:46:36 | 000,426,411 | ---- | M] () -- C:\Users\D\Documents\CO lpc app.pdf
[2011/11/13 22:39:55 | 000,000,154 | ---- | M] () -- C:\Users\D\Desktop\ATTC - Certification Info.url
[2011/11/13 22:37:55 | 000,000,297 | ---- | M] () -- C:\Users\D\Desktop\Can unlicensed psychotherapists claim they're registered by the state Colorado Statesman.url
[2011/11/13 22:35:32 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/13 22:07:11 | 000,000,254 | ---- | M] () -- C:\Users\D\Desktop\PDF converter, convert to PDF, create PDF files Adobe Acrobat X Pro.url
[2011/11/13 21:49:05 | 000,000,129 | ---- | M] () -- C:\Users\D\Desktop\Find a Therapist - Members of the Colorado Association of Psychotherapists.url
[2011/11/09 13:29:35 | 000,000,145 | ---- | M] () -- C:\Users\D\Desktop\Related Links.url
[2011/11/09 10:51:59 | 000,000,198 | ---- | M] () -- C:\Users\D\Desktop\The Shining Bathroom Scene - YouTube.url
[2011/11/09 10:50:24 | 000,000,198 | ---- | M] () -- C:\Users\D\Desktop\Lost Highway - Mystery Man - YouTube.url
[2011/11/07 09:50:44 | 000,000,022 | ---- | M] () -- C:\Users\D\Documents\file000 - Copy.zip
[2011/11/07 09:48:03 | 000,000,604 | ---- | M] () -- C:\Users\D\Documents\RESUME MFT GOOD COPY 3 DON'T ALTER - Shortcut.lnk
[2011/11/07 09:48:03 | 000,000,579 | ---- | M] () -- C:\Users\D\Documents\COVER LETTER GOOOD - Shortcut (2).lnk
[2011/11/07 09:45:43 | 000,039,424 | ---- | M] () -- C:\Users\D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/03 13:04:38 | 000,001,132 | ---- | M] () -- C:\Users\D\Desktop\LOOK # 1 COVER LETTER AFTER TO EDIT - Shortcut.lnk
[2011/11/02 01:40:38 | 000,000,198 | ---- | M] () -- C:\Users\D\Desktop\Veruca Salt - Seether - YouTube.url
[2011/11/01 23:54:28 | 000,000,181 | ---- | M] () -- C:\Users\D\Desktop\JUNG INTJ -.url
[2011/10/28 22:04:34 | 000,000,214 | ---- | M] () -- C:\Users\D\Desktop\Spokeo - David Ramstad - Aqueduct Ave.url
[2011/10/28 03:59:38 | 000,047,401 | ---- | M] () -- C:\Users\D\Documents\BBS Weekly Log Form.pdf
[2011/10/28 03:15:04 | 000,000,254 | ---- | M] () -- C:\Users\D\Desktop\Phillips Graduate Institute - Chatsworth, Facebook.url
[2011/10/26 22:42:28 | 000,000,198 | ---- | M] () -- C:\Users\D\Desktop\System Of A Down - Sugar - YouTube.url
[2011/10/26 19:52:37 | 000,000,698 | ---- | M] () -- C:\Users\D\AppData\Roaming\wklnhst.dat
[2011/10/26 19:52:36 | 000,016,896 | ---- | M] () -- C:\Users\D\Documents\[email protected]
[2011/10/26 18:00:24 | 000,000,429 | ---- | M] () -- C:\Users\D\Desktop\Phillips Graduate Institute Student Reviews.url
[2011/10/26 17:38:17 | 000,000,212 | ---- | M] () -- C:\Users\D\Desktop\phillips contact us.url
[2 C:\Users\D\Documents\*.tmp files -> C:\Users\D\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/25 00:10:29 | 000,006,320 | ---- | C] () -- C:\Users\D\Documents\cc_20111125_001027.reg
[2011/11/24 23:14:51 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/24 12:12:55 | 000,001,852 | ---- | C] () -- C:\Users\D\Documents\Firefox Sync Key.html
[2011/11/23 13:46:33 | 000,006,122 | ---- | C] () -- C:\Users\D\Documents\hijackthisuninstall_list
[2011/11/22 11:28:19 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/11/21 19:58:57 | 000,002,475 | ---- | C] () -- C:\Users\D\Desktop\HiJackThis.lnk
[2011/11/21 13:07:49 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/21 13:02:27 | 000,001,626 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/20 11:53:26 | 000,008,256 | ---- | C] () -- C:\Users\D\Desktop\hijackthis3
[2011/11/20 11:52:27 | 000,008,223 | ---- | C] () -- C:\Users\D\Desktop\hijackthis2
[2011/11/18 23:58:43 | 000,000,832 | ---- | C] () -- C:\Users\D\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/18 23:58:43 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/18 23:58:42 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/18 17:54:37 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/18 15:45:11 | 000,000,518 | ---- | C] () -- C:\Users\D\Desktop\Everyone MUST read this BEFORE posting for help in this forum - Tech Support Guy Forums.url
[2011/11/18 15:01:02 | 000,000,186 | ---- | C] () -- C:\Users\D\Desktop\HijackThis - Trend Micro USA.url
[2011/11/18 13:59:30 | 014,790,445 | ---- | C] () -- C:\Users\D\AppData\Roaming\SMRBackup210.dat
[2011/11/17 11:30:05 | 000,000,292 | ---- | C] () -- C:\Users\D\Desktop\Universal Careers.url
[2011/11/17 10:57:33 | 000,000,575 | ---- | C] () -- C:\Users\D\Desktop\Seeking Security Officer-Denver Area Aurora Job.url
[2011/11/17 10:54:19 | 000,000,342 | ---- | C] () -- C:\Users\D\Desktop\Employment Application - C&D Security Jobs.url
[2011/11/17 10:21:47 | 000,146,074 | ---- | C] () -- C:\Users\D\Documents\WHELAN SECURITY ATT00001.zip
[2011/11/17 00:09:35 | 000,000,181 | ---- | C] () -- C:\Users\D\Desktop\Lien - Wikipedia, the free encyclopedia.url
[2011/11/16 20:48:48 | 000,000,147 | ---- | C] () -- C:\Users\D\Desktop\Simply Hired Support Center Job Seekers.url
[2011/11/16 20:40:30 | 000,000,205 | ---- | C] () -- C:\Users\D\Desktop\View Current Job Listings at Arapahoe-Douglas Mental Health Network - Arapahoe-Douglas Mental Health Network Jobs.url
[2011/11/16 20:12:46 | 000,005,646 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{F34EBB0D-870A-4933-9548-1022A705F739}_Large.jpg
[2011/11/16 20:12:46 | 000,001,818 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{F34EBB0D-870A-4933-9548-1022A705F739}_Small.jpg
[2011/11/16 20:11:21 | 000,010,891 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{656D9571-0D2C-4723-B00C-FF298BFD196E}_Large.jpg
[2011/11/16 20:11:21 | 000,002,623 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{656D9571-0D2C-4723-B00C-FF298BFD196E}_Small.jpg
[2011/11/16 20:10:20 | 000,007,037 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{71754499-BA40-4C3B-A0A2-A754493D81AD}_Large.jpg
[2011/11/16 20:10:20 | 000,001,933 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{71754499-BA40-4C3B-A0A2-A754493D81AD}_Small.jpg
[2011/11/16 20:09:50 | 000,008,804 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{1716BB60-4A34-4E3C-BE7C-4F7AC8405663}_Large.jpg
[2011/11/16 20:09:50 | 000,002,189 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{1716BB60-4A34-4E3C-BE7C-4F7AC8405663}_Small.jpg
[2011/11/16 20:09:00 | 000,006,099 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{7BD32E7C-F48D-4404-9247-726B98FA1342}_Large.jpg
[2011/11/16 20:09:00 | 000,001,836 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{7BD32E7C-F48D-4404-9247-726B98FA1342}_Small.jpg
[2011/11/16 20:06:37 | 000,004,426 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{A25E7FF0-5054-4406-B517-44767E257436}_Large.jpg
[2011/11/16 20:06:37 | 000,001,460 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{A25E7FF0-5054-4406-B517-44767E257436}_Small.jpg
[2011/11/16 20:06:36 | 000,011,490 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{92F4B54C-8FD6-49C8-B625-B543E55FED8A}_Large.jpg
[2011/11/16 20:06:36 | 000,002,736 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{92F4B54C-8FD6-49C8-B625-B543E55FED8A}_Small.jpg
[2011/11/16 20:06:33 | 000,009,511 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{4AFD3401-E4EB-428C-8F19-9B0766E26867}_Large.jpg
[2011/11/16 20:06:33 | 000,002,239 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{4AFD3401-E4EB-428C-8F19-9B0766E26867}_Small.jpg
[2011/11/16 20:06:15 | 000,011,145 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{D4FF50B0-43AE-4278-9970-D616AFE083E0}_Large.jpg
[2011/11/16 20:06:15 | 000,002,465 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{D4FF50B0-43AE-4278-9970-D616AFE083E0}_Small.jpg
[2011/11/16 20:06:11 | 000,010,210 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{FFB3584B-FF3C-4FB0-97FB-265FB6E597C8}_Large.jpg
[2011/11/16 20:06:11 | 000,002,591 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{FFB3584B-FF3C-4FB0-97FB-265FB6E597C8}_Small.jpg
[2011/11/16 20:05:56 | 000,009,328 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{2A6DB637-63C5-4CF8-ABC3-EAFB3D17FFD6}_Large.jpg
[2011/11/16 20:05:56 | 000,002,387 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{2A6DB637-63C5-4CF8-ABC3-EAFB3D17FFD6}_Small.jpg
[2011/11/16 20:05:53 | 000,012,726 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{70574E4B-2D4E-4E48-9E6A-1F8D343C2C92}_Large.jpg
[2011/11/16 20:05:53 | 000,003,256 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{70574E4B-2D4E-4E48-9E6A-1F8D343C2C92}_Small.jpg
[2011/11/16 20:05:40 | 000,007,911 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{86569546-C63A-46E7-A246-AE7601A2E1F7}_Large.jpg
[2011/11/16 20:05:40 | 000,002,187 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{86569546-C63A-46E7-A246-AE7601A2E1F7}_Small.jpg
[2011/11/16 20:05:26 | 000,010,693 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{C1A226D4-FCCB-471E-BC35-BE9D40D12365}_Large.jpg
[2011/11/16 20:05:26 | 000,002,739 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{C1A226D4-FCCB-471E-BC35-BE9D40D12365}_Small.jpg
[2011/11/16 19:16:28 | 000,011,600 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{74F2354D-8A3C-4679-8C04-EEE162FD68CC}_Large.jpg
[2011/11/16 19:16:28 | 000,006,817 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{2B6F1161-CD65-42C2-BD21-7D9F5D4C3983}_Large.jpg
[2011/11/16 19:16:28 | 000,002,762 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{74F2354D-8A3C-4679-8C04-EEE162FD68CC}_Small.jpg
[2011/11/16 19:16:28 | 000,002,143 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{2B6F1161-CD65-42C2-BD21-7D9F5D4C3983}_Small.jpg
[2011/11/16 19:16:24 | 000,014,174 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{A2247708-4A28-4660-B30A-E45355E2A6C0}_Large.jpg
[2011/11/16 19:16:24 | 000,003,484 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{A2247708-4A28-4660-B30A-E45355E2A6C0}_Small.jpg
[2011/11/16 19:16:22 | 000,010,833 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{98A311C5-7C49-4D4B-A7ED-24DA66C8F1C2}_Large.jpg
[2011/11/16 19:16:22 | 000,002,718 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{98A311C5-7C49-4D4B-A7ED-24DA66C8F1C2}_Small.jpg
[2011/11/16 19:16:18 | 000,003,254 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{6B28DF4D-633D-4B77-8702-4A34B215F120}_Small.jpg
[2011/11/16 19:16:17 | 000,011,414 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{6B28DF4D-633D-4B77-8702-4A34B215F120}_Large.jpg
[2011/11/16 19:16:15 | 000,008,770 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{19B24432-45E6-4A4C-86AE-0A57B82DB66E}_Large.jpg
[2011/11/16 19:16:15 | 000,002,134 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{19B24432-45E6-4A4C-86AE-0A57B82DB66E}_Small.jpg
[2011/11/16 19:16:12 | 000,010,081 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{DC02F847-4CFF-4391-8311-18C5CDF84A2F}_Large.jpg
[2011/11/16 19:16:12 | 000,008,865 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{F8122DF6-E621-4042-BC53-DA97CD7C759F}_Large.jpg
[2011/11/16 19:16:12 | 000,002,374 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{DC02F847-4CFF-4391-8311-18C5CDF84A2F}_Small.jpg
[2011/11/16 19:16:12 | 000,002,199 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{F8122DF6-E621-4042-BC53-DA97CD7C759F}_Small.jpg
[2011/11/16 19:16:10 | 000,006,029 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{BFE12949-145D-4AC3-B6F3-A891F69F0A16}_Large.jpg
[2011/11/16 19:16:10 | 000,001,811 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{BFE12949-145D-4AC3-B6F3-A891F69F0A16}_Small.jpg
[2011/11/16 19:15:50 | 000,006,775 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{D79B5BE3-9913-4D49-9F95-C2977483FF7B}_Large.jpg
[2011/11/16 19:15:50 | 000,002,036 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{D79B5BE3-9913-4D49-9F95-C2977483FF7B}_Small.jpg
[2011/11/16 19:15:48 | 000,011,479 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{DBEE14E6-EB0B-407E-9ED3-C48DBC3A9A97}_Large.jpg
[2011/11/16 19:15:48 | 000,004,538 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{718E7618-60E8-4902-A656-4499FA7A833E}_Large.jpg
[2011/11/16 19:15:48 | 000,002,633 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{DBEE14E6-EB0B-407E-9ED3-C48DBC3A9A97}_Small.jpg
[2011/11/16 19:15:48 | 000,001,452 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{718E7618-60E8-4902-A656-4499FA7A833E}_Small.jpg
[2011/11/16 19:15:46 | 000,011,935 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{ADE4CA9D-3D14-46AC-8DCD-A71ADA475DA5}_Large.jpg
[2011/11/16 19:15:46 | 000,002,670 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{ADE4CA9D-3D14-46AC-8DCD-A71ADA475DA5}_Small.jpg
[2011/11/16 19:15:42 | 000,009,082 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{03DF6EBC-E8B8-4FD0-B2BE-96E3CA6EA741}_Large.jpg
[2011/11/16 19:15:42 | 000,002,440 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{03DF6EBC-E8B8-4FD0-B2BE-96E3CA6EA741}_Small.jpg
[2011/11/16 19:15:41 | 000,013,788 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{ADA087C0-F61F-41A4-8F42-18B432F9B7CB}_Large.jpg
[2011/11/16 19:15:41 | 000,012,248 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{9013154B-9983-4303-83A5-D5916C7AA9BD}_Large.jpg
[2011/11/16 19:15:41 | 000,003,021 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{ADA087C0-F61F-41A4-8F42-18B432F9B7CB}_Small.jpg
[2011/11/16 19:15:41 | 000,002,853 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{9013154B-9983-4303-83A5-D5916C7AA9BD}_Small.jpg
[2011/11/16 19:15:39 | 000,006,279 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{67A1462C-A08C-4B68-BC0D-68C37CBA24ED}_Large.jpg
[2011/11/16 19:15:39 | 000,001,747 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{67A1462C-A08C-4B68-BC0D-68C37CBA24ED}_Small.jpg
[2011/11/16 19:15:31 | 000,009,494 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{E6B220D1-E944-4692-8D27-591FFB96CEB4}_Large.jpg
[2011/11/16 19:15:31 | 000,002,566 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{E6B220D1-E944-4692-8D27-591FFB96CEB4}_Small.jpg
[2011/11/16 19:15:30 | 000,007,439 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{EA026394-EA1E-473D-BE64-250FEB06466B}_Large.jpg
[2011/11/16 19:15:30 | 000,002,220 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{EA026394-EA1E-473D-BE64-250FEB06466B}_Small.jpg
[2011/11/16 19:15:20 | 000,011,444 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{D02D23AC-9FEE-476D-A71C-D270829FEF89}_Large.jpg
[2011/11/16 19:15:20 | 000,002,832 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{D02D23AC-9FEE-476D-A71C-D270829FEF89}_Small.jpg
[2011/11/16 19:15:18 | 000,010,709 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{7FBAFF55-F68A-4551-B4AC-CEA1306FF8BE}_Large.jpg
[2011/11/16 19:15:18 | 000,002,560 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{7FBAFF55-F68A-4551-B4AC-CEA1306FF8BE}_Small.jpg
[2011/11/16 19:15:17 | 000,008,958 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{2632FC2A-703E-4999-8CF1-52AC7169EB6A}_Large.jpg
[2011/11/16 19:15:17 | 000,002,215 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{2632FC2A-703E-4999-8CF1-52AC7169EB6A}_Small.jpg
[2011/11/16 19:15:15 | 000,008,819 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{E3F722BC-418C-4075-9C76-8B282EB10619}_Large.jpg
[2011/11/16 19:15:15 | 000,002,487 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{E3F722BC-418C-4075-9C76-8B282EB10619}_Small.jpg
[2011/11/16 19:15:12 | 000,008,944 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{4994410E-CF47-405E-8959-FFD8A6D9B38F}_Large.jpg
[2011/11/16 19:15:12 | 000,002,443 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{4994410E-CF47-405E-8959-FFD8A6D9B38F}_Small.jpg
[2011/11/16 19:15:10 | 000,007,173 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{769A2FA5-CE7C-41B3-B7BB-DC3C5CCD53B8}_Large.jpg
[2011/11/16 19:15:10 | 000,002,174 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{769A2FA5-CE7C-41B3-B7BB-DC3C5CCD53B8}_Small.jpg
[2011/11/16 19:15:09 | 000,018,085 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{76D649E3-27B5-4411-9397-1BEB63875369}_Large.jpg
[2011/11/16 19:15:09 | 000,010,718 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{F74E0624-CCD4-4346-A66A-95892EB8098A}_Large.jpg
[2011/11/16 19:15:09 | 000,004,202 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{76D649E3-27B5-4411-9397-1BEB63875369}_Small.jpg
[2011/11/16 19:15:09 | 000,002,647 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{F74E0624-CCD4-4346-A66A-95892EB8098A}_Small.jpg
[2011/11/16 19:15:06 | 000,009,473 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{131B749A-9901-4240-9346-E8826A1F8682}_Large.jpg
[2011/11/16 19:15:06 | 000,006,161 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{A22E0DA9-C421-466F-B7D3-6DF7CAA30FB5}_Large.jpg
[2011/11/16 19:15:06 | 000,002,476 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{131B749A-9901-4240-9346-E8826A1F8682}_Small.jpg
[2011/11/16 19:15:06 | 000,002,018 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{A22E0DA9-C421-466F-B7D3-6DF7CAA30FB5}_Small.jpg
[2011/11/16 19:14:58 | 000,010,986 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{E7CB4C7B-1E9F-4284-AB0E-8AB4C39DA9AA}_Large.jpg
[2011/11/16 19:14:58 | 000,002,749 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{E7CB4C7B-1E9F-4284-AB0E-8AB4C39DA9AA}_Small.jpg
[2011/11/16 19:14:52 | 000,020,402 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{9666FC69-C762-4305-BB15-1A9FB64F1567}_Large.jpg
[2011/11/16 19:14:52 | 000,003,284 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{9666FC69-C762-4305-BB15-1A9FB64F1567}_Small.jpg
[2011/11/16 19:14:50 | 000,009,150 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{32433F5D-F7E7-4ECA-9DDB-3BC9FB014D53}_Large.jpg
[2011/11/16 19:14:50 | 000,006,029 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{DA0F0211-8964-42F4-B9AD-549B4F58FEC0}_Large.jpg
[2011/11/16 19:14:50 | 000,002,005 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{32433F5D-F7E7-4ECA-9DDB-3BC9FB014D53}_Small.jpg
[2011/11/16 19:14:50 | 000,001,804 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{DA0F0211-8964-42F4-B9AD-549B4F58FEC0}_Small.jpg
[2011/11/16 19:14:49 | 000,005,004 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{8F03D171-8D66-4505-BE59-F5CF9330CDD3}_Large.jpg
[2011/11/16 19:14:49 | 000,001,646 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{8F03D171-8D66-4505-BE59-F5CF9330CDD3}_Small.jpg
[2011/11/16 19:14:48 | 000,006,903 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{A4639279-6778-4B2B-82DE-6E4A95F267A8}_Large.jpg
[2011/11/16 19:14:48 | 000,001,920 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{A4639279-6778-4B2B-82DE-6E4A95F267A8}_Small.jpg
[2011/11/16 19:14:47 | 000,008,433 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{B0D62F31-3A88-412A-99A4-0B0D005DCEBB}_Large.jpg
[2011/11/16 19:14:47 | 000,003,284 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{9D442A9E-5173-4C5D-96F3-8A4EC7BDAA3C}_Large.jpg
[2011/11/16 19:14:47 | 000,002,128 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{B0D62F31-3A88-412A-99A4-0B0D005DCEBB}_Small.jpg
[2011/11/16 19:14:47 | 000,001,139 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{9D442A9E-5173-4C5D-96F3-8A4EC7BDAA3C}_Small.jpg
[2011/11/16 19:14:46 | 000,011,749 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{F1E7D38D-98D5-41CA-BB72-8B8B038BE177}_Large.jpg
[2011/11/16 19:14:46 | 000,002,635 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{F1E7D38D-98D5-41CA-BB72-8B8B038BE177}_Small.jpg
[2011/11/16 19:14:45 | 000,011,299 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{438AAA1B-71C8-4A31-BDBA-4DE9597F29C1}_Large.jpg
[2011/11/16 19:14:45 | 000,007,362 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{077E91BD-93A2-469F-B817-4F5344DE4A5C}_Large.jpg
[2011/11/16 19:14:45 | 000,002,743 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{438AAA1B-71C8-4A31-BDBA-4DE9597F29C1}_Small.jpg
[2011/11/16 19:14:45 | 000,002,138 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{077E91BD-93A2-469F-B817-4F5344DE4A5C}_Small.jpg
[2011/11/16 19:14:44 | 000,008,411 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{6EED8664-3060-4202-BCEB-7041309ACAD2}_Large.jpg
[2011/11/16 19:14:44 | 000,007,616 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{5F6606F2-4F60-4205-98B5-6B0BDDB7AC08}_Large.jpg
[2011/11/16 19:14:44 | 000,002,177 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{6EED8664-3060-4202-BCEB-7041309ACAD2}_Small.jpg
[2011/11/16 19:14:44 | 000,002,116 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{5F6606F2-4F60-4205-98B5-6B0BDDB7AC08}_Small.jpg
[2011/11/16 19:14:37 | 000,009,422 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{2D5CC9D1-DD92-401F-95AB-DDFEB32C6A9E}_Large.jpg
[2011/11/16 19:14:37 | 000,002,748 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{2D5CC9D1-DD92-401F-95AB-DDFEB32C6A9E}_Small.jpg
[2011/11/16 19:14:35 | 000,005,811 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{067D3436-C493-4905-A2BC-34720FEBB2C7}_Large.jpg
[2011/11/16 19:14:35 | 000,005,167 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{92408818-6197-406C-849F-C236FD76E321}_Large.jpg
[2011/11/16 19:14:35 | 000,001,943 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{067D3436-C493-4905-A2BC-34720FEBB2C7}_Small.jpg
[2011/11/16 19:14:35 | 000,001,532 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{92408818-6197-406C-849F-C236FD76E321}_Small.jpg
[2011/11/16 19:14:34 | 000,009,580 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{2412B43C-40C0-41C0-ACC0-53B917FC261A}_Large.jpg
[2011/11/16 19:14:34 | 000,008,912 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{5568E2A4-BDEC-4108-94A6-42EE12F95C58}_Large.jpg
[2011/11/16 19:14:34 | 000,002,384 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{5568E2A4-BDEC-4108-94A6-42EE12F95C58}_Small.jpg
[2011/11/16 19:14:34 | 000,002,166 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{2412B43C-40C0-41C0-ACC0-53B917FC261A}_Small.jpg
[2011/11/16 19:14:33 | 000,006,073 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{25C54D2E-A6EA-4E73-BA5A-8D1CE8AAFCAF}_Large.jpg
[2011/11/16 19:14:33 | 000,002,128 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{25C54D2E-A6EA-4E73-BA5A-8D1CE8AAFCAF}_Small.jpg
[2011/11/16 19:14:31 | 000,011,273 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{B3423A74-7392-4003-B4F4-68EAA414E8B7}_Large.jpg
[2011/11/16 19:14:31 | 000,010,891 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{F4FDE8C1-5822-4C64-B6A5-664300A09CEB}_Large.jpg
[2011/11/16 19:14:31 | 000,002,623 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{F4FDE8C1-5822-4C64-B6A5-664300A09CEB}_Small.jpg
[2011/11/16 19:14:31 | 000,002,510 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{B3423A74-7392-4003-B4F4-68EAA414E8B7}_Small.jpg
[2011/11/16 19:14:30 | 000,009,552 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{34A2351A-28EE-4219-9404-33C64C96EC30}_Large.jpg
[2011/11/16 19:14:30 | 000,002,674 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{34A2351A-28EE-4219-9404-33C64C96EC30}_Small.jpg
[2011/11/16 19:14:29 | 000,013,528 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{59A3A155-329A-4F73-8988-F84E9ECF2EE3}_Large.jpg
[2011/11/16 19:14:29 | 000,002,988 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{59A3A155-329A-4F73-8988-F84E9ECF2EE3}_Small.jpg
[2011/11/16 19:14:29 | 000,002,864 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{0639B756-E1B6-49AE-AC5D-A43CE998F3BC}_Large.jpg
[2011/11/16 19:14:29 | 000,000,998 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{0639B756-E1B6-49AE-AC5D-A43CE998F3BC}_Small.jpg
[2011/11/16 19:14:27 | 000,006,716 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{7F7A2029-3FD9-4D5B-9A4E-4F5E14D99E58}_Large.jpg
[2011/11/16 19:14:27 | 000,001,956 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{7F7A2029-3FD9-4D5B-9A4E-4F5E14D99E58}_Small.jpg
[2011/11/16 19:14:17 | 000,010,110 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{FA86EAC9-653A-4637-A992-81B9DDAF20A1}_Large.jpg
[2011/11/16 19:14:17 | 000,002,406 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{FA86EAC9-653A-4637-A992-81B9DDAF20A1}_Small.jpg
[2011/11/16 19:14:14 | 000,008,205 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{CB897A7D-EAB3-4909-BB32-7027D68BACC5}_Large.jpg
[2011/11/16 19:14:14 | 000,002,450 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{CB897A7D-EAB3-4909-BB32-7027D68BACC5}_Small.jpg
[2011/11/16 19:14:06 | 000,003,815 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{AB9E10A3-4086-4A94-B6A5-251B57E41AD7}_Large.jpg
[2011/11/16 19:14:06 | 000,001,347 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{AB9E10A3-4086-4A94-B6A5-251B57E41AD7}_Small.jpg
[2011/11/16 19:14:05 | 000,009,190 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{77F7BD85-80C4-4FF8-B5F8-03191902D312}_Large.jpg
[2011/11/16 19:14:05 | 000,002,310 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{77F7BD85-80C4-4FF8-B5F8-03191902D312}_Small.jpg
[2011/11/16 19:14:04 | 000,008,924 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{54DC63C2-1521-4BE4-A3E3-38B8147D0B05}_Large.jpg
[2011/11/16 19:14:04 | 000,002,281 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{54DC63C2-1521-4BE4-A3E3-38B8147D0B05}_Small.jpg
