[Trojan] HJT Log

Author	All Replies
samone4 @verizon.net 1 edit	[Trojan] HJT Log It has been a tough few days. My computer was hacked. I could see the cursor moving around and looking for data. a credit card number was already stolen. Please help. I have tried: Norton 2012, Malwarebytes, Super Anti=Spyware, Spybot, Adware, TrendMicro house call. Other than a few few tracking cookies, the only thing found was by Malwarebytes Anti-Malware. The scan found "PUP.PSWTOOL.productkey" and removed it. Logfile of Trend Micro HijackThis v2.0.2 [Removed as obsolete]
	to forum · permalink · 2011-12-19 18:16:10 ·
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:51 Reviews: ·Comcast Host: TV over IP Software RCN Inside Insight Team Discovery	Hi samone4 Hi, HijackThis is no longer used Please follow all the steps for our forum carefully: »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance Our FAQ will tell you what programs we need and how to attempt to get them to run . It will also show what logs need to be attached to your post - as well as where to locate them Post back when completed, we'll be waiting »Security Cleanup FAQ »How to post for assistance -- ~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
	to forum · permalink · 2011-12-19 19:23:58 ·

LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23	reply to samone4 Also advise what AntiVirus was installed at the time of the infection.
	to forum · permalink · 2011-12-19 19:59:07 ·
Samone4 @verizon.net	Okay, I completed the mandatory steps. All went well with the exception of Quickscan. IE stopped working at 55%. I have attached MBAM, OTL, Extras, Checkup for your reveiw. Thank you.
	to forum · permalink · 2011-12-20 08:41:44 ·
Samone4 @verizon.net	reply to LoPhatPhuud I was using NIS at the time of infection.
	to forum · permalink · 2011-12-20 08:43:33 ·
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:51 Reviews: ·Comcast Host: TV over IP Software RCN Inside Insight Team Discovery	reply to samone4 MBAM Let's open those for easier analysis Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8393 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 12/19/2011 9:17:57 PM mbam-log-2011-12-19 (21-17-57).txt Scan type: Full scan (C:\\|D:\\|E:\\|F:\\|H:\\|Q:\\|) Objects scanned: 476144 Time elapsed: 51 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -- ~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
	to forum · permalink · 2011-12-20 09:48:27 ·
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:51 Reviews: ·Comcast Host: TV over IP Software RCN Inside Insight Team Discovery	reply to samone4 OTL OTL logfile created on: 12/19/2011 9:27:54 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\bedroom\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 4.00 Gb Total Physical Memory \| 1.61 Gb Available Physical Memory \| 40.34% Memory free 8.00 Gb Paging File \| 5.29 Gb Available in Paging File \| 66.17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 906.34 Gb Total Space \| 770.24 Gb Free Space \| 84.98% Space Free \| Partition Type: NTFS Drive E: \| 442.98 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: UDF Drive F: \| 930.86 Gb Total Space \| 759.42 Gb Free Space \| 81.58% Space Free \| Partition Type: NTFS Computer Name: BEDROOM-PC \| User Name: bedroom \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/12/19 20:28:29 \| 000,584,192 \| ---- \| M] (OldTimer Tools) -- C:\Users\bedroom\Desktop\OTL.exe PRC - [2011/11/15 21:52:04 \| 000,059,240 \| ---- \| M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe PRC - [2011/11/13 07:53:42 \| 002,996,592 \| ---- \| M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe PRC - [2011/11/13 07:53:40 \| 000,946,032 \| ---- \| M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe PRC - [2011/11/13 07:53:36 \| 002,120,048 \| ---- \| M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe PRC - [2011/11/13 07:53:28 \| 001,687,408 \| ---- \| M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe PRC - [2011/11/11 18:25:36 \| 000,059,240 \| ---- \| M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2011/11/11 18:18:24 \| 000,059,240 \| ---- \| M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2011/11/01 23:25:58 \| 000,059,240 \| ---- \| M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2011/10/25 18:21:44 \| 001,660,232 \| ---- \| M] (Bootstrap Software Development) -- C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe PRC - [2011/08/10 15:52:54 \| 000,138,760 \| R--- \| M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe PRC - [2011/07/15 02:00:16 \| 000,797,152 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe PRC - [2011/07/15 02:00:16 \| 000,467,424 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie_tray.exe PRC - [2011/06/06 11:55:28 \| 000,064,952 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010/09/14 04:45:56 \| 000,219,496 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010/09/14 04:45:44 \| 000,508,264 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/03/08 02:27:49 \| 000,041,800 \| ---- \| M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1319677066\ee\aolsoftware.exe PRC - [2009/11/19 18:59:24 \| 000,505,344 \| ---- \| M] (ODM) -- C:\Program Files (x86)\OEM\LIVE! OSD 0.08\osd.exe PRC - [2009/11/16 08:27:48 \| 000,240,992 \| ---- \| M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe PRC - [2009/09/28 16:56:18 \| 000,140,640 \| ---- \| M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2009/09/22 22:24:26 \| 000,013,600 \| ---- \| M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2009/08/25 10:49:50 \| 000,225,280 \| ---- \| M] (JME) -- C:\Program Files (x86)\jmesoft\hotkey.exe PRC - [2009/07/09 16:41:20 \| 010,429,160 \| ---- \| M] (WiLife) -- C:\Program Files (x86)\WiLife Command Center\Werks.exe PRC - [2009/06/03 22:59:02 \| 000,103,720 \| ---- \| M] (CyberLink) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe PRC - [2009/01/26 15:31:10 \| 001,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/01/11 19:50:16 \| 000,030,312 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007/01/04 21:48:50 \| 000,112,152 \| ---- \| M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/12/07 06:16:28 \| 000,411,192 \| ---- \| M] () -- C:\Users\bedroom\AppData\Local\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll MOD - [2011/12/07 06:16:27 \| 003,767,864 \| ---- \| M] () -- C:\Users\bedroom\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll MOD - [2011/12/07 06:14:56 \| 000,122,952 \| ---- \| M] () -- C:\Users\bedroom\AppData\Local\Google\Chrome\Application\16.0.912.63\avutil-51.dll MOD - [2011/12/07 06:14:55 \| 000,222,280 \| ---- \| M] () -- C:\Users\bedroom\AppData\Local\Google\Chrome\Application\16.0.912.63\avformat-53.dll MOD - [2011/12/07 06:14:53 \| 001,746,504 \| ---- \| M] () -- C:\Users\bedroom\AppData\Local\Google\Chrome\Application\16.0.912.63\avcodec-53.dll MOD - [2011/10/27 17:21:05 \| 000,220,672 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll MOD - [2011/10/27 17:20:31 \| 000,252,928 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.DWUpdateSer#\cab2a91806cc720062e006c4376e9148\Interop.DWUpdateServiceLib.ni.dll MOD - [2011/10/27 17:20:31 \| 000,052,736 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.EventSystem#\5110e96ab46bc11217be36ed7900619e\Interop.EventSystemLib.ni.dll MOD - [2011/10/27 17:20:31 \| 000,049,152 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PerformAdminAction\09f898accf36f5c1a5729f258342660d\PerformAdminAction.ni.dll MOD - [2011/10/27 17:20:31 \| 000,044,544 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.NetFwTypeLib\bfc6792b4659b582eb672951e61519b9\Interop.NetFwTypeLib.ni.dll MOD - [2011/10/27 17:20:30 \| 000,076,288 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Wilife.XMPP.Packets#\07081ede8bd11918b5df3089547adb4c\Wilife.XMPP.Packets.RemoteViewing.VideoSearchPacket.ni.dll MOD - [2011/10/27 17:20:30 \| 000,048,640 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Wilife.XMPP.Packets#\f15ee7d5ab555692c03a8c613935f834\Wilife.XMPP.Packets.RemoteViewing.VideoStreamPacket.ni.dll MOD - [2011/10/27 17:20:30 \| 000,045,568 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Wilife.XMPP.Packets#\a2ebc4ac28316e1bbbab9d67e1ddd88e\Wilife.XMPP.Packets.RemoteViewing.RegisterSitePacket.ni.dll MOD - [2011/10/27 17:20:30 \| 000,029,696 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Wilife.XMPP.Packets#\24a354605ff3eb94a45b8ff8fbde5893\Wilife.XMPP.Packets.RemoteViewing.VideoStoragePacket.ni.dll MOD - [2011/10/27 17:20:29 \| 002,079,744 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\coversant.corlib\d8bf3a0a893efe6dc78e50a73eb6aea7\coversant.corlib.ni.dll MOD - [2011/10/27 17:20:29 \| 000,150,528 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Coversant.Win32\6a28569ac2e9d796e4bf1bdd83c5ba0d\Coversant.Win32.ni.dll MOD - [2011/10/27 17:20:29 \| 000,063,488 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Wilife.XMPP.Packets#\489163a66ee8c1048f7b3166d5ab0a42\Wilife.XMPP.Packets.RemoteViewing.CameraPacket.ni.dll MOD - [2011/10/27 17:20:29 \| 000,030,720 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Wilife.XMPP.Packets#\ce5bc18bee1018f02b58b89057476992\Wilife.XMPP.Packets.RemoteViewing.RegisterCameraPacket.ni.dll MOD - [2011/10/27 17:20:29 \| 000,026,112 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Wilife.XMPP.Packets#\f2732317dc6cee541bc3487afd225153\Wilife.XMPP.Packets.RemoteViewing.SiteSettingsPacket.ni.dll MOD - [2011/10/27 17:20:27 \| 002,334,208 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Coversant.SoapBox\49c046758aae7b44fafc69e872b94436\Coversant.SoapBox.ni.dll