[2011/11/16 19:14:02 | 000,009,701 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{288C0E4F-1E6A-43F5-9307-D67F1A95C913}_Large.jpg
[2011/11/16 19:14:02 | 000,002,436 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{288C0E4F-1E6A-43F5-9307-D67F1A95C913}_Small.jpg
[2011/11/16 19:13:57 | 000,009,704 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{A21887AB-853A-43D1-B7A5-D3DA716C81FF}_Large.jpg
[2011/11/16 19:13:57 | 000,006,879 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{2EB9E5E0-608A-4819-B173-FCA781A37A0B}_Large.jpg
[2011/11/16 19:13:57 | 000,002,557 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{A21887AB-853A-43D1-B7A5-D3DA716C81FF}_Small.jpg
[2011/11/16 19:13:57 | 000,002,091 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{2EB9E5E0-608A-4819-B173-FCA781A37A0B}_Small.jpg
[2011/11/16 19:13:51 | 000,008,368 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{D4A9C1B0-C7CE-4F18-9A5E-6FE0220D473C}_Large.jpg
[2011/11/16 19:13:51 | 000,002,257 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{D4A9C1B0-C7CE-4F18-9A5E-6FE0220D473C}_Small.jpg
[2011/11/16 19:13:50 | 000,008,095 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{AE4B4E15-3679-4B07-A27F-401F6B2866FA}_Large.jpg
[2011/11/16 19:13:50 | 000,002,280 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{AE4B4E15-3679-4B07-A27F-401F6B2866FA}_Small.jpg
[2011/11/16 19:13:49 | 000,011,768 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{3FD5E3B7-19FD-4EF0-B619-E71B154E1F77}_Large.jpg
[2011/11/16 19:13:49 | 000,002,710 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{3FD5E3B7-19FD-4EF0-B619-E71B154E1F77}_Small.jpg
[2011/11/16 19:13:45 | 000,009,626 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{B0D276D6-10E7-4751-96D8-9E8308A17036}_Large.jpg
[2011/11/16 19:13:45 | 000,002,381 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{B0D276D6-10E7-4751-96D8-9E8308A17036}_Small.jpg
[2011/11/16 19:13:41 | 000,014,169 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{3EFE54BB-9E40-498C-843E-CFAF27D967C5}_Large.jpg
[2011/11/16 19:13:41 | 000,003,192 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{3EFE54BB-9E40-498C-843E-CFAF27D967C5}_Small.jpg
[2011/11/16 19:13:38 | 000,002,655 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{3F89ED47-B59A-436D-BB14-37446CBEF416}_Small.jpg
[2011/11/16 19:13:37 | 000,011,736 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{3F89ED47-B59A-436D-BB14-37446CBEF416}_Large.jpg
[2011/11/16 19:13:31 | 000,009,719 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{6EEC61CC-3D5C-4362-B15F-8F8CB6AFD48D}_Large.jpg
[2011/11/16 19:13:31 | 000,002,445 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{6EEC61CC-3D5C-4362-B15F-8F8CB6AFD48D}_Small.jpg
[2011/11/16 19:13:30 | 000,011,918 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{CB1CD5D6-E5C2-47C5-B680-50EA5B632776}_Large.jpg
[2011/11/16 19:13:30 | 000,002,916 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{CB1CD5D6-E5C2-47C5-B680-50EA5B632776}_Small.jpg
[2011/11/16 19:13:23 | 000,007,784 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{5F755A68-5EAC-41B1-8A79-86414459D483}_Large.jpg
[2011/11/16 19:13:23 | 000,001,923 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{5F755A68-5EAC-41B1-8A79-86414459D483}_Small.jpg
[2011/11/16 19:13:21 | 000,009,962 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{9829AF1D-62FA-4C27-8AD3-CCAC62509E86}_Large.jpg
[2011/11/16 19:13:21 | 000,002,561 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{9829AF1D-62FA-4C27-8AD3-CCAC62509E86}_Small.jpg
[2011/11/16 19:13:20 | 000,014,071 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{19D02FCF-5996-4F01-8A6D-21D8A7F7A666}_Large.jpg
[2011/11/16 19:13:20 | 000,003,238 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{19D02FCF-5996-4F01-8A6D-21D8A7F7A666}_Small.jpg
[2011/11/16 19:13:19 | 000,007,840 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{35AB8800-02D2-470B-A6DD-13FA3C2507E6}_Large.jpg
[2011/11/16 19:13:19 | 000,002,119 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{35AB8800-02D2-470B-A6DD-13FA3C2507E6}_Small.jpg
[2011/11/16 19:13:18 | 000,008,124 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{333FDA9A-97DF-4719-991E-189E5577FFA4}_Large.jpg
[2011/11/16 19:13:18 | 000,005,321 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{7C004614-0348-40FF-B59D-D08607A76472}_Large.jpg
[2011/11/16 19:13:18 | 000,002,287 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{333FDA9A-97DF-4719-991E-189E5577FFA4}_Small.jpg
[2011/11/16 19:13:18 | 000,001,821 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{7C004614-0348-40FF-B59D-D08607A76472}_Small.jpg
[2011/11/16 19:13:12 | 000,008,193 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{9DB656F4-0832-4D83-B1ED-82D030C1D425}_Large.jpg
[2011/11/16 19:13:12 | 000,004,465 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{4CF2E615-ACDF-47BF-8519-C22DC6865348}_Large.jpg
[2011/11/16 19:13:12 | 000,002,358 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{9DB656F4-0832-4D83-B1ED-82D030C1D425}_Small.jpg
[2011/11/16 19:13:12 | 000,001,494 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{4CF2E615-ACDF-47BF-8519-C22DC6865348}_Small.jpg
[2011/11/16 19:13:11 | 000,008,678 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{57C415D0-6885-4B25-954F-DA3AA79ACF09}_Large.jpg
[2011/11/16 19:13:11 | 000,008,354 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{DCB934F4-48D4-44D7-9FFF-55446A7F8F0C}_Large.jpg
[2011/11/16 19:13:11 | 000,002,369 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{DCB934F4-48D4-44D7-9FFF-55446A7F8F0C}_Small.jpg
[2011/11/16 19:13:11 | 000,002,100 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{57C415D0-6885-4B25-954F-DA3AA79ACF09}_Small.jpg
[2011/11/16 19:13:10 | 000,010,170 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{1674FDDA-E131-4A04-9734-D933F45DF60A}_Large.jpg
[2011/11/16 19:13:10 | 000,007,858 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{C804F59C-F5A4-4FDC-ADED-F202DEB224FC}_Large.jpg
[2011/11/16 19:13:10 | 000,002,232 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{1674FDDA-E131-4A04-9734-D933F45DF60A}_Small.jpg
[2011/11/16 19:13:10 | 000,001,957 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{C804F59C-F5A4-4FDC-ADED-F202DEB224FC}_Small.jpg
[2011/11/16 19:13:09 | 000,014,730 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{9544E874-7FBB-47CC-8294-F1B6C05519B5}_Large.jpg
[2011/11/16 19:13:09 | 000,007,645 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{57620910-E489-4AB9-B21B-63838DEA010D}_Large.jpg
[2011/11/16 19:13:09 | 000,003,217 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{9544E874-7FBB-47CC-8294-F1B6C05519B5}_Small.jpg
[2011/11/16 19:13:09 | 000,002,327 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{57620910-E489-4AB9-B21B-63838DEA010D}_Small.jpg
[2011/11/16 19:13:08 | 000,013,849 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{27CFBBFD-5265-4EC4-A982-42DE40C7791E}_Large.jpg
[2011/11/16 19:13:08 | 000,012,958 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{AEADE689-53A3-40A0-99B9-2C9763B2053F}_Large.jpg
[2011/11/16 19:13:08 | 000,011,819 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{08CCFF68-CEE4-4625-8381-64C513B0920D}_Large.jpg
[2011/11/16 19:13:08 | 000,008,831 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{3A440638-42DD-4C35-A4F9-F2A1275AE6A3}_Large.jpg
[2011/11/16 19:13:08 | 000,003,001 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{27CFBBFD-5265-4EC4-A982-42DE40C7791E}_Small.jpg
[2011/11/16 19:13:08 | 000,002,965 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{AEADE689-53A3-40A0-99B9-2C9763B2053F}_Small.jpg
[2011/11/16 19:13:08 | 000,002,453 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{08CCFF68-CEE4-4625-8381-64C513B0920D}_Small.jpg
[2011/11/16 19:13:08 | 000,002,185 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{3A440638-42DD-4C35-A4F9-F2A1275AE6A3}_Small.jpg
[2011/11/16 19:13:07 | 000,009,499 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{8687AF4A-BB7D-444F-83EF-5DCF6A903D42}_Large.jpg
[2011/11/16 19:13:07 | 000,002,407 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{8687AF4A-BB7D-444F-83EF-5DCF6A903D42}_Small.jpg
[2011/11/16 19:12:57 | 000,010,889 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{08531D39-8F27-4241-AFF0-BF7005207AA0}_Large.jpg
[2011/11/16 19:12:57 | 000,002,994 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{08531D39-8F27-4241-AFF0-BF7005207AA0}_Small.jpg
[2011/11/16 19:12:56 | 000,004,787 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{32F3ACDC-3959-486C-9272-2C3D317AE359}_Large.jpg
[2011/11/16 19:12:56 | 000,001,593 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{32F3ACDC-3959-486C-9272-2C3D317AE359}_Small.jpg
[2011/11/16 19:12:53 | 000,008,291 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{86C84749-99DF-4996-ABC0-6AB43D7D6F21}_Large.jpg
[2011/11/16 19:12:53 | 000,002,409 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{86C84749-99DF-4996-ABC0-6AB43D7D6F21}_Small.jpg
[2011/11/16 19:12:52 | 000,011,221 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{8CA9E192-EB19-43BF-9A0F-8A54D1E6A1F4}_Large.jpg
[2011/11/16 19:12:52 | 000,002,763 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{8CA9E192-EB19-43BF-9A0F-8A54D1E6A1F4}_Small.jpg
[2011/11/16 19:12:51 | 000,014,048 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{3D731899-AA26-4F91-9FD6-16A3EBEF28DE}_Large.jpg
[2011/11/16 19:12:51 | 000,002,984 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{3D731899-AA26-4F91-9FD6-16A3EBEF28DE}_Small.jpg
[2011/11/16 19:12:49 | 000,008,815 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{36C157AB-DBA1-4C5F-B41C-09D0F6AC6DEC}_Large.jpg
[2011/11/16 19:12:49 | 000,002,273 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{36C157AB-DBA1-4C5F-B41C-09D0F6AC6DEC}_Small.jpg
[2011/11/16 19:12:42 | 000,007,063 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{04B9974E-A018-44F1-9812-53C733FFEDA6}_Large.jpg
[2011/11/16 19:12:42 | 000,002,028 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{04B9974E-A018-44F1-9812-53C733FFEDA6}_Small.jpg
[2011/11/16 19:12:41 | 000,008,542 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{ECA94AE1-6C52-484B-87F1-1CCA0A755699}_Large.jpg
[2011/11/16 19:12:41 | 000,002,156 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{ECA94AE1-6C52-484B-87F1-1CCA0A755699}_Small.jpg
[2011/11/16 19:12:37 | 000,007,437 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{434D1131-7A05-4F42-A7C9-782E7098B2DC}_Large.jpg
[2011/11/16 19:12:37 | 000,006,853 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{4AB8827D-EA0E-4A2E-B8B2-77BE178BEEBA}_Large.jpg
[2011/11/16 19:12:37 | 000,002,194 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{434D1131-7A05-4F42-A7C9-782E7098B2DC}_Small.jpg
[2011/11/16 19:12:37 | 000,002,095 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{4AB8827D-EA0E-4A2E-B8B2-77BE178BEEBA}_Small.jpg
[2011/11/16 19:12:32 | 000,010,977 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{B9488B15-CDC5-4990-8E54-43A7740344B7}_Large.jpg
[2011/11/16 19:12:32 | 000,006,915 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{146E21AC-27ED-484C-8392-81F09771F2B5}_Large.jpg
[2011/11/16 19:12:32 | 000,002,922 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{B9488B15-CDC5-4990-8E54-43A7740344B7}_Small.jpg
[2011/11/16 19:12:32 | 000,002,213 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{146E21AC-27ED-484C-8392-81F09771F2B5}_Small.jpg
[2011/11/16 19:12:25 | 000,008,787 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{B37B6E7E-9016-4A55-860D-3F3A7326F155}_Large.jpg
[2011/11/16 19:12:25 | 000,002,536 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{B37B6E7E-9016-4A55-860D-3F3A7326F155}_Small.jpg
[2011/11/16 19:12:24 | 000,007,538 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{6EB46733-0CA9-4166-9125-FD1C9393CF92}_Large.jpg
[2011/11/16 19:12:24 | 000,002,105 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{6EB46733-0CA9-4166-9125-FD1C9393CF92}_Small.jpg
[2011/11/16 19:12:21 | 000,009,340 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{2D9B922A-6839-471B-A1BC-4B6EBC2A43A4}_Large.jpg
[2011/11/16 19:12:21 | 000,002,313 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{2D9B922A-6839-471B-A1BC-4B6EBC2A43A4}_Small.jpg
[2011/11/16 19:12:20 | 000,008,597 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{6CE1BDF6-9197-45AE-A1C3-EF001E30AF55}_Large.jpg
[2011/11/16 19:12:20 | 000,001,849 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{6CE1BDF6-9197-45AE-A1C3-EF001E30AF55}_Small.jpg
[2011/11/16 19:12:17 | 000,005,495 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{9E5A21C6-EB3D-4E92-8F9C-6FBAA84BE24D}_Large.jpg
[2011/11/16 19:12:17 | 000,001,705 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{9E5A21C6-EB3D-4E92-8F9C-6FBAA84BE24D}_Small.jpg
[2011/11/16 19:12:16 | 000,007,823 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{C23F0693-8BB7-4E5C-8A83-E7DACC23A5C7}_Large.jpg
[2011/11/16 19:12:16 | 000,001,900 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{C23F0693-8BB7-4E5C-8A83-E7DACC23A5C7}_Small.jpg
[2011/11/16 19:12:15 | 000,012,406 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{EF65B9AE-F1B5-454B-95C4-03BF571E285A}_Large.jpg
[2011/11/16 19:12:15 | 000,003,072 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{EF65B9AE-F1B5-454B-95C4-03BF571E285A}_Small.jpg
[2011/11/16 19:12:14 | 000,010,105 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{1D740947-3C39-4C54-A6B0-078DF497D007}_Large.jpg
[2011/11/16 19:12:14 | 000,002,499 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{1D740947-3C39-4C54-A6B0-078DF497D007}_Small.jpg
[2011/11/16 19:12:13 | 000,010,326 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{170D2760-CC34-4E49-A398-1D15A3FCC97A}_Large.jpg
[2011/11/16 19:12:13 | 000,002,321 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{170D2760-CC34-4E49-A398-1D15A3FCC97A}_Small.jpg
[2011/11/16 19:12:06 | 000,009,226 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{AA9757A1-BD04-4006-8760-606B3A8EF507}_Large.jpg
[2011/11/16 19:12:06 | 000,002,521 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{AA9757A1-BD04-4006-8760-606B3A8EF507}_Small.jpg
[2011/11/16 19:12:03 | 000,014,490 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{424E676B-C2B6-4AB1-8B15-CFF95FAFD3C9}_Large.jpg
[2011/11/16 19:12:03 | 000,003,279 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{424E676B-C2B6-4AB1-8B15-CFF95FAFD3C9}_Small.jpg
[2011/11/16 19:12:02 | 000,008,398 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{4B0A7714-933A-4FF9-9BDA-6213EDD5732C}_Large.jpg
[2011/11/16 19:12:02 | 000,002,367 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{4B0A7714-933A-4FF9-9BDA-6213EDD5732C}_Small.jpg
[2011/11/16 19:11:59 | 000,010,281 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{0D61CC38-573E-4879-866A-4E6DAF5F9B22}_Large.jpg
[2011/11/16 19:11:59 | 000,009,892 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{1A45114F-0977-43C4-AA4B-713D4703D7A8}_Large.jpg
[2011/11/16 19:11:59 | 000,006,338 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{18595B40-65F1-47EA-94A4-F924E21245C1}_Large.jpg
[2011/11/16 19:11:59 | 000,002,589 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{0D61CC38-573E-4879-866A-4E6DAF5F9B22}_Small.jpg
[2011/11/16 19:11:59 | 000,002,515 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{1A45114F-0977-43C4-AA4B-713D4703D7A8}_Small.jpg
[2011/11/16 19:11:59 | 000,001,969 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{18595B40-65F1-47EA-94A4-F924E21245C1}_Small.jpg
[2011/11/16 19:11:58 | 000,009,573 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{B883DB08-3C0E-457E-A1F3-7E0584EEE0F7}_Large.jpg
[2011/11/16 19:11:58 | 000,007,520 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{471363A6-8397-4D0A-8D02-5CAE407E9BA9}_Large.jpg
[2011/11/16 19:11:58 | 000,002,452 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{B883DB08-3C0E-457E-A1F3-7E0584EEE0F7}_Small.jpg
[2011/11/16 19:11:58 | 000,001,677 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{471363A6-8397-4D0A-8D02-5CAE407E9BA9}_Small.jpg
[2011/11/16 19:11:51 | 000,010,593 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{7FE0342D-ECC0-4D1B-9FB1-8F9A22E000E4}_Large.jpg
[2011/11/16 19:11:51 | 000,002,829 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{7FE0342D-ECC0-4D1B-9FB1-8F9A22E000E4}_Small.jpg
[2011/11/16 19:11:50 | 000,011,314 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{71404B04-2CF3-4F52-BF1A-59299813F863}_Large.jpg
[2011/11/16 19:11:50 | 000,002,574 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{71404B04-2CF3-4F52-BF1A-59299813F863}_Small.jpg
[2011/11/16 19:11:48 | 000,005,520 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{435F8B64-F907-47C4-AC18-C05A8E95673B}_Large.jpg
[2011/11/16 19:11:48 | 000,001,779 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{435F8B64-F907-47C4-AC18-C05A8E95673B}_Small.jpg
[2011/11/16 19:11:46 | 000,010,091 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{91123FB4-7642-4DA3-BD9C-BA08B7E5F445}_Large.jpg
[2011/11/16 19:11:46 | 000,002,539 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{91123FB4-7642-4DA3-BD9C-BA08B7E5F445}_Small.jpg
[2011/11/16 19:11:44 | 000,010,337 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{CE07D5AE-5A9F-4371-9B34-0973DEC9AF0B}_Large.jpg
[2011/11/16 19:11:44 | 000,002,579 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{CE07D5AE-5A9F-4371-9B34-0973DEC9AF0B}_Small.jpg
[2011/11/16 19:11:43 | 000,009,542 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{873728F2-EE03-4E96-B011-3BAB14ECF06B}_Large.jpg
[2011/11/16 19:11:43 | 000,002,401 | -HS- | C] () -- C:\Users\D\Documents\AlbumArt_{873728F2-EE03-4E96-B011-3BAB14ECF06B}_Small.jpg
[2011/11/16 14:55:45 | 000,000,177 | ---- | C] () -- C:\Users\D\Desktop\Healthcare Jobs & Nursing Jobs in Colorado Centura Health.url
[2011/11/16 14:51:12 | 000,000,254 | ---- | C] () -- C:\Users\D\Desktop\Security Officer Jobs in Castle Rock, CO - Classic Job Search.url
[2011/11/16 11:28:07 | 000,000,128 | ---- | C] () -- C:\Users\D\Desktop\Health Professions Education Foundation.url
[2011/11/16 10:38:44 | 000,000,147 | ---- | C] () -- C:\Users\D\Desktop\Frequently Asked Questions.url
[2011/11/16 10:36:57 | 000,000,162 | ---- | C] () -- C:\Users\D\Desktop\Division of Registrations.url
[2011/11/16 10:36:36 | 000,000,153 | ---- | C] () -- C:\Users\D\Desktop\Licensee - Applicant Services (3).url
[2011/11/16 10:34:56 | 000,000,147 | ---- | C] () -- C:\Users\D\Desktop\Policies.url
[2011/11/16 10:34:03 | 000,000,148 | ---- | C] () -- C:\Users\D\Desktop\Licensee - Applicant Services (2).url
[2011/11/16 10:32:21 | 000,000,131 | ---- | C] () -- C:\Users\D\Desktop\Healthcare Professions Profiling Program (HPPP).url
[2011/11/16 10:20:54 | 000,000,148 | ---- | C] () -- C:\Users\D\Desktop\Licensee - Applicant Services.url
[2011/11/16 00:13:52 | 000,001,169 | ---- | C] () -- C:\Users\D\Desktop\www.sing365.com.url
[2011/11/15 14:08:54 | 000,000,216 | ---- | C] () -- C:\Users\D\Desktop\YouTube videos won't play - YouTube Help.url
[2011/11/15 09:45:48 | 000,000,850 | ---- | C] () -- C:\Users\D\Desktop\Norton Installation Files.lnk
[2011/11/15 00:02:38 | 000,000,916 | ---- | C] () -- C:\Users\D\Documents\WORM MAYBE cc_20111115_000218.reg
[2011/11/13 23:46:36 | 000,426,411 | ---- | C] () -- C:\Users\D\Documents\CO lpc app.pdf
[2011/11/13 22:39:55 | 000,000,154 | ---- | C] () -- C:\Users\D\Desktop\ATTC - Certification Info.url
[2011/11/13 22:37:55 | 000,000,297 | ---- | C] () -- C:\Users\D\Desktop\Can unlicensed psychotherapists claim they're registered by the state Colorado Statesman.url
[2011/11/13 22:35:32 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/13 22:35:32 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/13 22:10:03 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/13 22:10:01 | 000,000,872 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/13 22:07:11 | 000,000,254 | ---- | C] () -- C:\Users\D\Desktop\PDF converter, convert to PDF, create PDF files Adobe Acrobat X Pro.url
[2011/11/13 21:49:05 | 000,000,129 | ---- | C] () -- C:\Users\D\Desktop\Find a Therapist - Members of the Colorado Association of Psychotherapists.url
[2011/11/09 13:29:35 | 000,000,145 | ---- | C] () -- C:\Users\D\Desktop\Related Links.url
[2011/11/09 10:51:59 | 000,000,198 | ---- | C] () -- C:\Users\D\Desktop\The Shining Bathroom Scene - YouTube.url
[2011/11/09 10:50:24 | 000,000,198 | ---- | C] () -- C:\Users\D\Desktop\Lost Highway - Mystery Man - YouTube.url
[2011/11/02 01:40:38 | 000,000,198 | ---- | C] () -- C:\Users\D\Desktop\Veruca Salt - Seether - YouTube.url
[2011/11/01 23:54:28 | 000,000,181 | ---- | C] () -- C:\Users\D\Desktop\JUNG INTJ -.url
[2011/10/28 22:04:34 | 000,000,214 | ---- | C] () -- C:\Users\D\Desktop\Spokeo - David Ramstad - Aqueduct Ave.url
[2011/10/28 03:59:38 | 000,047,401 | ---- | C] () -- C:\Users\D\Documents\BBS Weekly Log Form.pdf
[2011/10/28 03:15:04 | 000,000,254 | ---- | C] () -- C:\Users\D\Desktop\Phillips Graduate Institute - Chatsworth, Facebook.url
[2011/10/26 22:42:27 | 000,000,198 | ---- | C] () -- C:\Users\D\Desktop\System Of A Down - Sugar - YouTube.url
[2011/10/26 18:00:24 | 000,000,429 | ---- | C] () -- C:\Users\D\Desktop\Phillips Graduate Institute Student Reviews.url
[2011/10/26 17:38:17 | 000,000,212 | ---- | C] () -- C:\Users\D\Desktop\phillips contact us.url
[2011/07/18 12:26:06 | 000,376,394 | ---- | C] () -- C:\Users\D\AppData\Local\census.cache
[2011/07/18 12:25:14 | 000,180,986 | ---- | C] () -- C:\Users\D\AppData\Local\ars.cache
[2011/03/02 22:13:01 | 000,000,140 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2010/11/01 18:37:54 | 000,000,036 | ---- | C] () -- C:\Users\D\AppData\Local\housecall.guid.cache
[2010/02/09 14:02:31 | 000,001,356 | ---- | C] () -- C:\Users\D\AppData\Local\d3d9caps.dat
[2010/01/19 20:27:21 | 000,024,206 | ---- | C] () -- C:\Users\D\AppData\Roaming\UserTile.png
[2010/01/02 22:53:53 | 000,000,012 | ---- | C] () -- C:\Windows\msoffice.ini
[2009/12/17 00:31:13 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/10/20 11:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/08/09 23:05:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/09 23:05:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/14 04:01:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/26 19:04:06 | 000,000,698 | ---- | C] () -- C:\Users\D\AppData\Roaming\wklnhst.dat
[2009/01/22 07:00:18 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/01/19 18:23:37 | 000,039,424 | ---- | C] () -- C:\Users\D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/16 18:27:09 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/03/19 04:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 04:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 04:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 04:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/10 06:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,302,328 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/01/17 17:04:22 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\AutoHideIP
[2010/05/24 08:32:06 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/12 00:25:12 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\eMusic
[2009/12/22 13:21:49 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\Funambol
[2009/02/18 14:13:01 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\GetRightToGo
[2011/11/21 22:51:11 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\IObit
[2010/07/12 20:12:16 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\MusicNet
[2010/01/19 20:27:20 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\PeerNetworking
[2010/01/04 21:03:02 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\supportdotcom
[2011/02/26 16:36:53 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\SupportSoft
[2009/01/26 19:04:08 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\Template
[2010/01/13 01:07:41 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\Tific
[2010/08/22 16:08:00 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\TweakNow PowerPack 2010
[2011/11/19 15:06:16 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\TweakNow PowerPack 2011
[2010/08/07 11:18:18 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\TweakNow RegCleaner
[2011/07/31 15:02:39 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\Windows Live Writer
[2011/10/26 09:28:30 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/11/24 19:15:02 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\D\Documents\Fire_fighter_rescue1.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\D\Documents\Fire_fighter_rescue1 - Copy.mpg:TOC.WMV
@Alternate Data Stream - 2122 bytes -> C:\Users\D\Documents\Fwd_(nosubject).eml:OECustomProperty
@Alternate Data Stream - 2122 bytes -> C:\Users\D\Documents\Fwd_(nosubject) - Copy.eml:OECustomProperty
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:8A7A06B5
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMPFC5A2B2

< End of report >


----------



## dramstad (Nov 18, 2011)

Hi Eddie, Thanks so much for helping me. I'm not sure if I included this OTL EXTRAS logfile in the previous post. Thanks!

OTL Extras logfile created on: 11/25/2011 2:42:34 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\D\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 52.30% Memory free
4.88 Gb Paging File | 3.87 Gb Available in Paging File | 79.28% Paging File free
Paging file location(s): c:\pagefile.sys 3072 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 114.99 Gb Free Space | 51.61% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.24 Gb Free Space | 42.42% Space Free | Partition Type: NTFS

Computer Name: D-PC | User Name: D | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{193CFDBF-F449-40DB-AA52-1958F670E288}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{525F68ED-BDA8-4164-9575-7DCB69D01205}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{62583E62-6BB6-4D8F-951E-F40E24EF82EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AF7FC256-5B1C-4CA4-AE89-6A59CF2D73E3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009D1368-04A3-4FF2-A3C9-ADE0B3590C0B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{07E2AB3B-B723-4589-A551-80B0A6661864}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0E7E9FF5-6137-4064-8C18-FF44DC3E655D}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{0ED7C111-0E16-43B2-A8AB-F00132EAE383}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{115C4ED1-556F-4B4D-B055-071CF91E860E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{11BAF8F5-E236-460A-BFC1-3E03F5BE7097}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{130AFD94-728B-4FB7-8184-5F061C2D6A91}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{17ECBDDE-0A04-4605-8E80-04B7D20DAB01}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1262709377\ee\aolsoftware.exe | 
"{1886F585-95F7-4739-AB4B-1CA649AD9C00}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{2AC67408-C7A2-4194-9F3C-97F47D4942E2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{32E63FCC-53BB-4CB5-B59C-285F108255D0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{381CDEEA-BA8F-4CE1-8C10-ABBA1486725A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{45CEFA3C-CAF8-49D7-A758-3A38330E6E2B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{475D9217-7141-4785-83B9-8ED86369A87D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{5151D9D9-AA77-4A75-9B5E-6351A584847C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{51E86470-C224-418B-B134-A1613BE69A56}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{5C70CA89-7306-495C-BC2D-10D214167B0B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5F405D4E-B5D4-4836-A3AF-790CA78A0B21}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1262709377\ee\aolsoftware.exe | 
"{64034F9F-27F9-446F-920B-8F2E7F0AFEA3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{64E51D7C-BB5B-457F-918B-29F35B24AD2F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{69569454-10B6-4FD7-88E4-ACA84ABA1529}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{702C07C6-D6FD-4259-8B42-D330F484C15E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{74E24672-DAB1-4D3C-AA24-ED0A6339A990}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7D5824F8-D597-4054-AA86-618FB8D59ED0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7F984AA3-9721-431C-A196-BA9F49DFBF56}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{844502D6-FBF7-42A5-B72A-63E7EFF2E2F8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{8AD3BA47-69FF-41F5-908A-49A71BE0C6C2}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{8D817212-138B-4CC5-8CC4-851AF207972F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{A0810598-528B-4F29-AC61-23D9C6EAF935}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{B3954FBD-0EB2-403E-84AE-CB92C3F552B0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BBD81D95-5CD9-4A7C-9AFC-C71E7278580A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1262709377\ee\aolsoftware.exe | 
"{BC622BCB-A14B-4447-9948-394E00E46044}" = protocol=6 | dir=in | app=c:\program files\aol 9.5\waol.exe | 
"{BEA4F7AB-07C8-4359-84D0-6B9361C95EC3}" = protocol=17 | dir=in | app=c:\program files\aol 9.5\waol.exe | 
"{BF10753C-CAD0-46E8-9C0D-097270974809}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{C2428362-D8B2-488F-9831-C0B2AECFB3B3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{C2690C08-8D21-4951-9D20-6F114E07B205}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C5D283C7-A76B-4235-967E-E57C15A0A3F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E259700B-00B2-4B7D-BF3B-2D1A4AB5248A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1262709377\ee\aolsoftware.exe | 
"{EA0950D1-ACC3-4F99-BA68-F144CF43FBB8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{F34F4873-4738-46B2-B85F-3F86A115029F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{FA1519EF-CD90-43F9-8A80-A91ED6D39B27}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FE1A9E72-9B8F-486B-A85A-1B2880A25B4D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A5B48A19-F319-6BFB-82DE-A18ED1087221}" = Acrobat.com
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"eMusic Download Manager" = eMusic Download Manager 4.1.3.1
"ESET Online Scanner" = ESET Online Scanner v3
"Funambol Outlook Sync Client" = Funambol Outlook Sync Client 7.2.2
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"Yahoo! Companion" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/5/2011 12:10:40 PM | Computer Name = D-PC | Source = Perflib | ID = 1008
Description =

Error - 3/6/2011 3:14:28 PM | Computer Name = D-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.19019 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 11b4 Start Time: 01cbdc2206e419d0 Termination Time: 156

Error - 3/6/2011 6:19:36 PM | Computer Name = D-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x0003de2d, process id 0x170, application
start time 0x01cbdc3517f65276.

Error - 3/7/2011 6:39:15 AM | Computer Name = D-PC | Source = Perflib | ID = 1010
Description =

Error - 3/7/2011 6:39:16 AM | Computer Name = D-PC | Source = Perflib | ID = 1008
Description =

Error - 3/8/2011 6:49:19 AM | Computer Name = D-PC | Source = Perflib | ID = 1010
Description =

Error - 3/8/2011 6:49:20 AM | Computer Name = D-PC | Source = Perflib | ID = 1008
Description =

Error - 3/8/2011 12:14:19 PM | Computer Name = D-PC | Source = Application Hang | ID = 1002
Description = The program PowerPack.exe version 0.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 16ac Start Time: 01cbddab447044ef Termination Time: 25

Error - 3/8/2011 12:22:25 PM | Computer Name = D-PC | Source = System Restore | ID = 8209
Description =

Error - 3/8/2011 1:28:51 PM | Computer Name = D-PC | Source = Application Error | ID = 1000
Description = Faulting application aolsoftware.exe, version 15.4.1.2, time stamp
0x461ea32f, faulting module OLEAUT32.dll, version 6.0.6002.18005, time stamp 0x49e037da,
exception code 0xc0000005, fault offset 0x00003e74, process id 0xcd8, application
start time 0x01cbddb6218e2db3.

[ Media Center Events ]
Error - 3/23/2009 5:37:51 AM | Computer Name = D-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 7/28/2009 12:46:25 AM | Computer Name = D-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 207
seconds with 180 seconds of active time. This session ended with a crash.

Error - 8/11/2010 12:28:45 AM | Computer Name = D-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/16/2011 8:40:59 PM | Computer Name = D-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/24/2011 3:59:56 PM | Computer Name = D-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/24/2011 9:18:28 PM | Computer Name = D-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 11/24/2011 9:18:36 PM | Computer Name = D-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 11/24/2011 9:20:20 PM | Computer Name = D-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/24/2011 9:20:20 PM | Computer Name = D-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/25/2011 12:50:35 AM | Computer Name = D-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 11/25/2011 12:50:43 AM | Computer Name = D-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 11/25/2011 12:52:27 AM | Computer Name = D-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/25/2011 12:52:27 AM | Computer Name = D-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/25/2011 2:44:15 PM | Computer Name = D-PC | Source = Service Control Manager | ID = 7011
Description =

< End of report >


----------



## dramstad (Nov 18, 2011)

There seem to be delays in the OTL/EXTRAS logs posting ... hope I'm doing this correctly...