MOD - [2011/10/27 15:57:15 \| 000,182,784 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WiLife.Werks.XMPP\d4a3d1b00173335900aaf4f03c5cee51\WiLife.Werks.XMPP.ni.dll MOD - [2011/10/27 15:57:15 \| 000,078,336 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WiLife.Logging\23e159e0451466e301a6341351098006\WiLife.Logging.ni.dll MOD - [2011/10/27 15:57:14 \| 000,535,040 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\MindFusion.Common\7a6a150950548db783ffbadfe065c735\MindFusion.Common.ni.dll MOD - [2011/10/27 15:57:14 \| 000,319,488 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Wilife.Core\91f62ca9d6794ccd786aede7e8304d7c\Wilife.Core.ni.dll MOD - [2011/10/27 15:57:14 \| 000,236,032 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\RemoteServices\1c0d67a4bbe3760a62524807e400252b\RemoteServices.ni.dll MOD - [2011/10/27 15:57:14 \| 000,075,264 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.SensEvents\92a40581e17a4554b87d07a840871e10\Interop.SensEvents.ni.dll MOD - [2011/10/27 15:57:13 \| 002,792,960 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Calendar\3b251fd69adf1993a1bea86406c1a43b\Calendar.ni.dll MOD - [2011/10/27 15:57:10 \| 014,599,168 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Werks\762bbc873f60acf97e550b272b451d2b\Werks.ni.exe MOD - [2011/10/27 15:43:52 \| 001,840,640 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a512243ee9900e621fb8cd990a9c679d\System.Web.Services.ni.dll MOD - [2011/10/27 15:43:43 \| 006,611,456 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll MOD - [2011/10/27 15:43:21 \| 012,433,408 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011/10/27 15:43:15 \| 001,587,200 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011/10/27 15:43:01 \| 000,680,448 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccba14fc93de40f4f53d401f07b9bcb8\System.Security.ni.dll MOD - [2011/10/27 15:42:58 \| 005,453,312 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011/10/27 15:42:55 \| 000,971,264 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011/10/27 15:42:54 \| 007,963,648 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011/10/27 15:42:50 \| 011,490,304 \| ---- \| M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011/09/27 06:23:00 \| 000,087,912 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 06:22:40 \| 001,242,472 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/07/25 03:47:10 \| 001,135,104 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll MOD - [2011/07/25 03:29:36 \| 000,837,632 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll MOD - [2011/07/25 03:13:54 \| 001,305,088 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll MOD - [2011/07/18 04:22:32 \| 001,747,456 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll MOD - [2011/07/18 03:49:22 \| 005,945,856 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll MOD - [2011/07/17 21:28:56 \| 000,409,088 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_TrafficMeter.dll MOD - [2011/07/17 20:17:14 \| 001,003,520 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll MOD - [2011/07/15 02:00:16 \| 000,797,152 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe MOD - [2011/07/15 02:00:16 \| 000,467,424 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie_tray.exe MOD - [2011/07/15 01:56:44 \| 000,149,504 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll MOD - [2011/07/14 22:29:18 \| 000,270,336 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_FirmwareUpdate.dll MOD - [2011/07/14 22:19:42 \| 000,613,888 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll MOD - [2011/06/23 02:09:24 \| 000,495,104 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll MOD - [2011/06/22 03:29:30 \| 000,573,952 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll MOD - [2011/06/22 03:29:30 \| 000,134,656 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll MOD - [2011/06/21 20:28:18 \| 000,116,224 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll MOD - [2011/06/21 20:28:18 \| 000,076,288 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll MOD - [2011/06/21 04:59:36 \| 000,467,456 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll MOD - [2011/06/21 04:59:36 \| 000,188,416 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Info.dll MOD - [2011/06/21 04:15:36 \| 000,186,368 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll MOD - [2011/06/21 04:14:28 \| 000,433,664 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\topologylib.dll MOD - [2011/06/21 04:14:28 \| 000,180,224 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\ping.dll MOD - [2011/06/21 04:14:28 \| 000,093,184 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\netscanlib.dll MOD - [2011/06/21 04:14:28 \| 000,091,136 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\netbioslib.dll MOD - [2011/06/21 04:14:28 \| 000,089,088 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\pinglib.dll MOD - [2011/06/21 04:14:28 \| 000,076,800 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\netscan.dll MOD - [2011/06/21 04:14:28 \| 000,072,704 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\netbios.dll MOD - [2011/06/21 03:52:00 \| 000,128,512 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_FeedBack.dll MOD - [2011/06/21 02:43:56 \| 009,814,016 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll MOD - [2011/06/21 02:43:56 \| 002,537,472 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll MOD - [2011/06/21 02:43:56 \| 001,140,224 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll MOD - [2011/06/21 02:43:56 \| 000,399,360 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll MOD - [2011/06/21 02:43:56 \| 000,287,232 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll MOD - [2011/06/21 02:43:56 \| 000,159,232 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtTest4.dll MOD - [2011/06/21 02:43:56 \| 000,083,456 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll MOD - [2011/06/21 02:43:56 \| 000,083,456 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll MOD - [2011/06/21 02:43:56 \| 000,043,008 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll MOD - [2011/06/21 02:43:56 \| 000,011,362 \| ---- \| M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll MOD - [2010/11/04 20:58:05 \| 002,927,616 \| ---- \| M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/11/04 20:57:39 \| 000,069,120 \| ---- \| M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2009/08/21 11:27:58 \| 000,028,672 \| ---- \| M] () -- C:\Program Files (x86)\jmesoft\hidhook.dll MOD - [2009/08/21 10:35:52 \| 000,032,768 \| ---- \| M] () -- C:\Program Files (x86)\jmesoft\KeyHook.dll MOD - [2009/07/09 16:37:50 \| 000,091,648 \| ---- \| M] () -- C:\Program Files (x86)\WiLife Command Center\LUKSDKUPnPDeviceStack.dll MOD - [2009/07/09 16:37:14 \| 000,090,112 \| ---- \| M] () -- C:\Program Files (x86)\WiLife Command Center\RemoteServices.XmlSerializers.dll MOD - [2009/07/09 16:30:50 \| 000,051,200 \| ---- \| M] () -- C:\Program Files (x86)\WiLife Command Center\Coversant.Win32.dll MOD - [2009/06/03 22:59:14 \| 000,013,096 \| ---- \| M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll MOD - [2009/06/03 22:59:02 \| 000,619,816 \| ---- \| M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll -- ~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
	to forum · permalink · 2011-12-20 09:49:42 ·
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:51 Reviews: ·Comcast Host: TV over IP Software RCN Inside Insight Team Discovery	reply to samone4 [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:64bit: - [2011/08/11 18:38:04 \| 000,140,672 \| ---- \| M] (SUPERAntiSpyware.com) [Auto \| Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2010/01/21 16:24:56 \| 000,130,048 \| ---- \| M] (WDC) [Auto \| Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV:64bit: - [2009/09/22 22:24:24 \| 000,873,248 \| ---- \| M] (Broadcom Corporation.) [Auto \| Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009/07/13 20:41:27 \| 001,011,712 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011/12/19 09:33:45 \| 002,152,152 \| ---- \| M] (Lavasoft Limited) [On_Demand \| Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011/12/12 11:03:40 \| 000,290,832 \| ---- \| M] (Verizon) [Auto \| Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter) SRV - [2011/11/13 07:53:40 \| 000,946,032 \| ---- \| M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto \| Running] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC) SRV - [2011/08/10 15:52:54 \| 000,138,760 \| R--- \| M] (Symantec Corporation) [Unknown \| Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS) SRV - [2011/07/25 21:18:04 \| 001,371,104 \| ---- \| M] (NETGEAR) [Auto \| Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon) SRV - [2011/06/06 11:55:28 \| 000,064,952 \| ---- \| M] (Adobe Systems Incorporated) [Auto \| Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/10/22 12:08:18 \| 001,039,360 \| ---- \| M] (Hewlett-Packard Co.) [Auto \| Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010/09/14 04:45:56 \| 000,219,496 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010/09/14 04:45:44 \| 000,508,264 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/03/18 12:16:28 \| 000,130,384 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/16 08:58:08 \| 000,020,480 \| ---- \| M] (Memeo) [Auto \| Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService) SRV - [2009/06/10 16:23:09 \| 000,066,384 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/01/26 15:31:10 \| 001,153,368 \| ---- \| M] (Safer Networking Ltd.) [Auto \| Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008/01/11 19:50:16 \| 000,030,312 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007/01/04 21:48:50 \| 000,112,152 \| ---- \| M] (InterVideo) [Auto \| Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006/10/23 07:50:35 \| 000,046,640 \| R--- \| M] (AOL LLC) [On_Demand \| Stopped] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - [2011/12/12 16:13:11 \| 000,035,344 \| ---- \| M] (CACE Technologies, Inc.) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2011/12/12 10:07:32 \| 000,069,376 \| ---- \| M] (Lavasoft AB) [File_System \| Boot \| Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2011/12/07 16:36:43 \| 000,174,200 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011/09/26 19:38:11 \| 001,084,024 \| ---- \| M] (Symantec Corporation) [File_System \| Boot \| Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys -- (SymEFA) DRV:64bit: - [2011/09/02 04:01:56 \| 000,251,648 \| ---- \| M] (Vimicro Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\vmc412.sys -- (VMC412) DRV:64bit: - [2011/08/08 18:38:05 \| 000,167,048 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2011/08/02 21:22:10 \| 000,729,720 \| ---- \| M] (Symantec Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011/08/02 21:22:10 \| 000,037,496 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2011/08/02 16:38:56 \| 000,051,712 \| ---- \| M] (Apple, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/07/26 19:51:01 \| 000,043,640 \| R--- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM) DRV:64bit: - [2011/07/25 21:18:39 \| 000,401,016 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys -- (SymNetS) DRV:64bit: - [2011/07/25 21:18:36 \| 000,451,192 \| R--- \| M] (Symantec Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys -- (SymDS) DRV:64bit: - [2011/07/25 21:15:52 \| 000,189,560 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys -- (SymIRON) DRV:64bit: - [2011/07/22 11:26:56 \| 000,014,928 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel \| System \| Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2011/07/12 16:55:18 \| 000,012,368 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel \| System \| Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2011/06/10 05:34:52 \| 000,539,240 \| ---- \| M] (Realtek ) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/03/11 01:41:12 \| 000,107,904 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 \| 000,027,008 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 08:33:35 \| 000,078,720 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 06:07:05 \| 000,059,392 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/09/14 04:45:52 \| 000,022,376 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010/09/14 04:45:50 \| 000,025,960 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010/09/14 04:45:48 \| 000,268,648 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010/09/14 04:45:44 \| 000,760,168 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2009/08/28 06:15:34 \| 000,098,344 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009/08/28 06:15:32 \| 000,132,648 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009/08/28 06:15:26 \| 000,021,160 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009/08/13 18:20:00 \| 002,769,400 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/07/21 16:20:06 \| 000,121,840 \| ---- \| M] (CyberLink) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009/07/15 21:31:24 \| 001,383,680 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\atinavrr.sys -- (ATIAVPCI) DRV:64bit: - [2009/07/13 20:52:20 \| 000,194,128 \| ---- \| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 \| 000,065,600 \| ---- \| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 \| 000,024,656 \| ---- \| M] (Promise Technology) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 16:59:33 \| 005,020,672 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/07/09 16:32:26 \| 000,035,352 \| R--- \| M] (Logitech, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\WLRAWMp50x64.sys -- (WLRAWMp50x64) DRV:64bit: - [2009/07/09 16:32:26 \| 000,034,328 \| R--- \| M] (Logitech, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\WLRAWSp50x64.sys -- (WLRAWSp50x64) DRV:64bit: - [2009/07/09 16:31:36 \| 000,032,280 \| ---- \| M] (Intellon Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\usbethmp.sys -- (A_USBETHMP) DRV:64bit: - [2009/06/30 23:46:58 \| 000,052,264 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009/06/10 15:37:05 \| 006,108,416 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 15:35:53 \| 000,051,712 \| ---- \| M] (Realtek Semiconductor Corporation ) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64) DRV:64bit: - [2009/06/10 15:35:33 \| 000,389,120 \| ---- \| M] (Marvell) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 15:34:33 \| 003,286,016 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 \| 000,468,480 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 \| 000,270,848 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 \| 000,031,232 \| ---- \| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/05 19:17:30 \| 000,011,848 \| ---- \| M] () [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\spio.sys -- (SuperIO) DRV:64bit: - [2009/05/18 12:17:08 \| 000,034,152 \| ---- \| M] (GEAR Software Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/04/07 02:33:08 \| 000,035,104 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2008/08/06 14:32:16 \| 000,151,656 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2008/05/06 15:06:00 \| 000,014,464 \| ---- \| M] (Western Digital Technologies) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2007/04/16 22:51:50 \| 000,014,112 \| R--- \| M] (InterVideo) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV:64bit: - [2006/11/29 17:24:49 \| 000,024,064 \| ---- \| M] (America Online, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw) WAN Miniport (ATW) DRV - [2011/12/19 15:51:24 \| 002,048,632 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111219.001\ex64.sys -- (NAVEX15) DRV - [2011/12/19 15:51:24 \| 000,117,880 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111219.001\eng64.sys -- (NAVENG) DRV - [2011/12/19 09:33:48 \| 000,017,152 \| ---- \| M] () [Kernel \| On_Demand \| Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2011/12/08 16:46:00 \| 000,138,360 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011/12/07 16:58:09 \| 000,482,936 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2011/12/07 15:43:12 \| 000,488,568 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111219.001\IDSviA64.sys -- (IDSVia64) DRV - [2011/11/23 23:08:44 \| 001,156,216 \| ---- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111210.003\BHDrvx64.sys -- (BHDrvx64) DRV - [2009/07/13 20:19:10 \| 000,019,008 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/09 16:32:26 \| 000,035,352 \| R--- \| M] (Logitech, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\WLRAWMp50x64.sys -- (WLRAWMp50x64) DRV - [2009/07/09 16:32:26 \| 000,034,328 \| R--- \| M] (Logitech, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysWOW64\drivers\WLRAWSp50x64.sys -- (WLRAWSp50x64) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = »www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = »www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = »www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = »www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = »www.google.com/ie IE - HKCU\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local [color=#E56717]========== FireFox ==========[/color] FF:64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\bedroom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\bedroom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/27 15:02:13 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2011/10/27 15:03:31 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/10/27 16:03:32 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2011/12/08 17:09:31 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2011/12/19 20:24:30 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/15 15:16:26 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/27 15:02:13 \| 000,000,000 \| ---D \| M] [2011/10/26 20:12:23 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\bedroom\AppData\Roaming\Mozilla\Extensions () (No name found) -- C:\USERS\BEDROOM\APPDATA\ROAMING\THUNDERBIRD\PROFILES\PKWWBNBZ.DEFAULT\EXTENSIONS\EXTRA-COLS@JMINTA_GMAIL.COM.XPI [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\bedroom\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\bedroom\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\bedroom\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\bedroom\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Offline Google Mail = C:\Users\bedroom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.13_0\ CHR - Extension: Norton Identity Protection = C:\Users\bedroom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.2.1.6_0\ O1 HOSTS File: ([2009/06/10 16:00:26 \| 000,000,824 \| ---- \| M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Coupons.com Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll (Conduit Ltd.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Coupons.com Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com Toolbar) - {37153479-1976-43C3-A1EE-557513977B64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1319677066\ee\aolsoftware.exe (AOL Inc.