----------



## dramstad (Nov 18, 2011)

Hi Eddie, just wanted to provide you with a bit more info which may or may not be important: First of all It looks like I posted the OTL.Txt log twice (sorry about that!). Checkup.Txt, OTL.Txt and Extras.Txt are all posted for your review.

Some unusual computer behavior to report: For some reason my default home page (clicking on default in control panel/internet options) has changed a few times within the past few days most recently changed to: 
http://www.yahoo.com/?fr=fp-yie9

The HiJackThis logs I was submitting to the tech who was assisting me previously kept reading that the computer was in safe mode (the computer was booted normally, I was online, scans done in fully booted normal mode not in safe mode). Unchecking the UAC was the only thing which changed this. Also, when I'd run/save a new scan log, the log file would read that it was from an entirely different day (i.e., what was supposed to be the new scan log was actually a previous one -- for example, one from three days earlier). Like the safe mode issue, disabling the UAC feature allowed the scan to function in an apparently normal manner (scan ran and the correct day was listed on the log after disabling UAC). Also, I've noticed some strange e-mails suddenly appearing in my "recently deleted" mail folder on AOL. I never read/noticed these e-mails and definitely never deleted them. One of these e-mails was from [email protected] with the subject listed as "Testing."

When I try to create a new MS Word document, Windows MS Office opens MS Powerpoint instead. MS Word documents just hang there with cursor spiraling/not responding and most of the time I cannot exit the program without logging off or restarting (Task Manager does not end the process).

Additionally, computer warns of high-disk usage, oftentimes with only one or two simple programs or web pages opened. Furthermore, the computer sometimes sounds very active/loud, LED flashing while in an idle/inactive state. Don't know if this info is useful or relevant but thought I'd let you know anyway. 
-Thanks again for your help, Eddie.


----------



## eddie5659 (Mar 19, 2001)

Sorry, had to work this afternoon, so was out most of that time. Just got back now.

Don't worry about the extra OTL logs, its a glitch here sometimes 

Can you run these for me, so I have more logs to look at when I'm online tomorrow (its 11.30pm here  )

Download the latest version of TDSSKiller from *here* and save it to your Desktop.


Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters*.










Check the boxes beside *Verify Driver Digital Signature and Detect TDLFS* file system, then click OK.










Click the *Start Scan* button.










If a suspicious object is detected, the default action will be *Skip*, click on *Continue*.










If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure *Cure* is selected, then click *Continue* => *Reboot now* to finish the cleaning process.










Note: *If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.*

A report will be created in your root directory, (usually C:\ folder) in the form of *"TDSSKiller.[Version]_[Date]_[Time]_log.txt"*. Please copy and paste its contents on your next reply

==========

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan 









On completion of the scan click save log, save it to your desktop and post in your next reply 