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe (JME) O4 - HKLM..\Run: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe (Lenovo (Shenzhen) Electronic Co., Ltd.) O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe (Microsoft Corp.) O4 - HKLM..\Run: [SetDefaultSCR] C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe (Lenovo) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WiLife Command Center] C:\Program Files (x86)\WiLife Command Center\Werks.exe (WiLife) O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot File not found O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [cdloader] C:\Users\bedroom\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.) O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [NETGEARGenie] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [Verizon Media Manager] C:\Program Files (x86)\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Reg Error: Key error.) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} »h20614.www2.hp.com/ediags/gmd/In···114a.cab (GMNRev Class) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} »trial.trymicrosoftoffice.com/tri···rc32.ocx (WRC Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC7E224F-E0B2-474C-9D3D-D25A99099506}: DhcpNameServer = 10.0.0.1 O18:64bit: - Protocol\Handler\belarc - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/01/28 15:00:27 \| 000,000,088 \| ---- \| M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{57395c78-002b-11e1-a2e1-4487fc68d953}\Shell - "" = AutoRun O33 - MountPoints2\{57395c78-002b-11e1-a2e1-4487fc68d953}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- [2010/01/21 19:13:40 \| 003,330,848 \| ---- \| M] (Western Digital) O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/12/19 20:28:29 \| 000,584,192 \| ---- \| C] (OldTimer Tools) -- C:\Users\bedroom\Desktop\OTL.exe [2011/12/19 20:18:59 \| 000,446,464 \| ---- \| C] (OldTimer Tools) -- C:\Users\bedroom\Desktop\TFC.exe [2011/12/19 17:49:41 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Trend Micro [2011/12/19 17:49:41 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis [2011/12/19 17:36:28 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Belarc [2011/12/19 09:34:09 \| 000,055,384 \| ---- \| C] (Sunbelt Software) -- C:\windows\SysNative\drivers\SBREDrv.sys [2011/12/19 09:31:50 \| 000,069,376 \| ---- \| C] (Lavasoft AB) -- C:\windows\SysNative\drivers\Lbd.sys [2011/12/19 09:31:37 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011/12/19 09:31:37 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Lavasoft [2011/12/19 09:31:36 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Lavasoft [2011/12/18 22:09:50 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\ESET [2011/12/18 15:57:53 \| 000,000,000 \| ---D \| C] -- C:\Users\bedroom\AppData\Roaming\SUPERAntiSpyware.com [2011/12/18 15:57:33 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011/12/18 15:57:31 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\SUPERAntiSpyware.com [2011/12/18 15:57:31 \| 000,000,000 \| ---D \| C] -- C:\Program Files\SUPERAntiSpyware [2011/12/18 15:56:36 \| 013,629,488 \| ---- \| C] (SUPERAntiSpyware.com) -- C:\Users\bedroom\Desktop\SUPERAntiSpyware.exe [2011/12/18 15:55:31 \| 000,000,000 \| ---D \| C] -- C:\Users\bedroom\AppData\Local\CrashDumps [2011/12/18 15:48:47 \| 000,000,000 \| ---D \| C] -- C:\Users\bedroom\AppData\Roaming\WinPatrol [2011/12/18 11:53:32 \| 000,000,000 \| ---D \| C] -- C:\Users\bedroom\AppData\Roaming\Malwarebytes [2011/12/18 11:53:19 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/12/18 11:53:19 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2011/12/18 11:53:15 \| 000,025,416 \| ---- \| C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2011/12/18 11:53:15 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/12/18 11:25:49 \| 000,043,640 \| R--- \| C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SymIMV.sys [2011/12/17 09:37:32 \| 000,000,000 \| ---D \| C] -- C:\Users\bedroom\AppData\Roaming\Verizon [2011/12/17 09:37:23 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon Media Manager [2011/12/17 09:37:15 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Verizon [2011/12/16 19:12:54 \| 000,000,000 \| ---D \| C] -- C:\Users\bedroom\Documents\mid-dec.flyer-canisterhostbonusandofferstill12-30only [2011/12/15 14:01:34 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Verizon [2011/12/15 14:01:11 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon [2011/12/15 14:00:37 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Verizon [2011/12/15 13:38:20 \| 000,000,000 \| ---D \| C] -- C:\Users\bedroom\AppData\Roaming\TechWizard [2011/12/15 03:02:36 \| 000,096,256 \| ---- \| C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2011/12/15 