eddie


----------



## dramstad (Nov 18, 2011)

22:12:20.0010 4272 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
22:12:20.0764 4272 ============================================================
22:12:20.0764 4272 Current date / time: 2011/11/26 22:12:20.0764
22:12:20.0764 4272 SystemInfo:
22:12:20.0764 4272 
22:12:20.0765 4272 OS Version: 6.0.6002 ServicePack: 2.0
22:12:20.0765 4272 Product type: Workstation
22:12:20.0765 4272 ComputerName: D-PC
22:12:20.0765 4272 UserName: D
22:12:20.0765 4272 Windows directory: C:\Windows
22:12:20.0765 4272 System windows directory: C:\Windows
22:12:20.0766 4272 Processor architecture: Intel x86
22:12:20.0766 4272 Number of processors: 2
22:12:20.0766 4272 Page size: 0x1000
22:12:20.0766 4272 Boot type: Normal boot
22:12:20.0766 4272 ============================================================
22:12:22.0585 4272 Initialize success
22:13:41.0411 5268 ============================================================
22:13:41.0411 5268 Scan started
22:13:41.0411 5268 Mode: Manual; SigCheck; TDLFS; 
22:13:41.0411 5268 ============================================================
22:13:42.0300 5268 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:13:42.0518 5268 ACPI - ok
22:13:42.0768 5268 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:13:42.0799 5268 adp94xx - ok
22:13:43.0252 5268 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:13:43.0283 5268 adpahci - ok
22:13:43.0376 5268 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:13:43.0392 5268 adpu160m - ok
22:13:43.0439 5268 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:13:43.0454 5268 adpu320 - ok
22:13:43.0579 5268 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:13:43.0657 5268 AFD - ok
22:13:43.0735 5268 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
22:13:43.0766 5268 agp440 - ok
22:13:43.0829 5268 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:13:43.0844 5268 aic78xx - ok
22:13:43.0954 5268 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
22:13:43.0969 5268 aliide - ok
22:13:44.0110 5268 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
22:13:44.0141 5268 amdagp - ok
22:13:44.0484 5268 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
22:13:44.0515 5268 amdide - ok
22:13:44.0640 5268 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:13:44.0796 5268 AmdK7 - ok
22:13:45.0124 5268 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
22:13:45.0280 5268 AmdK8 - ok
22:13:45.0436 5268 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:13:45.0451 5268 arc - ok
22:13:45.0560 5268 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:13:45.0576 5268 arcsas - ok
22:13:45.0607 5268 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:13:45.0623 5268 atapi - ok
22:13:45.0701 5268 Avgfwfd - ok
22:13:45.0779 5268 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:13:45.0826 5268 Beep - ok
22:13:46.0262 5268 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys
22:13:46.0309 5268 BHDrvx86 - ok
22:13:46.0403 5268 blbdrive - ok
22:13:46.0465 5268 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:13:46.0559 5268 bowser - ok
22:13:46.0840 5268 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:13:46.0949 5268 BrFiltLo - ok
22:13:47.0214 5268 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:13:47.0308 5268 BrFiltUp - ok
22:13:47.0432 5268 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:13:47.0604 5268 Brserid - ok
22:13:47.0994 5268 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:13:48.0119 5268 BrSerWdm - ok
22:13:48.0462 5268 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:13:48.0587 5268 BrUsbMdm - ok
22:13:48.0961 5268 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:13:49.0055 5268 BrUsbSer - ok
22:13:49.0164 5268 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:13:49.0289 5268 BTHMODEM - ok
22:13:49.0523 5268 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:13:49.0570 5268 cdfs - ok
22:13:49.0710 5268 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:13:49.0772 5268 cdrom - ok
22:13:49.0913 5268 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:13:50.0006 5268 circlass - ok
22:13:50.0256 5268 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:13:50.0287 5268 CLFS - ok
22:13:50.0428 5268 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
22:13:50.0428 5268 cmdide - ok
22:13:50.0474 5268 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
22:13:50.0490 5268 Compbatt - ok
22:13:50.0568 5268 cpuz132 - ok
22:13:51.0473 5268 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:13:51.0504 5268 crcdisk - ok
22:13:52.0393 5268 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:13:52.0549 5268 Crusoe - ok
22:13:53.0236 5268 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:13:53.0329 5268 DfsC - ok
22:13:53.0454 5268 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:13:53.0485 5268 disk - ok
22:13:53.0579 5268 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:13:53.0657 5268 drmkaud - ok
22:13:54.0047 5268 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:13:54.0125 5268 DXGKrnl - ok
22:13:54.0312 5268 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
22:13:54.0468 5268 e1express - ok
22:13:54.0640 5268 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:13:54.0749 5268 E1G60 - ok
22:13:54.0983 5268 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:13:54.0998 5268 Ecache - ok
22:13:55.0201 5268 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:13:55.0232 5268 eeCtrl - ok
22:13:55.0373 5268 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:13:55.0404 5268 elxstor - ok
22:13:55.0607 5268 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:13:55.0638 5268 EraserUtilRebootDrv - ok
22:13:55.0795 5268 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:13:55.0842 5268 exfat - ok
22:13:55.0935 5268 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:13:55.0998 5268 fastfat - ok
22:13:56.0076 5268 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:13:56.0154 5268 fdc - ok
22:13:56.0294 5268 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:13:56.0325 5268 FileInfo - ok
22:13:56.0403 5268 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:13:56.0481 5268 Filetrace - ok
22:13:56.0591 5268 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:13:56.0747 5268 flpydisk - ok
22:13:57.0168 5268 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:13:57.0199 5268 FltMgr - ok
22:13:57.0386 5268 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
22:13:57.0417 5268 fssfltr - ok
22:13:57.0527 5268 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:13:57.0589 5268 Fs_Rec - ok
22:13:57.0963 5268 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:13:57.0995 5268 gagp30kx - ok
22:13:58.0057 5268 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\drivers\GEARAspiWDM.sys
22:13:58.0088 5268 GEARAspiWDM - ok
22:13:58.0260 5268 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:13:58.0369 5268 HDAudBus - ok
22:13:58.0759 5268 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:13:58.0884 5268 HidBth - ok
22:13:59.0258 5268 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:13:59.0336 5268 HidIr - ok
22:13:59.0633 5268 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:13:59.0679 5268 HidUsb - ok
22:14:00.0054 5268 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:14:00.0069 5268 HpCISSs - ok
22:14:00.0491 5268 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:14:00.0647 5268 HSF_DPV - ok
22:14:01.0146 5268 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
22:14:01.0208 5268 HSXHWBS2 - ok
22:14:01.0473 5268 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:14:01.0614 5268 HTTP - ok
22:14:01.0988 5268 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:14:02.0019 5268 i2omp - ok
22:14:02.0129 5268 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:14:02.0191 5268 i8042prt - ok
22:14:02.0534 5268 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:14:02.0565 5268 iaStorV - ok
22:14:02.0909 5268 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111124.030\IDSvix86.sys
22:14:02.0940 5268 IDSVix86 - ok
22:14:03.0283 5268 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:14:03.0314 5268 iirsp - ok
22:14:03.0767 5268 IntcAzAudAddService (e26bd63077d804d0fc71d29a71151010) C:\Windows\system32\drivers\RTKVHDA.sys
22:14:03.0923 5268 IntcAzAudAddService - ok
22:14:04.0047 5268 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\drivers\intelide.sys
22:14:04.0063 5268 intelide - ok
22:14:04.0110 5268 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
22:14:04.0235 5268 intelppm - ok
22:14:04.0422 5268 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:14:04.0515 5268 IpFilterDriver - ok
22:14:04.0718 5268 IpInIp - ok
22:14:04.0827 5268 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:14:04.0968 5268 IPMIDRV - ok
22:14:05.0280 5268 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:14:05.0358 5268 IPNAT - ok
22:14:05.0498 5268 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:14:05.0592 5268 IRENUM - ok
22:14:05.0951 5268 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
22:14:05.0982 5268 isapnp - ok
22:14:06.0169 5268 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:14:06.0216 5268 iScsiPrt - ok
22:14:06.0481 5268 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:14:06.0512 5268 iteatapi - ok
22:14:06.0793 5268 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:14:06.0824 5268 iteraid - ok
22:14:07.0105 5268 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:14:07.0136 5268 kbdclass - ok
22:14:07.0417 5268 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:14:07.0495 5268 kbdhid - ok
22:14:07.0760 5268 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:14:07.0823 5268 KSecDD - ok
22:14:08.0057 5268 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:14:08.0119 5268 lltdio - ok
22:14:08.0431 5268 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:14:08.0462 5268 LSI_FC - ok
22:14:08.0618 5268 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:14:08.0634 5268 LSI_SAS - ok
22:14:08.0712 5268 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:14:08.0727 5268 LSI_SCSI - ok
22:14:08.0790 5268 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:14:08.0852 5268 luafv - ok
22:14:09.0024 5268 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
22:14:09.0039 5268 MBAMProtector - ok
22:14:09.0117 5268 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:14:09.0164 5268 mdmxsdk - ok
22:14:09.0227 5268 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:14:09.0242 5268 megasas - ok
22:14:09.0305 5268 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:14:09.0398 5268 Modem - ok
22:14:09.0523 5268 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:14:09.0601 5268 monitor - ok
22:14:09.0757 5268 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:14:09.0788 5268 mouclass - ok
22:14:09.0851 5268 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:14:09.0897 5268 mouhid - ok
22:14:10.0053 5268 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:14:10.0069 5268 MountMgr - ok
22:14:10.0194 5268 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:14:10.0209 5268 mpio - ok
22:14:10.0287 5268 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:14:10.0334 5268 mpsdrv - ok
22:14:10.0506 5268 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:14:10.0537 5268 Mraid35x - ok
22:14:10.0865 5268 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:14:10.0958 5268 MRxDAV - ok
22:14:11.0364 5268 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:14:11.0489 5268 mrxsmb - ok
22:14:11.0676 5268 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:14:11.0738 5268 mrxsmb10 - ok
22:14:11.0847 5268 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:14:11.0910 5268 mrxsmb20 - ok
22:14:12.0253 5268 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
22:14:12.0284 5268 msahci - ok
22:14:12.0549 5268 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:14:12.0581 5268 msdsm - ok
22:14:12.0799 5268 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:14:12.0893 5268 Msfs - ok
22:14:13.0017 5268 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:14:13.0033 5268 msisadrv - ok
22:14:13.0142 5268 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:14:13.0236 5268 MSKSSRV - ok
22:14:13.0376 5268 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:14:13.0439 5268 MSPCLOCK - ok
22:14:14.0109 5268 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:14:14.0172 5268 MSPQM - ok
22:14:14.0593 5268 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:14:14.0640 5268 MsRPC - ok
22:14:14.0765 5268 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:14:14.0780 5268 mssmbios - ok
22:14:14.0921 5268 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:14:15.0014 5268 MSTEE - ok
22:14:15.0326 5268 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:14:15.0373 5268 Mup - ok
22:14:15.0591 5268 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:14:15.0638 5268 NativeWifiP - ok
22:14:15.0997 5268 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111126.007\NAVENG.SYS
22:14:16.0028 5268 NAVENG - ok
22:14:16.0964 5268 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111126.007\NAVEX15.SYS
22:14:17.0105 5268 NAVEX15 - ok
22:14:17.0526 5268 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:14:17.0604 5268 NDIS - ok
22:14:17.0729 5268 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:14:17.0807 5268 NdisTapi - ok
22:14:17.0853 5268 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:14:17.0916 5268 Ndisuio - ok
22:14:18.0119 5268 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:14:18.0197 5268 NdisWan - ok
22:14:18.0509 5268 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:14:18.0555 5268 NDProxy - ok
22:14:18.0665 5268 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:14:18.0758 5268 NetBIOS - ok
22:14:19.0133 5268 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:14:19.0211 5268 netbt - ok
22:14:19.0476 5268 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:14:19.0491 5268 nfrd960 - ok
22:14:19.0538 5268 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
22:14:19.0569 5268 NPF - ok
22:14:19.0772 5268 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:14:19.0803 5268 Npfs - ok
22:14:19.0991 5268 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:14:20.0037 5268 nsiproxy - ok
22:14:20.0459 5268 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:14:20.0537 5268 Ntfs - ok
22:14:20.0958 5268 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:14:21.0098 5268 ntrigdigi - ok
22:14:21.0192 5268 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:14:21.0285 5268 Null - ok
22:14:22.0190 5268 NVENETFD (19055a1c1076ef48e738d26ea7fb8017) C:\Windows\system32\DRIVERS\nvmfdx32.sys
22:14:22.0315 5268 NVENETFD - ok
22:14:24.0327 5268 nvlddmkm (e572ebf0a86a76e7cfcaab00648f0f83) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:14:24.0733 5268 nvlddmkm - ok
22:14:24.0827 5268 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
22:14:24.0842 5268 nvraid - ok
22:14:25.0123 5268 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
22:14:25.0170 5268 nvstor - ok
22:14:25.0341 5268 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
22:14:25.0373 5268 nv_agp - ok
22:14:25.0591 5268 NwlnkFlt - ok
22:14:25.0856 5268 NwlnkFwd - ok
22:14:26.0012 5268 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:14:26.0106 5268 ohci1394 - ok
22:14:26.0246 5268 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:14:26.0340 5268 Parport - ok
22:14:26.0683 5268 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:14:26.0714 5268 partmgr - ok
22:14:26.0979 5268 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:14:27.0104 5268 Parvdm - ok
22:14:27.0463 5268 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:14:27.0510 5268 pci - ok
22:14:27.0728 5268 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
22:14:27.0759 5268 pciide - ok
22:14:28.0103 5268 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:14:28.0118 5268 pcmcia - ok
22:14:28.0352 5268 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:14:28.0555 5268 PEAUTH - ok
22:14:28.0961 5268 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:14:29.0023 5268 PptpMiniport - ok
22:14:29.0288 5268 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:14:29.0366 5268 Processor - ok
22:14:29.0491 5268 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:14:29.0538 5268 PSched - ok
22:14:29.0631 5268 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:14:29.0694 5268 ql2300 - ok
22:14:29.0709 5268 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:14:29.0725 5268 ql40xx - ok
22:14:29.0772 5268 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:14:29.0834 5268 QWAVEdrv - ok
22:14:30.0006 5268 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
22:14:30.0255 5268 R300 - ok
22:14:31.0269 5268 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:14:31.0316 5268 RasAcd - ok
22:14:32.0174 5268 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:14:32.0268 5268 Rasl2tp - ok
22:14:33.0282 5268 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:14:33.0375 5268 RasPppoe - ok
22:14:34.0421 5268 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:14:34.0499 5268 RasSstp - ok
22:14:34.0795 5268 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:14:34.0889 5268 rdbss - ok
22:14:35.0123 5268 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:14:35.0185 5268 RDPCDD - ok
22:14:36.0449 5268 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
22:14:36.0605 5268 rdpdr - ok
22:14:37.0057 5268 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:14:37.0151 5268 RDPENCDD - ok
22:14:38.0133 5268 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:14:38.0211 5268 RDPWD - ok
22:14:39.0147 5268 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:14:39.0241 5268 rspndr - ok
22:14:39.0366 5268 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:14:39.0397 5268 SASDIFSV - ok
22:14:39.0475 5268 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:14:39.0506 5268 SASKUTIL - ok
22:14:39.0756 5268 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:14:39.0787 5268 sbp2port - ok
22:14:40.0146 5268 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:14:40.0239 5268 secdrv - ok
22:14:40.0598 5268 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:14:40.0707 5268 Serenum - ok
22:14:41.0066 5268 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:14:41.0191 5268 Serial - ok
22:14:41.0487 5268 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:14:41.0565 5268 sermouse - ok
22:14:41.0909 5268 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
22:14:41.0971 5268 sffdisk - ok
22:14:42.0033 5268 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
22:14:42.0049 5268 sffp_mmc - ok
22:14:42.0174 5268 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
22:14:42.0221 5268 sffp_sd - ok
22:14:42.0579 5268 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:14:42.0657 5268 sfloppy - ok
22:14:42.0985 5268 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
22:14:43.0016 5268 sisagp - ok
22:14:43.0219 5268 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:14:43.0250 5268 SiSRaid2 - ok
22:14:43.0593 5268 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:14:43.0609 5268 SiSRaid4 - ok
22:14:43.0718 5268 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:14:43.0765 5268 Smb - ok
22:14:43.0937 5268 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:14:43.0968 5268 spldr - ok
22:14:44.0670 5268 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS
22:14:44.0748 5268 SRTSP - ok
22:14:45.0575 5268 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
22:14:45.0621 5268 SRTSPX - ok
22:14:45.0855 5268 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:14:45.0965 5268 srv - ok
22:14:46.0043 5268 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:14:46.0121 5268 srv2 - ok
22:14:46.0308 5268 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:14:46.0339 5268 srvnet - ok
22:14:46.0386 5268 ssrangdr (f87737d83b965efa765117051e3b9d0c) C:\Windows\system32\DRIVERS\ssrangdr.sys
22:14:46.0464 5268 ssrangdr - ok
22:14:46.0994 5268 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:14:47.0010 5268 swenum - ok
22:14:47.0181 5268 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:14:47.0197 5268 Symc8xx - ok
22:14:47.0540 5268 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
22:14:47.0587 5268 SymDS - ok
22:14:47.0837 5268 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
22:14:47.0930 5268 SymEFA - ok
22:14:48.0164 5268 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
22:14:48.0180 5268 SymEvent - ok
22:14:48.0273 5268 SYMFW - ok
22:14:48.0445 5268 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
22:14:48.0476 5268 SymIRON - ok
22:14:48.0819 5268 SYMNDISV - ok
22:14:49.0256 5268 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS
22:14:49.0319 5268 SYMTDIv - ok
22:14:49.0615 5268 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:14:49.0646 5268 Sym_hi - ok
22:14:49.0989 5268 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:14:50.0005 5268 Sym_u3 - ok
22:14:50.0223 5268 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:14:50.0301 5268 Tcpip - ok
22:14:50.0473 5268 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:14:50.0535 5268 Tcpip6 - ok
22:14:50.0645 5268 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:14:50.0691 5268 tcpipreg - ok
22:14:50.0785 5268 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:14:50.0879 5268 TDPIPE - ok
22:14:50.0972 5268 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:14:51.0066 5268 TDTCP - ok
22:14:51.0144 5268 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:14:51.0191 5268 tdx - ok
22:14:51.0269 5268 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:14:51.0300 5268 TermDD - ok
22:14:51.0378 5268 TMPassthru (690acb48dac04e44a3d5e7654ca3260d) C:\Windows\system32\DRIVERS\TMPassthru.sys
22:14:51.0409 5268 TMPassthru - ok
22:14:51.0440 5268 TMPassthruMP (690acb48dac04e44a3d5e7654ca3260d) C:\Windows\system32\DRIVERS\TMPassthru.sys
22:14:51.0471 5268 TMPassthruMP - ok
22:14:51.0581 5268 tmtdi (ce4b8bf9fbad5957ffb3fca281759540) C:\Windows\system32\DRIVERS\tmtdi.sys
22:14:51.0612 5268 tmtdi - ok
22:14:51.0690 5268 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:14:51.0783 5268 tssecsrv - ok
22:14:51.0893 5268 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:14:51.0971 5268 tunmp - ok
22:14:52.0064 5268 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:14:52.0127 5268 tunnel - ok
22:14:52.0205 5268 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:14:52.0220 5268 uagp35 - ok
22:14:52.0298 5268 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:14:52.0376 5268 udfs - ok
22:14:52.0485 5268 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
22:14:52.0501 5268 uliagpkx - ok
22:14:52.0548 5268 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:14:52.0595 5268 uliahci - ok
22:14:52.0688 5268 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:14:52.0719 5268 UlSata - ok
22:14:52.0766 5268 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:14:52.0797 5268 ulsata2 - ok
22:14:52.0875 5268 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:14:52.0938 5268 umbus - ok
22:14:53.0047 5268 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
22:14:53.0063 5268 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
22:14:53.0063 5268 USBAAPL - detected UnsignedFile.Multi.Generic (1)
22:14:53.0125 5268 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:14:53.0203 5268 usbccgp - ok
22:14:53.0328 5268 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:14:53.0453 5268 usbcir - ok
22:14:53.0546 5268 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:14:53.0624 5268 usbehci - ok
22:14:53.0749 5268 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:14:53.0796 5268 usbhub - ok
22:14:53.0874 5268 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
22:14:53.0905 5268 usbohci - ok
22:14:53.0983 5268 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:14:54.0061 5268 usbprint - ok
22:14:54.0186 5268 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:14:54.0248 5268 USBSTOR - ok
22:14:54.0373 5268 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
22:14:54.0498 5268 usbuhci - ok
22:14:54.0654 5268 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
22:14:54.0779 5268 vga - ok
22:14:54.0888 5268 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:14:54.0966 5268 VgaSave - ok
22:14:55.0044 5268 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
22:14:55.0059 5268 viaagp - ok
22:14:55.0106 5268 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:14:55.0200 5268 ViaC7 - ok
22:14:55.0293 5268 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
22:14:55.0309 5268 viaide - ok
22:14:55.0403 5268 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:14:55.0418 5268 volmgr - ok
22:14:55.0481 5268 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:14:55.0512 5268 volmgrx - ok
22:14:55.0605 5268 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:14:55.0652 5268 volsnap - ok
22:14:55.0683 5268 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:14:55.0699 5268 vsmraid - ok
22:14:55.0746 5268 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:14:55.0824 5268 WacomPen - ok
22:14:55.0886 5268 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:14:55.0917 5268 Wanarp - ok
22:14:55.0964 5268 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:14:55.0995 5268 Wanarpv6 - ok
22:14:56.0089 5268 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
22:14:56.0105 5268 wanatw - ok
22:14:56.0167 5268 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:14:56.0183 5268 Wd - ok
22:14:56.0261 5268 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:14:56.0307 5268 Wdf01000 - ok
22:14:56.0401 5268 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:14:56.0479 5268 winachsf - ok
22:14:56.0635 5268 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
22:14:56.0682 5268 WmiAcpi - ok
22:14:56.0791 5268 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:14:56.0869 5268 WpdUsb - ok
22:14:56.0916 5268 wrssweep - ok
22:14:57.0009 5268 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:14:57.0072 5268 ws2ifsl - ok
22:14:57.0165 5268 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:14:57.0197 5268 WUDFRd - ok
22:14:57.0259 5268 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
22:14:57.0306 5268 XAudio - ok
22:14:57.0368 5268 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:14:57.0462 5268 \Device\Harddisk0\DR0 - ok
22:14:57.0493 5268 Boot (0x1200) (16488792249539ab85dce887204e7aa0) \Device\Harddisk0\DR0\Partition0
22:14:57.0493 5268 \Device\Harddisk0\DR0\Partition0 - ok
22:14:57.0493 5268 Boot (0x1200) (193617c3a96662fbc990c897da7452a2) \Device\Harddisk0\DR0\Partition1
22:14:57.0493 5268 \Device\Harddisk0\DR0\Partition1 - ok
22:14:57.0493 5268 ============================================================
22:14:57.0493 5268 Scan finished
22:14:57.0493 5268 ============================================================
22:14:57.0524 5064 Detected object count: 1
22:14:57.0524 5064 Actual detected object count: 1
22:15:57.0725 5064 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
22:15:57.0725 5064 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:16:31.0717 4688 ============================================================
22:16:31.0717 4688 Scan started
22:16:31.0717 4688 Mode: Manual; SigCheck; TDLFS; 
22:16:31.0717 4688 ============================================================
22:16:32.0138 4688 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:16:32.0201 4688 ACPI - ok
22:16:32.0263 4688 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:16:32.0310 4688 adp94xx - ok
22:16:32.0403 4688 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:16:32.0435 4688 adpahci - ok
22:16:32.0528 4688 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:16:32.0559 4688 adpu160m - ok
22:16:32.0637 4688 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:16:32.0669 4688 adpu320 - ok
22:16:32.0793 4688 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:16:32.0825 4688 AFD - ok
22:16:32.0871 4688 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
22:16:32.0887 4688 agp440 - ok
22:16:32.0981 4688 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:16:32.0996 4688 aic78xx - ok
22:16:33.0090 4688 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
22:16:33.0105 4688 aliide - ok
22:16:33.0168 4688 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
22:16:33.0183 4688 amdagp - ok
22:16:33.0246 4688 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
22:16:33.0261 4688 amdide - ok
22:16:33.0324 4688 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:16:33.0433 4688 AmdK7 - ok
22:16:33.0495 4688 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
22:16:33.0542 4688 AmdK8 - ok
22:16:33.0636 4688 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:16:33.0667 4688 arc - ok
22:16:33.0761 4688 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:16:33.0792 4688 arcsas - ok
22:16:33.0885 4688 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:16:33.0917 4688 atapi - ok
22:16:33.0963 4688 Avgfwfd - ok
22:16:34.0041 4688 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:16:34.0088 4688 Beep - ok
22:16:34.0260 4688 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys
22:16:34.0353 4688 BHDrvx86 - ok
22:16:34.0416 4688 blbdrive - ok
22:16:34.0478 4688 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:16:34.0509 4688 bowser - ok
22:16:34.0556 4688 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:16:34.0603 4688 BrFiltLo - ok
22:16:34.0634 4688 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:16:34.0681 4688 BrFiltUp - ok
22:16:34.0697 4688 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:16:34.0790 4688 Brserid - ok
22:16:34.0853 4688 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:16:34.0962 4688 BrSerWdm - ok
22:16:35.0040 4688 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:16:35.0133 4688 BrUsbMdm - ok
22:16:35.0180 4688 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:16:35.0274 4688 BrUsbSer - ok
22:16:35.0305 4688 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:16:35.0399 4688 BTHMODEM - ok
22:16:35.0461 4688 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:16:35.0477 4688 cdfs - ok
22:16:35.0539 4688 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:16:35.0555 4688 cdrom - ok
22:16:35.0617 4688 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:16:35.0664 4688 circlass - ok
22:16:35.0742 4688 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:16:35.0757 4688 CLFS - ok
22:16:35.0820 4688 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
22:16:35.0835 4688 cmdide - ok
22:16:35.0867 4688 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
22:16:35.0882 4688 Compbatt - ok
22:16:35.0945 4688 cpuz132 - ok
22:16:36.0007 4688 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:16:36.0023 4688 crcdisk - ok
22:16:36.0038 4688 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:16:36.0101 4688 Crusoe - ok
22:16:36.0179 4688 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:16:36.0194 4688 DfsC - ok
22:16:36.0257 4688 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:16:36.0272 4688 disk - ok
22:16:36.0335 4688 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:16:36.0366 4688 drmkaud - ok
22:16:36.0444 4688 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:16:36.0475 4688 DXGKrnl - ok
22:16:36.0600 4688 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
22:16:36.0693 4688 e1express - ok
22:16:36.0740 4688 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:16:36.0849 4688 E1G60 - ok
22:16:36.0974 4688 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:16:37.0005 4688 Ecache - ok
22:16:37.0083 4688 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:16:37.0115 4688 eeCtrl - ok
22:16:37.0224 4688 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:16:37.0255 4688 elxstor - ok
22:16:37.0364 4688 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:16:37.0395 4688 EraserUtilRebootDrv - ok
22:16:37.0489 4688 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:16:37.0520 4688 exfat - ok
22:16:37.0583 4688 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:16:37.0629 4688 fastfat - ok
22:16:37.0707 4688 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:16:37.0801 4688 fdc - ok
22:16:37.0879 4688 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:16:37.0910 4688 FileInfo - ok
22:16:37.0973 4688 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:16:38.0019 4688 Filetrace - ok
22:16:38.0082 4688 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:16:38.0175 4688 flpydisk - ok
22:16:38.0238 4688 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:16:38.0269 4688 FltMgr - ok
22:16:38.0363 4688 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
22:16:38.0378 4688 fssfltr - ok
22:16:38.0441 4688 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:16:38.0487 4688 Fs_Rec - ok
22:16:38.0550 4688 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:16:38.0565 4688 gagp30kx - ok
22:16:38.0612 4688 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\drivers\GEARAspiWDM.sys
22:16:38.0628 4688 GEARAspiWDM - ok
22:16:38.0753 4688 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:16:38.0831 4688 HDAudBus - ok
22:16:38.0909 4688 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:16:39.0002 4688 HidBth - ok
22:16:39.0049 4688 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:16:39.0127 4688 HidIr - ok
22:16:39.0189 4688 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:16:39.0221 4688 HidUsb - ok
22:16:39.0252 4688 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:16:39.0267 4688 HpCISSs - ok
22:16:39.0345 4688 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:16:39.0377 4688 HSF_DPV - ok
22:16:39.0470 4688 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
22:16:39.0486 4688 HSXHWBS2 - ok
22:16:39.0533 4688 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:16:39.0579 4688 HTTP - ok
22:16:39.0657 4688 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:16:39.0673 4688 i2omp - ok
22:16:39.0704 4688 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:16:39.0720 4688 i8042prt - ok
22:16:39.0767 4688 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:16:39.0782 4688 iaStorV - ok
22:16:39.0954 4688 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111124.030\IDSvix86.sys
22:16:39.0969 4688 IDSVix86 - ok
22:16:40.0063 4688 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:16:40.0063 4688 iirsp - ok
22:16:40.0172 4688 IntcAzAudAddService (e26bd63077d804d0fc71d29a71151010) C:\Windows\system32\drivers\RTKVHDA.sys
22:16:40.0235 4688 IntcAzAudAddService - ok
22:16:40.0359 4688 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\drivers\intelide.sys
22:16:40.0375 4688 intelide - ok
22:16:40.0422 4688 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
22:16:40.0484 4688 intelppm - ok
22:16:40.0531 4688 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:16:40.0562 4688 IpFilterDriver - ok
22:16:40.0609 4688 IpInIp - ok
22:16:40.0671 4688 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:16:40.0734 4688 IPMIDRV - ok
22:16:40.0796 4688 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:16:40.0827 4688 IPNAT - ok
22:16:40.0921 4688 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:16:40.0983 4688 IRENUM - ok
22:16:41.0061 4688 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
22:16:41.0077 4688 isapnp - ok
22:16:41.0139 4688 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:16:41.0171 4688 iScsiPrt - ok
22:16:41.0233 4688 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:16:41.0249 4688 iteatapi - ok
22:16:41.0295 4688 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:16:41.0311 4688 iteraid - ok
22:16:41.0373 4688 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:16:41.0389 4688 kbdclass - ok
22:16:41.0483 4688 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:16:41.0529 4688 kbdhid - ok
22:16:41.0607 4688 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:16:41.0654 4688 KSecDD - ok
22:16:41.0779 4688 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:16:41.0841 4688 lltdio - ok
22:16:41.0951 4688 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:16:41.0966 4688 LSI_FC - ok
22:16:42.0060 4688 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:16:42.0075 4688 LSI_SAS - ok
22:16:42.0138 4688 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:16:42.0169 4688 LSI_SCSI - ok
22:16:42.0247 4688 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:16:42.0294 4688 luafv - ok
22:16:42.0387 4688 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
22:16:42.0403 4688 MBAMProtector - ok
22:16:42.0450 4688 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:16:42.0481 4688 mdmxsdk - ok
22:16:42.0528 4688 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:16:42.0543 4688 megasas - ok
22:16:42.0621 4688 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:16:42.0684 4688 Modem - ok
22:16:42.0762 4688 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:16:42.0824 4688 monitor - ok
22:16:42.0871 4688 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:16:42.0902 4688 mouclass - ok
22:16:42.0949 4688 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:16:42.0996 4688 mouhid - ok
22:16:43.0089 4688 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:16:43.0105 4688 MountMgr - ok
22:16:43.0214 4688 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:16:43.0230 4688 mpio - ok
22:16:43.0292 4688 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:16:43.0339 4688 mpsdrv - ok
22:16:43.0448 4688 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:16:43.0464 4688 Mraid35x - ok
22:16:43.0526 4688 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:16:43.0557 4688 MRxDAV - ok
22:16:43.0667 4688 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:16:43.0698 4688 mrxsmb - ok
22:16:43.0745 4688 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:16:43.0791 4688 mrxsmb10 - ok
22:16:43.0869 4688 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:16:43.0901 4688 mrxsmb20 - ok
22:16:43.0979 4688 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
22:16:43.0994 4688 msahci - ok
22:16:44.0041 4688 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:16:44.0057 4688 msdsm - ok
22:16:44.0135 4688 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:16:44.0166 4688 Msfs - ok
22:16:44.0244 4688 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:16:44.0244 4688 msisadrv - ok
22:16:44.0306 4688 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:16:44.0322 4688 MSKSSRV - ok
22:16:44.0400 4688 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:16:44.0431 4688 MSPCLOCK - ok
22:16:44.0462 4688 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:16:44.0493 4688 MSPQM - ok
22:16:44.0540 4688 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:16:44.0556 4688 MsRPC - ok
22:16:44.0618 4688 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:16:44.0634 4688 mssmbios - ok
22:16:44.0696 4688 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:16:44.0727 4688 MSTEE - ok
22:16:44.0805 4688 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:16:44.0805 4688 Mup - ok
22:16:44.0915 4688 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:16:44.0930 4688 NativeWifiP - ok
22:16:45.0086 4688 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111126.007\NAVENG.SYS
22:16:45.0102 4688 NAVENG - ok
22:16:45.0211 4688 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111126.007\NAVEX15.SYS
22:16:45.0258 4688 NAVEX15 - ok
22:16:45.0367 4688 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:16:45.0414 4688 NDIS - ok
22:16:45.0476 4688 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:16:45.0523 4688 NdisTapi - ok
22:16:45.0601 4688 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:16:45.0663 4688 Ndisuio - ok
22:16:45.0710 4688 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:16:45.0757 4688 NdisWan - ok
22:16:45.0788 4688 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:16:45.0835 4688 NDProxy - ok
22:16:45.0882 4688 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:16:45.0944 4688 NetBIOS - ok
22:16:45.0991 4688 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:16:46.0022 4688 netbt - ok
22:16:46.0085 4688 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:16:46.0100 4688 nfrd960 - ok
22:16:46.0147 4688 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
22:16:46.0163 4688 NPF - ok
22:16:46.0209 4688 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:16:46.0241 4688 Npfs - ok
22:16:46.0334 4688 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:16:46.0365 4688 nsiproxy - ok
22:16:46.0443 4688 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:16:46.0490 4688 Ntfs - ok
22:16:46.0553 4688 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:16:46.0615 4688 ntrigdigi - ok
22:16:46.0662 4688 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:16:46.0693 4688 Null - ok
22:16:46.0771 4688 NVENETFD (19055a1c1076ef48e738d26ea7fb8017) C:\Windows\system32\DRIVERS\nvmfdx32.sys
22:16:46.0802 4688 NVENETFD - ok
22:16:47.0052 4688 nvlddmkm (e572ebf0a86a76e7cfcaab00648f0f83) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:16:47.0395 4688 nvlddmkm - ok
22:16:47.0426 4688 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
22:16:47.0442 4688 nvraid - ok
22:16:47.0473 4688 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
22:16:47.0473 4688 nvstor - ok
22:16:47.0582 4688 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
22:16:47.0598 4688 nv_agp - ok
22:16:47.0613 4688 NwlnkFlt - ok
22:16:47.0645 4688 NwlnkFwd - ok
22:16:47.0707 4688 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:16:47.0754 4688 ohci1394 - ok
22:16:47.0832 4688 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:16:47.0879 4688 Parport - ok
22:16:47.0925 4688 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:16:47.0941 4688 partmgr - ok
22:16:47.0957 4688 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:16:48.0019 4688 Parvdm - ok
22:16:48.0050 4688 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:16:48.0066 4688 pci - ok
22:16:48.0097 4688 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
22:16:48.0113 4688 pciide - ok
22:16:48.0175 4688 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:16:48.0175 4688 pcmcia - ok
22:16:48.0237 4688 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:16:48.0300 4688 PEAUTH - ok
22:16:48.0425 4688 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:16:48.0456 4688 PptpMiniport - ok
22:16:48.0503 4688 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:16:48.0549 4688 Processor - ok
22:16:48.0627 4688 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:16:48.0643 4688 PSched - ok
22:16:48.0705 4688 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:16:48.0752 4688 ql2300 - ok
22:16:48.0846 4688 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:16:48.0861 4688 ql40xx - ok
22:16:48.0908 4688 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:16:48.0924 4688 QWAVEdrv - ok
22:16:49.0049 4688 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
22:16:49.0189 4688 R300 - ok
22:16:49.0267 4688 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:16:49.0283 4688 RasAcd - ok
22:16:49.0329 4688 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:16:49.0361 4688 Rasl2tp - ok
22:16:49.0423 4688 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:16:49.0439 4688 RasPppoe - ok
22:16:49.0501 4688 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:16:49.0517 4688 RasSstp - ok
22:16:49.0563 4688 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:16:49.0595 4688 rdbss - ok
22:16:49.0626 4688 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:16:49.0657 4688 RDPCDD - ok
22:16:49.0735 4688 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
22:16:49.0751 4688 rdpdr - ok
22:16:49.0829 4688 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:16:49.0860 4688 RDPENCDD - ok
22:16:49.0907 4688 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:16:49.0938 4688 RDPWD - ok
22:16:50.0031 4688 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:16:50.0063 4688 rspndr - ok
22:16:50.0141 4688 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:16:50.0141 4688 SASDIFSV - ok
22:16:50.0156 4688 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:16:50.0172 4688 SASKUTIL - ok
22:16:50.0265 4688 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:16:50.0281 4688 sbp2port - ok
22:16:50.0359 4688 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:16:50.0421 4688 secdrv - ok
22:16:50.0484 4688 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:16:50.0546 4688 Serenum - ok
22:16:50.0609 4688 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:16:50.0671 4688 Serial - ok
22:16:50.0702 4688 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:16:50.0733 4688 sermouse - ok
22:16:50.0765 4688 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
22:16:50.0780 4688 sffdisk - ok
22:16:50.0811 4688 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
22:16:50.0843 4688 sffp_mmc - ok
22:16:50.0936 4688 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
22:16:50.0952 4688 sffp_sd - ok
22:16:50.0983 4688 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:16:51.0030 4688 sfloppy - ok
22:16:51.0061 4688 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
22:16:51.0077 4688 sisagp - ok
22:16:51.0108 4688 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:16:51.0123 4688 SiSRaid2 - ok
22:16:51.0186 4688 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:16:51.0201 4688 SiSRaid4 - ok
22:16:51.0233 4688 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:16:51.0264 4688 Smb - ok
22:16:51.0311 4688 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:16:51.0326 4688 spldr - ok
22:16:51.0435 4688 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS
22:16:51.0451 4688 SRTSP - ok
22:16:51.0529 4688 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
22:16:51.0545 4688 SRTSPX - ok
22:16:51.0607 4688 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:16:51.0623 4688 srv - ok
22:16:51.0669 4688 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:16:51.0701 4688 srv2 - ok
22:16:51.0779 4688 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:16:51.0810 4688 srvnet - ok
22:16:51.0872 4688 ssrangdr (f87737d83b965efa765117051e3b9d0c) C:\Windows\system32\DRIVERS\ssrangdr.sys
22:16:51.0888 4688 ssrangdr - ok
22:16:52.0013 4688 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:16:52.0028 4688 swenum - ok
22:16:52.0122 4688 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:16:52.0137 4688 Symc8xx - ok
22:16:52.0247 4688 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
22:16:52.0278 4688 SymDS - ok
22:16:52.0434 4688 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
22:16:52.0481 4688 SymEFA - ok
22:16:52.0543 4688 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
22:16:52.0574 4688 SymEvent - ok
22:16:52.0605 4688 SYMFW - ok
22:16:52.0715 4688 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
22:16:52.0746 4688 SymIRON - ok
22:16:52.0793 4688 SYMNDISV - ok
22:16:52.0871 4688 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS
22:16:52.0917 4688 SYMTDIv - ok
22:16:52.0980 4688 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:16:53.0011 4688 Sym_hi - ok
22:16:53.0073 4688 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:16:53.0089 4688 Sym_u3 - ok
22:16:53.0245 4688 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:16:53.0292 4688 Tcpip - ok
22:16:53.0385 4688 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:16:53.0417 4688 Tcpip6 - ok
22:16:53.0479 4688 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:16:53.0495 4688 tcpipreg - ok
22:16:53.0541 4688 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:16:53.0573 4688 TDPIPE - ok
22:16:53.0604 4688 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:16:53.0635 4688 TDTCP - ok
22:16:53.0697 4688 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:16:53.0713 4688 tdx - ok
22:16:53.0791 4688 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:16:53.0807 4688 TermDD - ok
22:16:53.0885 4688 TMPassthru (690acb48dac04e44a3d5e7654ca3260d) C:\Windows\system32\DRIVERS\TMPassthru.sys
22:16:53.0900 4688 TMPassthru - ok
22:16:53.0916 4688 TMPassthruMP (690acb48dac04e44a3d5e7654ca3260d) C:\Windows\system32\DRIVERS\TMPassthru.sys
22:16:53.0931 4688 TMPassthruMP - ok
22:16:54.0009 4688 tmtdi (ce4b8bf9fbad5957ffb3fca281759540) C:\Windows\system32\DRIVERS\tmtdi.sys
22:16:54.0009 4688 tmtdi - ok
22:16:54.0087 4688 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:16:54.0119 4688 tssecsrv - ok
22:16:54.0165 4688 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:16:54.0181 4688 tunmp - ok
22:16:54.0212 4688 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:16:54.0228 4688 tunnel - ok
22:16:54.0290 4688 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:16:54.0290 4688 uagp35 - ok
22:16:54.0368 4688 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:16:54.0399 4688 udfs - ok
22:16:54.0446 4688 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
22:16:54.0462 4688 uliagpkx - ok
22:16:54.0509 4688 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:16:54.0524 4688 uliahci - ok
22:16:54.0555 4688 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:16:54.0571 4688 UlSata - ok
22:16:54.0633 4688 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:16:54.0633 4688 ulsata2 - ok
22:16:54.0680 4688 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:16:54.0711 4688 umbus - ok
22:16:54.0883 4688 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
22:16:54.0899 4688 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
22:16:54.0899 4688 USBAAPL - detected UnsignedFile.Multi.Generic (1)
22:16:54.0961 4688 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:16:55.0008 4688 usbccgp - ok
22:16:55.0101 4688 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:16:55.0211 4688 usbcir - ok
22:16:55.0304 4688 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:16:55.0351 4688 usbehci - ok
22:16:55.0382 4688 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:16:55.0429 4688 usbhub - ok
22:16:55.0507 4688 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
22:16:55.0554 4688 usbohci - ok
22:16:55.0569 4688 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:16:55.0632 4688 usbprint - ok
22:16:55.0663 4688 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:16:55.0710 4688 USBSTOR - ok
22:16:55.0772 4688 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
22:16:55.0866 4688 usbuhci - ok
22:16:55.0944 4688 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
22:16:56.0053 4688 vga - ok
22:16:56.0131 4688 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:16:56.0193 4688 VgaSave - ok
22:16:56.0240 4688 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
22:16:56.0256 4688 viaagp - ok
22:16:56.0318 4688 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:16:56.0427 4688 ViaC7 - ok
22:16:56.0459 4688 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
22:16:56.0474 4688 viaide - ok
22:16:56.0505 4688 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:16:56.0537 4688 volmgr - ok
22:16:56.0615 4688 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:16:56.0646 4688 volmgrx - ok
22:16:56.0771 4688 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:16:56.0802 4688 volsnap - ok
22:16:56.0895 4688 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:16:56.0911 4688 vsmraid - ok
22:16:57.0005 4688 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:16:57.0114 4688 WacomPen - ok
22:16:57.0161 4688 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:16:57.0192 4688 Wanarp - ok
22:16:57.0207 4688 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:16:57.0223 4688 Wanarpv6 - ok
22:16:57.0317 4688 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
22:16:57.0332 4688 wanatw - ok
22:16:57.0395 4688 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:16:57.0410 4688 Wd - ok
22:16:57.0488 4688 Wdf01000  (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:16:57.0504 4688 Wdf01000 - ok
22:16:57.0613 4688 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:16:57.0629 4688 winachsf - ok
22:16:57.0722 4688 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
22:16:57.0769 4688 WmiAcpi - ok
22:16:57.0831 4688 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:16:57.0847 4688 WpdUsb - ok
22:16:57.0863 4688 wrssweep - ok
22:16:57.0941 4688 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:16:57.0972 4688 ws2ifsl - ok
22:16:58.0050 4688 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:16:58.0081 4688 WUDFRd - ok
22:16:58.0128 4688 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
22:16:58.0143 4688 XAudio - ok
22:16:58.0175 4688 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:16:58.0268 4688 \Device\Harddisk0\DR0 - ok
22:16:58.0299 4688 Boot (0x1200) (16488792249539ab85dce887204e7aa0) \Device\Harddisk0\DR0\Partition0
22:16:58.0299 4688 \Device\Harddisk0\DR0\Partition0 - ok
22:16:58.0299 4688 Boot (0x1200) (193617c3a96662fbc990c897da7452a2) \Device\Harddisk0\DR0\Partition1
22:16:58.0299 4688 \Device\Harddisk0\DR0\Partition1 - ok
22:16:58.0315 4688 ============================================================
22:16:58.0315 4688 Scan finished
22:16:58.0315 4688 ============================================================
22:16:58.0331 1740 Detected object count: 1
22:16:58.0331 1740 Actual detected object count: 1
22:18:47.0999 1740 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:47.0999 1740 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip


----------



## dramstad (Nov 18, 2011)

THANKS EDDIE. Here's the other scan log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-26 22:27:32
-----------------------------
22:27:32.472 OS Version: Windows 6.0.6002 Service Pack 2
22:27:32.472 Number of processors: 2 586 0x6B01
22:27:32.474 ComputerName: D-PC UserName: D
22:27:36.369 Initialize success
22:28:50.770 AVAST engine defs: 11112601
22:29:37.754 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
22:29:37.760 Disk 0 Vendor: ST325031 3.AD Size: 238418MB BusType: 8
22:29:39.807 Disk 0 MBR read successfully
22:29:39.813 Disk 0 MBR scan
22:29:39.825 Disk 0 Windows VISTA default MBR code
22:29:39.841 Disk 0 scanning sectors +488278016
22:29:39.933 Disk 0 scanning C:\Windows\system32\drivers
22:29:51.193 Service scanning
22:29:52.799 Modules scanning
22:30:01.969 Disk 0 trace - called modules:
22:30:02.006 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x845989e8]<<
22:30:02.014 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ad2710]
22:30:02.771 AVAST engine scan C:\Windows
22:30:04.951 AVAST engine scan C:\Windows\system32
22:32:37.744 AVAST engine scan C:\Windows\system32\drivers
22:32:54.045 AVAST engine scan C:\Users\D
22:48:50.201 AVAST engine scan C:\ProgramData
22:55:31.668 Scan finished successfully
23:14:10.253 Disk 0 MBR has been saved successfully to "C:\Users\D\Documents\MBR.dat"
23:14:10.264 The log file has been saved successfully to "C:\Users\D\Documents\aswMBR.txt"


----------



## dramstad (Nov 18, 2011)

Hi Eddie, 
*Another concern:* There are three computers in this home -- 2 desktops and a (wireless) laptop. The main router/modem setup wifi (Xfinity/Comcast) is connected through my computer. Previously, unless _my_ computer was fully connected --ethernet, phone cables/wires plugged in to my modem/router the other computers in the house could not connect to the internet. Strangely, the person using the wireless laptop here has been able to go online -- with my system totally disconnected (everything unplugged). This never happened until a couple days ago. Thanks again for your time.


----------



## eddie5659 (Mar 19, 2001)

Every bit of information you can give is all good to have, as it can help us quicker in the long run 

With regards to Norton 360, is the firewall enabled on the program?

--

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [(default)] File not found
O4 - HKLM..\Run: [Windows Mobile Device Center] "%windir%\WindowsMobile\wmdc.exe" File not found
[2 C:\Users\D\Documents\*.tmp files -> C:\Users\D\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2011/11/21 22:51:11 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\IObit
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:8A7A06B5
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 2122 bytes -> C:\Users\D\Documents\Fwd_(nosubject).eml:OECustomProperty
@Alternate Data Stream - 2122 bytes -> C:\Users\D\Documents\Fwd_(nosubject) - Copy.eml:OECustomProperty
:Files
ipconfig /flushdns /c 
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply

----------------
Also, can you run this:

Download *CKScanner* from *here*

*Important :* Save it to your desktop. 

Doubleclick CKScanner.exe and click *Search For Files*. 
After a very short time, when the cursor hourglass disappears, click *Save List To File*. 
A message box will verify that the file is saved. 
Double-click the *CKFiles.txt* icon on your desktop and copy/paste the contents in your next reply.

eddie


----------



## dramstad (Nov 18, 2011)

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\(default) deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Mobile Device Center deleted successfully.
C:\Users\D\Documents\~WRL0003.tmp deleted successfully.
C:\Users\D\Documents\~WRL0004.tmp deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\D\AppData\Roaming\IObit folder moved successfully.
ADS C:\ProgramData\TEMP:8A7A06B5 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
ADS C:\Users\D\Documents\Fwd_(nosubject).eml:OECustomProperty deleted successfully.
ADS C:\Users\D\Documents\Fwd_(nosubject) - Copy.eml:OECustomProperty deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
c:\Users\D\Downloads\cmd.bat deleted successfully.
c:\Users\D\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: D
->Temp folder emptied: 74375444 bytes
->Temporary Internet Files folder emptied: 2285605 bytes
->Java cache emptied: 54702527 bytes
->FireFox cache emptied: 42310969 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 511 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 166.00 mb

[EMPTYFLASH]

User: All Users

User: D
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 11272011_165113

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


----------



## dramstad (Nov 18, 2011)

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.OELBXX
----- EOF -----


----------



## dramstad (Nov 18, 2011)

Norton firewall is enabled ...


----------



## dramstad (Nov 18, 2011)

Hi Eddie, How's everything looking?


----------



## eddie5659 (Mar 19, 2001)

Sorry, was off all day with a migraine, bit groggy still 

Okay, its looking okay, but as you had Iobit etc installed, can you do this for me:

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

=========================

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:folderfind
*iobit
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

eddie


----------



## dramstad (Nov 18, 2011)

ComboFix 11-11-29.04 - D 11/29/2011 16:47:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1112 [GMT -7:00]
Running from: c:\users\D\Desktop\username123.exe.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\D\g2mdlhlpx.exe
c:\windows\system32\system
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 )))))))))))))))))))))))))))))))
.
.
2011-11-30 00:01 . 2011-11-30 00:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-28 23:47 . 2011-11-28 23:48 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZ.ZZ.....ZZ..ZZ
2011-11-27 23:51 . 2011-11-27 23:51 -------- d-----w- C:\_OTL
2011-11-26 05:51 . 2008-03-02 10:28 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2011-11-26 05:50 . 2011-11-26 05:50 -------- d-----w- c:\users\D\AppData\Roaming\InstallShield
2011-11-26 05:50 . 2009-03-11 19:05 83728 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-11-25 06:14 . 2011-11-25 06:14 -------- d-----w- c:\program files\CCleaner
2011-11-24 19:33 . 2011-11-24 19:33 -------- d-----w- c:\programdata\Yahoo! Companion
2011-11-24 19:33 . 2011-11-24 19:33 -------- d-----w- c:\users\D\AppData\Roaming\Yahoo!
2011-11-22 02:58 . 2011-11-22 02:58 388096 ----a-r- c:\users\D\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-21 20:13 . 2011-11-21 20:13 -------- d-----w- c:\program files\ESET
2011-11-21 20:01 . 2011-11-21 20:01 -------- d-----w- c:\program files\iPod
2011-11-21 20:01 . 2011-11-21 20:02 -------- d-----w- c:\program files\iTunes
2011-11-21 19:56 . 2011-11-21 19:56 -------- d-----w- c:\program files\Bonjour
2011-11-19 23:00 . 2011-11-19 23:00 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-19 22:57 . 2011-11-21 04:04 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-19 00:55 . 2011-11-19 00:55 -------- d-----w- c:\users\D\AppData\Roaming\SUPERAntiSpyware.com
2011-11-16 07:00 . 2011-11-24 01:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 19:48 . 2011-11-15 19:48 -------- d-----w- C:\f15f0e428f1dae71b94e
2011-11-10 17:18 . 2011-11-10 17:18 -------- d-----w- C:\565d2d70ae0aeb31ac49877334668f
2011-11-09 19:19 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 19:19 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 19:19 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-19 23:00 . 2010-05-16 23:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-09 14:17 . 2011-10-09 14:17 161792 ----a-w- c:\windows\system32\msls31.dll
2011-10-09 14:17 . 2011-10-09 14:17 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-09 14:17 . 2011-10-09 14:17 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-09 14:17 . 2011-10-09 14:17 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-09 14:17 . 2011-10-09 14:17 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-10-09 14:17 . 2011-10-09 14:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-09 14:17 . 2011-10-09 14:17 367104 ----a-w- c:\windows\system32\html.iec
2011-10-09 14:17 . 2011-10-09 14:17 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-10-09 14:17 . 2011-10-09 14:17 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-09 14:17 . 2011-10-09 14:17 152064 ----a-w- c:\windows\system32\wextract.exe
2011-10-09 14:17 . 2011-10-09 14:17 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-10-09 14:17 . 2011-10-09 14:17 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-09 14:17 . 2011-10-09 14:17 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-09 14:17 . 2011-10-09 14:17 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-10-09 14:17 . 2011-10-09 14:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-09 14:17 . 2011-10-09 14:17 11776 ----a-w- c:\windows\system32\mshta.exe
2011-10-09 14:17 . 2011-10-09 14:17 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-09 14:17 . 2011-10-09 14:17 101888 ----a-w- c:\windows\system32\admparse.dll
2011-09-06 13:30 . 2011-10-12 04:45 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-12 09:06 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-12 09:06 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-12 09:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-21 04:04 . 2011-11-19 22:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-24 4452352]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"HostManager"="c:\program files\Common Files\AOL\1262709377\ee\AOLSoftware.exe" [2010-03-08 41800]
"TMWebProtectTray"="c:\program files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe" [2009-09-02 288136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^D^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-09-01 00:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-09-01 00:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2010-05-10 21:12 439568 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-14 136176]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Web Protection Add-On\TmProxy.exe [2009-03-11 685320]
R2 TMWebProtect;Trend Micro Web Protection Add-On Service;c:\program files\Trend Micro\Web Protection Add-On\TMWebProtect.exe [2009-09-02 591232]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-14 136176]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-14 267568]
R3 ssrangdr;ssrangdr;c:\windows\system32\DRIVERS\ssrangdr.sys [2009-12-13 2560]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [x]
R3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 wrssweep;Webroots Volume Access Driver;c:\program files\Webroot\Washer\wrssweep.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys [2011-11-14 819320]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111128.030\IDSvix86.sys [2011-09-09 368248]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [2010-11-16 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS [2011-03-22 331384]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 N360;Norton 360;c:\program files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 106104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-10-09 14:17 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-14 05:09]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-14 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\D\AppData\Roaming\Mozilla\Firefox\Profiles\lg8n8qu6.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-29 17:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-29 17:18:49
ComboFix-quarantined-files.txt 2011-11-30 00:18
.
Pre-Run: 110,929,899,520 bytes free
Post-Run: 110,836,506,624 bytes free
.
- - End Of File - - 0BAB926D172E90316F2C635EB8251CFA


----------



## dramstad (Nov 18, 2011)

SystemLook 30.07.11 by jpshortstuff
Log created at 17:38 on 29/11/2011 by D
Administrator - Elevation successful

========== folderfind ==========

Searching for "*iobit"
C:\Program Files\IObit d------ [02:42 13/07/2010]
C:\ProgramData\IObit d------ [02:44 13/07/2010]
C:\Users\All Users\IObit d------ [02:44 13/07/2010]
C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit d------ [21:32 18/11/2011]
C:\_OTL\MovedFiles\11272011_165113\C_Users\D\AppData\Roaming\IObit d------ [02:42 13/07/2010]

-= EOF =-


----------



## dramstad (Nov 18, 2011)

Thanks Eddie, Hope You're feeling better.


----------



## eddie5659 (Mar 19, 2001)

Thanks, spending today off work, was asleep until 12pm, so feel better, but still a slight headache.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:


```
Folders::
C:\Program Files\IObit
C:\ProgramData\IObit
C:\Users\All Users\IObit
C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit
```
Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

eddie


----------



## eddie5659 (Mar 19, 2001)

Forgot to ask this as well, but can you post a fresh OTL log as well


----------



## dramstad (Nov 18, 2011)

HI Eddie, little problem (_little_, I hope). Okay, I followed all of your directions re ComboFix scan. I was preparing to go back online to submit the log file to you and I could not get online. When I tried to get online using IE, Mozilla and AOL an error message came up stating that a registry was slated to be removed and as already stated, I could not get online. I restarted the computer in hopes that I could get back online (I hope restarting didn't mess anything up ...). After restart I was able to get back online. However, when I tried to post the Combofix log, I could not locate it (the log). when I searched under CFScript.txt (combo fix log file should have been saved in notepad) the System Check logfile for Iobit (which I submitted to you last evening). was where today's Combo Fix log should have been. Do I run another Combo Fix Scan? If I do another (Combo Fix) scan, What should I do if I can't get back online again to submit the log to you after the scan is completed? Pretty certain all of my antivirus software was off (a message did come up before Combo Fix scan started stating I still had a portion of antivirus running which I then fully disabled and the scan seemed to proceed normally). What to do, my friend? Thanks.


----------



## eddie5659 (Mar 19, 2001)

Hmmm, seems a strange thing to happen, as it was just folders that were being removed.

We'll leave ComboFix for now, and run this tool instead. If they're not there, it will say so 

Please *download* *OTM* 

 *Save* it to your *desktop*. 
 Please double-click *OTM* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*). 
*Copy the lines in the codebox below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
C:\Program Files\IObit
C:\ProgramData\IObit
C:\Users\All Users\IObit
C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[CREATERESTOREPOINT] 
[EMPTYFLASH] 
[Reboot]
```

Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.

Click the red *Moveit!* button. 
*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply. 
Close *OTM* and reboot your PC. 
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.* In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post

-----------

Also, if you can run OTL again, and post the log it produces, that would be great as well


----------



## dramstad (Nov 18, 2011)

Eddie, Here's OTM log File ... will get the OTL to you in a minute

All processes killed
========== FILES ==========
C:\Program Files\IObit\IObit Malware Fighter\Quarantine Zone folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\log\scan folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\log\realtime folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\log folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 5\Update folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 5\LatestNews folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 5\ASCServiceLog folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 5 folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4\Update folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4\LatestNews folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4 folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3 folder moved successfully.
C:\Program Files\IObit folder moved successfully.
C:\ProgramData\IObit\Advanced SystemCare V5 folder moved successfully.
C:\ProgramData\IObit\Advanced SystemCare folder moved successfully.
C:\ProgramData\IObit folder moved successfully.
File/Folder C:\Users\All Users\IObit not found.
C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: D
->Temp folder emptied: 313806 bytes
->Temporary Internet Files folder emptied: 2435843 bytes
->Java cache emptied: 136674 bytes
->FireFox cache emptied: 42398629 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 630 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 29168965 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 71.00 mb

Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: All Users

User: D
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 11302011_112157


----------



## dramstad (Nov 18, 2011)

Hi, I've been trying for a few hours to post the OTL Log file ... it's not posting. Also, no Extras.Txt log was generated after the scan...


----------



## eddie5659 (Mar 19, 2001)

Hmmm, I know the site has been a bit slow tonight, timing out etc.

There won't be the extra's log, forgot to say that, as its only on the first run.

How about uploading the log instead:

Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *OTL.txt* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*


----------



## dramstad (Nov 18, 2011)

here is the attachment?


----------



## dramstad (Nov 18, 2011)

Eddie, Here's the OTL Log attachment (didn't mean to phrase the other post as a question).


----------



## dramstad (Nov 18, 2011)

Hi Eddie, I was looking through my Temporary Internet Files and came across a file called Start_Virus_Over which is a GIF file. 
Of course, anything I see with the word "VIRUS" catches my attention. It was located here (dated around 9:35 AM today):

C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RIDMIVT8

I looked on the Internet and a site called SOPHOS and the following is (just a small portion) of what they had to say about Start_Virus_Over (many of the other files they mention below are present in my temp folder as well):

Troj/LowZone-AL is a downloader Trojan for the Windows platform. 
Troj/LowZone-AL reduces internet security settings and deletes various software before displaying fake security webpages and attempting to download and install further software. 
When run Troj/LowZone-AL creates the following harmless files in the Windows folder: 
home_bg3.jpg
icon_security_scan.gif
icon_virus_detection.gif
logo_home.gif
logo_symantec.gif
nav_alert-over.gif
nav_help-over.gif
nav_info-over.gif
nav_solutions-over.gif
protect_new_55x55.gif
pskill.exe
start_security_over.gif
start_virus_over.gif
symantec.css
windowsXP_masthead_ltr.gif 
These files may be safely deleted. 
The Trojan also creates the following malicious files, also in the Windows folder: 
ra.reg
symantec-scan.html
symantec.html
update-sp2.html
update-sp3.html
y.bat
z.bat 
Troj/LowZone-AL terminates the following processes : 
ISTsvc.exe
sidefind.exe
gjefpet.exe
istrecover[1].exe

Anything to be concerned with?
THANKS.


----------



## dramstad (Nov 18, 2011)

Eddie, 
Below is a link to what McAfee has to say about Start_Virus_Over as described in previous posting. I viewed other sites as well such as Trend Micro and they had virtually the same thing to say. 

http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=135079

Just more info in case it's relevant.
Thanks, again.


----------



## eddie5659 (Mar 19, 2001)

Hi

Just about to go to bed, but for that file and the others, can you do this for me:

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file

*C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RIDMIVT8*

And the name of the file(s) you have.

Let me know when they're uploaded 

I'll have a look when I get home, and thanks for the OTL log as well 

eddie


----------



## dvk01 (Dec 14, 2002)

the file was empty so nothing to examine
the gif files are harmless on their own and just images


----------



## dramstad (Nov 18, 2011)

Hi Eddie, 
Okay -- letting you know I uploaded the Suspicious File Packer log to The Spy Killer site. I also included an attachment/sample of the suspicious files I noticed in my Temporary Internet Files (as described for you in previous post here). included the requested files from Suspicious File Packer (do not know if this was done correctly as I do not see much there).

This is the other file you wanted attached on Spy Killer site but it wouldn't open:
C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RIDMIVT8.

While trying to open/upload this file a message appeared saying I did not have permission to open file -- contact administrator.

I attached two of the suspicious files on Spy Killer:

C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RIDMIVT8\start_virus_over[1].gif

C:\Users\D\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RIDMIVT8\start_virus[1].gif

Thanks, hope all is well.


----------



## dramstad (Nov 18, 2011)

Hi Eddie, Can you please tell me where we are in the process regarding the malware? Can you tell me what the issues have been? What more needs to be done? Thanks, take care.


----------



## dramstad (Nov 18, 2011)

HI DEREK, Eddie, Thanks very much for your time. what should I do now?


----------



## eddie5659 (Mar 19, 2001)

Thanks Derek :up:

Sorry for the lateness, Friday's I'm never usually here, and I was out most of today 

Okay, can you go to Control Panel | AddRemove Programs, and uninstall this, if there:

*Viewpoint*

Then, can you run this fix:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
:Files
ipconfig /flushdns /c 
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply

===============

With regards to the internet files, run this tool to clean them out:

Please download *ATF Cleaner* by Atribune.

*Caution: This program is for Windows 2000, XP and Vista only*


Double-click *ATF-Cleaner.exe* to run the program.
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
If you use Firefox browser
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.
If you use Opera browser
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.
Click *Exit* on the Main menu to close the program.
For *Technical Support*, double-click the e-mail address located at the bottom of each menu.

=========

Also, as you originally stated that this was due to emails etc, do you recognise and know what these are:

*C:\Users\D\Documents\Fwd_(nosubject) - Copy.eml
C:\Users\D\Documents\Fwd_(nosubject).eml*


----------



## dramstad (Nov 18, 2011)

HI Eddie, hope you're well. I did not see Viewpoint. Here's the OTL log:
Will move on to next step now.

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
File C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\D\Desktop\cmd.bat deleted successfully.
C:\Users\D\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: D
->Temp folder emptied: 1490846 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 138696 bytes
->FireFox cache emptied: 37073094 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 511 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 37.00 mb

[EMPTYFLASH]

User: All Users

User: D
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12032011_154615

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


----------



## dramstad (Nov 18, 2011)

Eddie, Okay, cleaning done. No, I DON'T know what these email/files are. 
*
C:\Users\D\Documents\Fwd_(nosubject) - Copy.eml
C:\Users\D\Documents\Fwd_(nosubject).eml*


----------



## dramstad (Nov 18, 2011)

Good Afternoon, Eddie, 
The research I've done on the web looks like the following files (see below) you pointed out in your previous message could be malware from the gmail I was receiving on Yahoo. I read another e-mail on my Yahoo account a few days ago sent from the same person with the gmail account. Hopefully, I wasn't infected due to opening/reading that e-mail. I'm not sure if I told you previously, but I had also opened a few dozen of YouTube videos sent to me by said gmail user over a period of a few months. (which spelled "You.Tube" as YouTu.be rather that the usual You.Tube). Last e-mail from gmail user said basically that she had hacked into my system.

It also looks like probably my gmail and AOL account, possibly my Yahoo account were hacked into/password stolen. I changed all the passwords and hopefully they won't be cracked (again)... Thanks.

*C:\Users\D\Documents\Fwd_(nosubject) - Copy.eml
C:\Users\D\Documents\Fwd_(nosubject).eml*


----------



## eddie5659 (Mar 19, 2001)

Thanks for doing the reasearch on these, every little helps 

So, lets try and get rid of them:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
@Alternate Data Stream - 64 bytes -> C:\Users\D\Documents\Fire_fighter_rescue1.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\D\Documents\Fire_fighter_rescue1 - Copy.mpg:TOC.WMV
@Alternate Data Stream - 448 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZ.ZZ.....ZZ..ZZ:1
@Alternate Data Stream - 2122 bytes -> C:\Users\D\Documents\Fwd_(nosubject).eml:OECustomProperty
@Alternate Data Stream - 2122 bytes -> C:\Users\D\Documents\Fwd_(nosubject) - Copy.eml:OECustomProperty
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Files
ipconfig /flushdns /c 
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply

eddie


----------



## dramstad (Nov 18, 2011)

Hi Eddie. OTL Log pasted below. The latest info regarding my computer: Webpages being redirected when logged onto AOL (connected directly to AOL not via Mozilla or IE); An unusual "Problem Reports and Solutions" window/alert appeared when I started my computer this morning. This alert looked (pretty sure, actually) NON-Microsoft urging me to update what looked like an Adobe Acrobat or Flash program (just the ICON was there) no name (I did not click on the "update"). What else, Emsisoft anti-malware program running on its own on my system. Another concern: Your replies to my posts via this site have all been going to my AOL account and since that account has been compromised/hacked into (and Yahoo and Gmail hacked as well) it's entirely likely the hacker has been viewing all of your (and previous tech's) responses regarding the repairing of my computer (removing the Malware). I've changed my password on every email account... don't know if that's done any good or not (created very strong passwords). Please give me an update. Thanks very much. Here is OTL Log:

All processes killed
========== OTL ==========
ADS C:\Users\D\Documents\Fire_fighter_rescue1.mpg:TOC.WMV deleted successfully.
ADS C:\Users\D\Documents\Fire_fighter_rescue1 - Copy.mpg:TOC.WMV deleted successfully.
Unable to delete ADS C:\3590F75ABA9E485486C100C1A9D4FF06ZZ.ZZ.....ZZ..ZZ:1 .
ADS C:\Users\D\Documents\Fwd_(nosubject).eml:OECustomProperty deleted successfully.
ADS C:\Users\D\Documents\Fwd_(nosubject) - Copy.eml:OECustomProperty deleted successfully.
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\D\Desktop\cmd.bat deleted successfully.
C:\Users\D\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: C
->Temp folder emptied: 1742078 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 456 bytes

User: D
->Temp folder emptied: 801063 bytes
->Temporary Internet Files folder emptied: 327990 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37073094 bytes
->Google Chrome cache emptied: 9447815 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 511 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 476 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 47.00 mb

[EMPTYFLASH]

User: All Users

User: C
->Flash cache emptied: 0 bytes

User: D
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12062011_133704

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


----------



## eddie5659 (Mar 19, 2001)

Okay, just re-reading for more info:



> Someone has e-mailed me and suggested my system has been hijacked by them. I did a scan using Loaris Trojan Remover and it reported that I was infected with a worm (Sohanad)


Is there any way that you can get the log of the files that were removed?


----------



## eddie5659 (Mar 19, 2001)

Okay, gone thru all what was posted before, and have some questions 

Do you have a firewall running, as the Windows Firewall itself is disabled? If you're not running one, which points to that fact, enable it as follows:

1. Control Panel | Security | Windows Firewall.

2.Click *Turn Windows Firewall on or off*

3.Click *On (recommended)*, and then click *OK.*

-------

Did you install or know what this is:

*C:\Users\D\AppData\Roaming\AutoHideIP*

If so, that's fine 

---

In the ComboFix logs, you have these showing:



> [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\File Exts\.mp3\UserChoice]
> @Denied: (2) (LocalSystem)
> "Progid"="YMP.Media"


etc.

Do you recognise the program its opening up with? Just play one of the mp3's if you're not sure, curious what it is.

==========

Can you run the following, RSIT will produce long logs 


Download *random's system information tool (RSIT)* by *random/random* from *here*.
*It is important that is saved to your desktop.*
Double click on *RSIT.exe* to run *RSIT*.
Click *Continue* at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both *log.txt* (<<will be maximized) and *info.txt* (<<will be minimized)

and then, can you run this:

Save these instructions so you can have access to them while in Safe Mode.

Please click *here* to download AVP Tool by Kaspersky. 

Save it to your desktop. 
Reboot your computer into SafeMode. 
_You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. 
Use your up arrow key to highlight SafeMode then hit *enter*_*.*​
Double click the setup file to run it. 
Click Next to continue. 
Accept the Licence agreement and click on next 
It will by default install it to your desktop folder.Click Next. 
It will then open a box There will be a tab that says Automatic scan. 
Under Automatic scan make sure these are checked. 

Hidden Startup Objects 
System Memory 
Disk Boot Sectors. 
My Computer. 
Also any other drives (Removable that you may have) 

Leave the rest of the settings as they appear as default.


Then click on Scan at the to right hand Corner. 
It will automatically Neutralize any objects found. 
If some objects are left un-neutralized then click the button that says Neutralize all 
If it says it cannot be Neutralized then chooose The delete option when prompted. 
After that is done click on the reports button at the bottom and save it to file name it *Kas*. 
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under *Detected* post those results in your next reply.

*Note: This tool will self uninstall when you close it so please save the log before closing it. ​*
*​*
eddie


----------



## dramstad (Nov 18, 2011)

the previous tech told me to delete Loaris so the log files are probably gone unless they were saved to notepad or something (I'll check but I doubt it) ... Loaris often came back with false positives ...
NEW INFO: Norton 360 AV has now been disabled in both safe and standard mode since yesterday -- I cannot access settings to restore it, also the Norton customer support site is disabled. The CURSOR has moved on it's own around pages. I added an administrator's account to my system as I was told that was more secure (to use standard mode). Some of the webpages I've been redirected to look fake. I reinstalled IE, Mozilla. I patched Adobe Reader, Flash, Divx last night after a Secuina scan reported all of these were unpatched. There is a Icon called *AB* next to registry files -- all of them. I looked online and they said could be virus. Any suggestions? As you can imagine, this situation is really difficult -- worried that all of my info is being stolen and who know what else. Computer taking longer than usual to Log Off. I have scanned using all of the best/secure (offline) virus scanners numerous times (Malwarebytes, Super Ani-Spyware, Windows, Kapersky, etc. nothing turns up). I opened one e-mail/with attachment (a typed document) from AOL sent from another computer (wireless laptop) in the home (networked, main router, etc. is installed through my system). This is when I started noticing really strange behaviors (both my computer and the other one was logged in to AOL at the time) user who sent the e-mail is trusted. I haven't opened any email from AOL in a few weeks until yesterday. I don't know if this had anything to do with the increases in weird computer behavior or not just thought I'd let you know. Thans so much for your continued support, Eddie I really, truly appreciate it.


----------



## dramstad (Nov 18, 2011)

Eddie, I should just enable the Windows Firewall now rather than trying to get Norton running (everything virus protection, firewall, etc, disabled on Norton (since about two days ago ... that I noticed)? Uninstall Norton 360? This hacker is really working hard day by day...


----------



## dramstad (Nov 18, 2011)

The gmail user I have referred to, whom I am certain is involved in hacking my system suggested I better "dig deep" referring to this as a "cat and mouse game" and alluded to something about the D drive ... I don't know. Hide IP was installed. I will check the MP3 file.


----------



## dramstad (Nov 18, 2011)

Hi Eddie here the 2 logs from RSIT Scan. THANKS!!!

Logfile of random's system information tool 1.09 (written by random/random)
Run by C at 2011-12-07 16:59:34
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 132 GB (58%) free of 228 GB
Total RAM: 1982 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:00:23 PM, on 12/7/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.15.87\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1262709377\ee\aolsoftware.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\D\Desktop\RSIT.exe
C:\Program Files\trend micro\C.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Users\D\Desktop\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RtHDVCpl] "RtHDVCpl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1262709377\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\RunOnce: [tbInstall_aol] dnUpdate://70756/?Target=IE&Startpage=N&DefaultSearch=Y&S=_NOV_&_VSPEC_== /silent
O4 - HKUS\S-1-5-21-3008658398-1242687141-1261451896-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'D')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Users\D\Desktop\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Users\D\Desktop\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://icmsweb.starsinc.com/evolv_cs/smsx.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.15.87\SymcPCCULaunchSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.15.87\ccSvcHst.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe
O23 - Service: Trend Micro Web Protection Add-On Service (TMWebProtect) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10230 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\C\AppData\Roaming\Mozilla\Firefox\Profiles\vvb3bvb9.default

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
"{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_3_6
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@emusic.com/dlm-plugin]
"Description"=http://www.emusic.com/dlm/index.html
"Path"=C:\Users\D\Desktop\Downloads\etunes downloads\eMusic Download Manager\plugin\npemusic.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]
"Description"=Office Live Update v1.5
"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP]
"Description"=Viewpoint Media Player for Mozilla
"Path"=C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npdnu.dll
npdnu.xpt
NPOFF12.DLL
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-03-15 1392952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
KeyScramblerBHO Class - C:\Users\D\Desktop\KeyScrambler\KeyScramblerIE.dll [2011-12-03 907576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-10-26 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ef64538-8b54-4573-b48f-4d34b0238ab2}]
AOL Toolbar Loader - C:\Program Files\AOL Toolbar\aoltb.dll [2009-05-29 1299752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll [2011-04-28 436152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL [2011-03-30 210872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-19 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2011-03-15 163128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ba00b7b1-0351-477a-b948-23e3ee5a73d4} - AOL Toolbar - C:\Program Files\AOL Toolbar\aoltb.dll [2009-05-29 1299752]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll [2011-04-28 436152]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-03-15 1392952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-24 4452352]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
"HostManager"=C:\Program Files\Common Files\AOL\1262709377\ee\AOLSoftware.exe [2010-03-08 41800]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot []
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-28 1259376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tbInstall_aol"=dnUpdate://70756/?Target=IE&Startpage=N&DefaultSearch=Y&S=_NOV_&_VSPEC_== /silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2011-08-31 1047208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-08-31 449608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2006-11-03 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^D^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2009-02-26 97680]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
Secunia PSI Tray.lnk - C:\Program Files\Secunia\PSI\psi_tray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-18 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SMR210]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-12-07 16:59:34 ----D---- C:\rsit
2011-12-07 12:10:44 ----D---- C:\ProgramData\McAfee Security Scan
2011-12-07 12:10:40 ----D---- C:\Program Files\McAfee Security Scan
2011-12-07 01:46:45 ----D---- C:\Program Files\ThreatExpert Memory Scanner
2011-12-07 01:29:18 ----D---- C:\Users\C\AppData\Roaming\QFX Software
2011-12-07 01:28:02 ----D---- C:\Users\C\AppData\Roaming\Yahoo!
2011-12-07 01:00:07 ----D---- C:\Users\C\AppData\Roaming\Tific
2011-12-07 00:22:46 ----D---- C:\Program Files\Secunia
2011-12-06 23:31:51 ----D---- C:\Users\C\AppData\Roaming\DivX
2011-12-06 23:31:17 ----D---- C:\Program Files\Common Files\PX Storage Engine
2011-12-06 23:30:40 ----D---- C:\Program Files\Common Files\DivX Shared
2011-12-06 23:29:37 ----D---- C:\ProgramData\DivX
2011-12-06 21:43:40 ----D---- C:\Users\C\AppData\Roaming\SUPERAntiSpyware.com
2011-12-06 21:25:03 ----D---- C:\Users\C\AppData\Roaming\DataSafeOnline
2011-12-06 21:23:02 ----A---- C:\Windows\ntbtlog.txt
2011-12-06 21:21:47 ----A---- C:\Users\C\AppData\Roaming\SMRBackup210.dat
2011-12-05 21:14:03 ----D---- C:\ProgramData\Viewpoint
2011-12-05 21:14:03 ----D---- C:\Program Files\Viewpoint
2011-12-05 21:13:44 ----D---- C:\Users\C\AppData\Roaming\Adobe
2011-12-05 20:35:05 ----A---- C:\Windows\ntbtlog.txt.bak
2011-12-05 18:29:30 ----D---- C:\Users\C\AppData\Roaming\WinPatrol
2011-12-05 16:40:37 ----D---- C:\Users\C\AppData\Roaming\Identities
2011-12-05 16:40:26 ----SD---- C:\Users\C\AppData\Roaming\Microsoft
2011-12-05 16:40:26 ----D---- C:\Users\C\AppData\Roaming\Mozilla
2011-12-05 16:40:26 ----D---- C:\Users\C\AppData\Roaming\Media Center Programs
2011-12-05 16:40:26 ----D---- C:\Users\C\AppData\Roaming\Macromedia
2011-12-04 12:37:09 ----D---- C:\ProgramData\Autorun Eater
2011-12-03 06:12:37 ----D---- C:\Windows\system32\drivers\NortonPCCheckup
2011-12-03 06:12:37 ----D---- C:\Program Files\Norton PC Checkup
2011-12-03 00:35:17 ----D---- C:\ProgramData\QFX Software
2011-12-03 00:34:43 ----A---- C:\Windows\system32\drivers\keyscrambler.sys
2011-12-03 00:34:42 ----D---- C:\Program Files\KeyScrambler
2011-12-01 12:58:07 ----A---- C:\TDSSKiller.2.6.21.0_01.12.2011_12.58.07_log.txt
2011-12-01 12:57:12 ----A---- C:\TDSSKiller.2.6.20.0_01.12.2011_12.57.12_log.txt
2011-11-30 11:21:57 ----D---- C:\_OTM
2011-11-30 07:58:38 ----SD---- C:\ComboFix
2011-11-30 07:36:01 ----D---- C:\Windows\TEMP
2011-11-30 07:28:27 ----A---- C:\ComboFix.txt
2011-11-30 07:27:44 ----SHD---- C:\$RECYCLE.BIN
2011-11-30 07:14:20 ----D---- C:\username123.exe
2011-11-29 16:42:41 ----A---- C:\Windows\zip.exe
2011-11-29 16:42:41 ----A---- C:\Windows\SWSC.exe
2011-11-29 16:42:41 ----A---- C:\Windows\SWREG.exe
2011-11-29 16:42:41 ----A---- C:\Windows\sed.exe
2011-11-29 16:42:41 ----A---- C:\Windows\PEV.exe
2011-11-29 16:42:41 ----A---- C:\Windows\NIRCMD.exe
2011-11-29 16:42:41 ----A---- C:\Windows\MBR.exe
2011-11-29 16:42:41 ----A---- C:\Windows\grep.exe
2011-11-29 16:42:36 ----D---- C:\Windows\ERDNT
2011-11-29 16:38:46 ----D---- C:\Qoobox
2011-11-27 16:51:13 ----D---- C:\_OTL
2011-11-26 22:12:20 ----A---- C:\TDSSKiller.2.6.21.0_26.11.2011_22.12.19_log.txt
2011-11-26 12:12:56 ----D---- C:\Program Files\Common Files\DESIGNER
2011-11-25 22:51:33 ----A---- C:\Windows\system32\drivers\TMPassthru.sys
2011-11-25 22:50:51 ----A---- C:\Windows\system32\drivers\tmtdi.sys
2011-11-24 12:33:22 ----D---- C:\ProgramData\Yahoo! Companion
2011-11-22 21:34:29 ----A---- C:\TDSSKiller.2.6.20.0_22.11.2011_21.34.29_log.txt
2011-11-21 13:13:59 ----D---- C:\Program Files\ESET
2011-11-21 13:07:30 ----D---- C:\Program Files\QuickTime
2011-11-21 13:01:22 ----D---- C:\Program Files\iPod
2011-11-21 13:01:21 ----D---- C:\Program Files\iTunes
2011-11-21 12:56:27 ----D---- C:\Program Files\Bonjour
2011-11-20 21:34:47 ----A---- C:\TDSSKiller.2.6.19.0_20.11.2011_21.34.47_log.txt
2011-11-19 16:00:45 ----A---- C:\Windows\system32\javaws.exe
2011-11-19 16:00:45 ----A---- C:\Windows\system32\javaw.exe
2011-11-19 16:00:45 ----A---- C:\Windows\system32\java.exe
2011-11-15 12:48:26 ----D---- C:\f15f0e428f1dae71b94e
2011-11-10 10:18:22 ----D---- C:\565d2d70ae0aeb31ac49877334668f
2011-11-09 12:19:09 ----A---- C:\Windows\system32\drivers\tcpip.sys

======List of files/folders modified in the last 1 month======

2011-12-07 17:00:23 ----D---- C:\Program Files\Trend Micro
2011-12-07 16:45:53 ----SHD---- C:\System Volume Information
2011-12-07 12:10:44 ----D---- C:\ProgramData
2011-12-07 12:10:40 ----D---- C:\Program Files
2011-12-07 11:52:38 ----D---- C:\Windows\System32
2011-12-07 11:52:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-12-07 11:52:37 ----D---- C:\Windows\inf
2011-12-07 11:43:18 ----D---- C:\Windows
2011-12-07 01:27:55 ----D---- C:\Program Files\Google
2011-12-07 00:22:47 ----D---- C:\Windows\system32\drivers
2011-12-06 23:48:37 ----D---- C:\ProgramData\NOS
2011-12-06 23:35:44 ----SHD---- C:\Windows\Installer
2011-12-06 23:32:14 ----D---- C:\Program Files\DivX
2011-12-06 23:31:17 ----D---- C:\Program Files\Common Files
2011-12-06 23:28:43 ----D---- C:\Windows\winsxs
2011-12-06 23:27:22 ----D---- C:\Program Files\MSECache
2011-12-06 23:20:07 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-12-06 21:28:29 ----D---- C:\Windows\Prefetch
2011-12-06 15:39:52 ----D---- C:\Windows\Debug
2011-12-06 13:37:06 ----D---- C:\Windows\system32\drivers\etc
2011-12-05 21:25:39 ----D---- C:\ProgramData\AOL
2011-12-05 21:14:23 ----D---- C:\Program Files\Common Files\aol
2011-12-05 21:14:23 ----D---- C:\Program Files\AOL
2011-12-05 21:14:22 ----SD---- C:\Windows\Downloaded Program Files
2011-12-05 21:14:22 ----D---- C:\Program Files\AOL Toolbar
2011-12-05 21:10:51 ----D---- C:\ProgramData\AOL Downloads
2011-12-05 16:40:26 ----RD---- C:\Users
2011-12-05 16:31:00 ----D---- C:\Windows\system32\WDI
2011-12-05 15:40:11 ----D---- C:\Windows\SoftwareDistribution
2011-12-05 15:32:29 ----D---- C:\Windows\system32\catroot2
2011-12-03 06:12:37 ----D---- C:\ProgramData\Norton
2011-12-03 06:12:34 ----D---- C:\ProgramData\NortonInstaller
2011-12-03 06:12:32 ----D---- C:\Program Files\NortonInstaller
2011-12-01 20:08:39 ----D---- C:\Windows\Tasks
2011-12-01 19:38:59 ----D---- C:\Windows\system32\Tasks
2011-11-30 07:26:12 ----A---- C:\Windows\system.ini
2011-11-30 07:22:52 ----D---- C:\Windows\AppPatch
2011-11-26 12:13:40 ----D---- C:\ProgramData\Microsoft Help
2011-11-26 12:13:10 ----RSD---- C:\Windows\Fonts
2011-11-26 12:13:00 ----D---- C:\Program Files\Common Files\microsoft shared
2011-11-26 12:12:55 ----D---- C:\Program Files\Microsoft Works
2011-11-26 12:10:49 ----D---- C:\Windows\ShellNew
2011-11-25 22:51:32 ----HD---- C:\Program Files\InstallShield Installation Information
2011-11-25 06:36:18 ----D---- C:\Program Files\Mozilla Firefox
2011-11-24 12:33:36 ----D---- C:\Program Files\Internet Explorer
2011-11-24 12:33:22 ----D---- C:\Program Files\Yahoo!
2011-11-23 11:26:46 ----D---- C:\Windows\pss
2011-11-22 17:10:32 ----D---- C:\Program Files\AOL Desktop 9.6
2011-11-22 11:28:19 ----HD---- C:\Windows\system32\GroupPolicy
2011-11-21 15:13:40 ----D---- C:\Windows\system32\catroot
2011-11-21 13:01:22 ----D---- C:\Program Files\Common Files\Apple
2011-11-21 12:59:52 ----D---- C:\ProgramData\Apple
2011-11-19 16:00:34 ----A---- C:\Windows\system32\deployJava1.dll
2011-11-19 15:06:16 ----D---- C:\Program Files\TweakNow PowerPack 2011
2011-11-19 15:05:04 ----D---- C:\ProgramData\Google
2011-11-19 15:03:43 ----SD---- C:\ProgramData\Microsoft
2011-11-19 15:03:43 ----D---- C:\Program Files\Microsoft
2011-11-18 17:55:15 ----D---- C:\Program Files\SUPERAntiSpyware
2011-11-18 17:49:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-11-16 14:28:23 ----D---- C:\ProgramData\Adobe
2011-11-16 11:46:06 ----D---- C:\Windows\system32\wbem
2011-11-16 11:45:13 ----D---- C:\Windows\system32\spool
2011-11-16 11:45:13 ----D---- C:\Windows\system32\CodeIntegrity
2011-11-16 11:45:12 ----D---- C:\Windows\registration
2011-11-16 10:08:17 ----D---- C:\Program Files\WinPcap
2011-11-13 22:35:14 ----D---- C:\Program Files\Common Files\Adobe
2011-11-13 22:35:01 ----D---- C:\Program Files\Adobe
2011-11-11 15:58:42 ----RSD---- C:\Windows\assembly
2011-11-10 17:11:28 ----D---- C:\Windows\system32\LogFiles
2011-11-10 10:41:51 ----D---- C:\Program Files\Windows Mail
2011-11-10 10:17:38 ----D---- C:\Program Files\Common Files\System

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS [2011-01-26 340088]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS [2011-03-14 744568]
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111123.001\BHDrvx86.sys [2011-11-14 819320]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2011-11-29 374392]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111206.001\IDSvix86.sys [2011-09-09 368248]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS [2011-03-30 50168]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [2010-11-15 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS [2011-03-21 331384]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2009-03-11 83728]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-29 106104]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\drivers\GEARAspiWDM.sys [2011-07-06 27888]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-10-18 258048]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-24 1776480]
R3 KeyScrambler;KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [2011-09-14 225592]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111207.003\NAVENG.SYS [2011-11-29 86136]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111207.003\NAVEX15.SYS [2011-11-29 1576312]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-10-29 1062048]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-14 9557216]
R3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS [2011-03-30 516216]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2011-06-06 126584]
R3 TMPassthruMP;TMPassthruMP; C:\Windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
S1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys []
S3 catchme;catchme; \??\C:\Users\D\AppData\Local\Temp\catchme.sys []
S3 cpuz132;cpuz132; \??\C:\Users\D\AppData\Local\Temp\cpuz132\cpuz132_x32.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 ssrangdr;ssrangdr; C:\Windows\system32\DRIVERS\ssrangdr.sys [2009-12-13 2560]
S3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS []
S3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS []
S3 TMPassthru;Trend Micro Passthru Ndis Service; C:\Windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 wrssweep;Webroots Volume Access Driver; \??\C:\Program Files\Webroot\Washer\wrssweep.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 N360;Norton 360; C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-16 130008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup\Engine\2.0.15.87\SymcPCCULaunchSvc.exe [2011-09-19 123320]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-03 118784]
R2 PCCUJobMgr;Common Client Job Manager Service; C:\Program Files\Norton PC Checkup\Engine\2.0.15.87\ccSvcHst.exe [2011-09-19 126392]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [2011-10-13 994360]
R2 Secunia Update Agent;Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [2011-10-13 399416]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe [2009-03-11 685320]
R2 TMWebProtect;Trend Micro Web Protection Add-On Service; C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe [2009-09-02 591232]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-13 136176]
S3 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-13 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-11-13 821608]
S3 MatSvc;@%ProgramFiles%\Microsoft Fix it Center\MatsRes.dll,-9000; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 267568]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 BthServ;Bluetooth Support Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S4 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S4 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2011-12-07 17:00:25

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Acrobat.com-->msiexec /qb /x {A5B48A19-F319-6BFB-82DE-A18ED1087221}
Acrobat.com-->MsiExec.exe /I{A5B48A19-F319-6BFB-82DE-A18ED1087221}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FE23D063-934D-4829-A0D8-00634CE79B4A}
Adobe Download Manager-->"C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Reader X (10.1.1)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Adobe Shockwave Player 11.6-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
AOL Install-->MsiExec.exe /I{2357B8BC-88C9-4A72-818C-050CC4EB0778}
AOL Registration-->"C:\Program Files\AOL\RC\uninstall.exe"
AOL Toolbar for Firefox-->"aoldesktop\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\uninstall.exe"
AOL Toolbar for Internet Explorer-->"C:\Program Files\AOL Toolbar\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Application Support-->MsiExec.exe /I{A83279FD-CA4B-4206-9535-90974DE76654}
Apple Mobile Device Support-->MsiExec.exe /I{8153ED9A-C94A-426E-9880-5E6775C08B62}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Bing Rewards Client Installer-->MsiExec.exe /X{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}
Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
Comcast Desktop Software (v1.2.0.9)-->MsiExec.exe /I{CEF7211D-CE3A-44C4-B321-D84A2099AE94}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 PCI V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Dell DataSafe Online-->MsiExec.exe /I{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
eMusic Download Manager 4.1.3.1-->C:\Users\D\Desktop\Downloads\etunes downloads\eMusic Download Manager\uninst.exe
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Funambol Outlook Sync Client 7.2.2-->C:\Program Files\Funambol\Outlook Client\uninst.exe
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Internet Explorer (Enable DEP)-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb"
Internet Service Offers Launcher-->MsiExec.exe /I{CCFF1E13-77A2-4032-8B12-7566982A27DF}
iTunes-->MsiExec.exe /I{3127F76D-5335-4AC7-BD1E-2F5247A23C24}
Java(TM) 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216029FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
KeyScrambler-->C:\Users\D\Desktop\KeyScrambler\uninstall.exe
Malwarebytes' Anti-Malware version 1.51.2.1300-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Default Manager-->MsiExec.exe /X{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}
Microsoft Fix it Center-->MsiExec.exe /X{B7588D45-AFDC-4C93-9E2E-A100F3554B64}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.5-->MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft UI Engine-->MsiExec.exe /I{31B2D73B-4311-4D95-A131-32FB2194D1CB}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{AA027AE9-DD20-4677-AA72-D760A358320B}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable - KB2467175-->MsiExec.exe /X{a0fe116e-9a8a-466f-aee0-625cb7c207e3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox 8.0.1 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
Music, Photos & Videos Launcher-->MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton 360-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\5.1.0.29\InstStub.exe /X /ARP
Norton PC Checkup-->C:\Program Files\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.15.87\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIANetworkDiagnostic-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EFAD4066-CAF3-4B27-9669-12EED352C376} 
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Secunia PSI (2.0.0.4003)-->"C:\Program Files\Secunia\PSI\uninstall.exe"
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Symantec Technical Support Web Controls-->MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
ThreatExpert Memory Scanner 1.0-->"C:\Program Files\ThreatExpert Memory Scanner\unins000.exe"
Trend Micro Web Protection Add-On-->C:\Program Files\InstallShield Installation Information\{808D541D-FDE5-407B-83BE-E4A7689A7A00}\setup.exe -runfromtemp -l0x0009 -removeonly
Uninstall AOL Emergency Connect Utility 1.0-->C:\Program Files\Common Files\AOL\ECU\uninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe" 
VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Family Safety-->MsiExec.exe /I{294BF709-D758-4363-8D75-01479AD20927}
Windows Live Family Safety-->MsiExec.exe /X{F53D678E-238F-4A71-9742-08BB6774E9DC}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{B10914FD-8812-47A4-85A1-50FCDE7F1F33}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
WinPcap 4.1.1-->C:\Program Files\WinPcap\uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

::1 localhost

======Security center information======

AS: Windows Defender (disabled)
AS: SUPERAntiSpyware (disabled)

======System event log======

Computer Name: D-PC
Event Code: 129
Message: Reset to device, \Device\RaidPort0, was issued.
Record Number: 215372
Source Name: nvstor
Time Written: 20110326050309.064200-000
Event Type: Warning
User:

Computer Name: D-PC
Event Code: 7011
Message: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.
Record Number: 215365
Source Name: Service Control Manager
Time Written: 20110326044456.000000-000
Event Type: Error
User:

Computer Name: D-PC
Event Code: 4374
Message: Windows Servicing identified that package KB2524375(Security Update) is not applicable for this system
Record Number: 215281
Source Name: Microsoft-Windows-Servicing
Time Written: 20110325063913.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: D-PC
Event Code: 4374
Message: Windows Servicing identified that package KB2524375(Security Update) is not applicable for this system
Record Number: 215280
Source Name: Microsoft-Windows-Servicing
Time Written: 20110325063913.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: D-PC
Event Code: 4374
Message: Windows Servicing identified that package KB2524375(Security Update) is not applicable for this system
Record Number: 215272
Source Name: Microsoft-Windows-Servicing
Time Written: 20110325063909.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: D-PC
Event Code: 1010
Message: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.
Record Number: 23129
Source Name: Microsoft-Windows-Perflib
Time Written: 20100331174733.000000-000
Event Type: Error
User:

Computer Name: D-PC
Event Code: 1002
Message: The program waol.exe version 9.5.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 4b0 Start Time: 01cad0834561b970 Termination Time: 427
Record Number: 23067
Source Name: Application Hang
Time Written: 20100331061300.000000-000
Event Type: Error
User:

Computer Name: D-PC
Event Code: 1002
Message: The program waol.exe version 9.5.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 12dc Start Time: 01cad079082cea70 Termination Time: 265
Record Number: 23066
Source Name: Application Hang
Time Written: 20100331033553.000000-000
Event Type: Error
User:

Computer Name: D-PC
Event Code: 1008
Message: The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Record Number: 23029
Source Name: Microsoft-Windows-Perflib
Time Written: 20100330151526.000000-000
Event Type: Error
User:

Computer Name: D-PC
Event Code: 1010
Message: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.
Record Number: 23028
Source Name: Microsoft-Windows-Perflib
Time Written: 20100330151526.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: D-PC
Event Code: 1101
Message: Audit events have been dropped by the transport. The real time backup file was corrupt due to improper shutdown.
Record Number: 86114
Source Name: Microsoft-Windows-Eventlog
Time Written: 20101220034751.700200-000
Event Type: Audit Success
User:

Computer Name: D-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 86113
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101218163748.983500-000
Event Type: Audit Success
User:

Computer Name: D-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: D-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x254
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name: 
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi 
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 86112
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101218163748.983500-000
Event Type: Audit Success
User:

Computer Name: D-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: D-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x254
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account's credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 86111
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101218163748.983500-000
Event Type: Audit Success
User:

Computer Name: D-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 86110
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101218163748.390700-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Windows Live\Shared;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"asl.log"=Destination=file;OnFirstLog=command,environment
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


----------



## eddie5659 (Mar 19, 2001)

Okay, as this guy is watching, this is what we're going to do.

First, unsubscribe from this thread for email notifications. You'll still see the replies when you log in, but that's one way.

Second, the logs that get produced, send via PM to me, and I'll work on them that way.

So, at the top of the page, click on My Account | Edit Options.

Under *Default Thread Subscription Mode*, select *No Email Notification*

and Save Changes.


----------



## eddie5659 (Mar 19, 2001)

Do you use the Yahoo Toolbar? You also mentioned about the home page changing, is that correct?


----------



## eddie5659 (Mar 19, 2001)

Forgot to say, can you do this also for Private Messages:

Same place in acount settings, *Private Messaging* | *UNTICK Receive Email Notification of New Private Messages*

Let me know when both are done, as Gmail always shows the content of emails.

Then, we'll begin.

You may want to leave this computer offline, and try to use say a flash drive to copy logs onto (if you can) or a cd-drive, and use the other computers in the house if you can.

If not, just be online to upload the logs for now.

eddie


----------



## eddie5659 (Mar 19, 2001)

Okay, been chatting with some people, and whilst we have the email notifications off, as you think he's hacked the Gmail/AOL account, lets do the majority here 

Have you installed this:

C:\Users\D\Desktop\KeyScrambler

Also, can you delete the copy of ComboFix that you have, and download and run a fresh one from here:

*Link 2*

Rename it before running to Tennis.exe, and then run it.

If you can run this offline, that would be better.

Copy/paste the log here in this reply,

eddie


----------



## eddie5659 (Mar 19, 2001)

Can you uninstall this from AddRemove Programs:

*Viewpoint Media Player*

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
O4 - HKCU\..\RunOnce: [tbInstall_aol] dnUpdate://70756/?Target=IE&Startpage=N&DefaultSearch=Y&S=_NOV_&_VSPEC_== /silent
:Files
C:\Program Files\Viewpoint
C:\ProgramData\Viewpoint
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

-------------------

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:Dir
D:\ /s
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

This will create a long log, and will take some time.


----------