03:02:36 \| 000,072,704 \| ---- \| C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2011/12/15 03:02:35 \| 000,237,056 \| ---- \| C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2011/12/15 03:02:35 \| 000,231,936 \| ---- \| C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2011/12/15 03:02:34 \| 000,248,320 \| ---- \| C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2011/12/15 03:02:34 \| 000,176,640 \| ---- \| C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2011/12/15 03:02:33 \| 002,309,120 \| ---- \| C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2011/12/15 03:02:33 \| 001,493,504 \| ---- \| C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2011/12/15 03:02:33 \| 001,427,456 \| ---- \| C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2011/12/15 03:02:33 \| 000,818,688 \| ---- \| C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2011/12/15 03:02:33 \| 000,716,800 \| ---- \| C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2011/12/14 18:08:17 \| 000,043,520 \| ---- \| C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll [2011/12/14 18:08:13 \| 000,723,456 \| ---- \| C] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll [2011/12/14 18:08:13 \| 000,534,528 \| ---- \| C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll [2011/12/13 15:05:03 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011/12/13 15:04:34 \| 000,000,000 \| ---D \| C] -- C:\Program Files\iTunes [2011/12/13 15:04:34 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\iTunes [2011/12/13 15:04:34 \| 000,000,000 \| ---D \| C] -- C:\Program Files\iPod [2011/12/13 10:06:42 \| 000,000,000 \| ---D \| C] -- C:\Users\bedroom\Desktop\New folder [2011/12/12 16:13:47 \| 000,000,000 \| ---D \| C] -- C:\Users\bedroom\NETGEARGenie [2011/12/12 16:13:11 \| 000,369,168 \| ---- \| C] (CACE Technologies, Inc.) -- C:\windows\SysNative\wpcap.dll [2011/12/12 16:13:11 \| 000,281,104 \| ---- \| C] (CACE Technologies, Inc.) -- C:\windows\SysWow64\wpcap.dll [2011/12/12 16:13:11 \| 000,106,000 \| ---- \| C] (CACE Technologies, Inc.) -- C:\windows\SysNative\packet.dll [2011/12/12 16:13:11 \| 000,096,784 \| ---- \| C] (CACE Technologies, Inc.) -- C:\windows\SysWow64\packet.dll [2011/12/12 16:13:11 \| 000,035,344 \| ---- \| C] (CACE Technologies, Inc.) -- C:\windows\SysNative\drivers\npf.sys [2011/12/12 16:13:07 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\NETGEAR Genie [2011/12/08 17:08:29 \| 000,000,000 \| ---D \| C] -- C:\Users\bedroom\AppData\Local\tjnet [2011/12/08 17:03:31 \| 000,000,000 \| ---D \| C] -- C:\Users\bedroom\AppData\Local\ElevatedDiagnostics [2011/12/07 19:37:36 \| 000,401,016 \| ---- \| C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys [2011/12/07 19:37:35 \| 001,084,024 \| ---- \| C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys [2011/12/07 19:37:35 \| 000,729,720 \| ---- \| C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys [2011/12/07 19:37:35 \| 000,451,192 \| R--- \| C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys [2011/12/07 19:37:35 \| 000,189,560 \| ---- \| C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys [2011/12/07 19:37:35 \| 000,167,048 \| ---- \| C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys [2011/12/07 19:37:35 \| 000,037,496 \| ---- \| C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys [2011/12/07 19:37:21 \| 000,000,000 \| ---D \| C] -- C:\windows\SysNative\drivers\NISx64\1302000.00A [2011/12/07 17:47:11 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2011/12/07 16:43:10 \| 000,000,000 \| ---D \| C] -- C:\Users\bedroom\Documents\Symantec [2011/12/07 16:36:43 \| 000,174,200 \| ---- \| C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS [2011/12/07 16:36:43 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Symantec Shared [2011/12/07 16:36:43 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Symantec [2011/12/07 16:35:55 \| 000,000,000 \| ---D \| C] -- C:\windows\SysNative\drivers\NISx64 [2011/12/07 16:35:53 \| 000,000,000 \| R--D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2011/12/07 16:35:53 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Norton Internet Security [2011/12/07 16:35:53 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Norton [2011/12/07 16:35:45 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\NortonInstaller [2011/11/28 13:42:40 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\magicJack [2011/11/28 13:42:23 \| 000,000,000 \| ---D \| C] -- C:\Users\bedroom\AppData\Roaming\mjusbsp [2011/11/28 13:42:15 \| 000,000,000 \| ---D \| C] -- C:\Users\bedroom\AppData\Local\magicJack [2011/11/21 12:56:36 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\WD_SmartWareCommon [2011/11/21 12:48:42 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\DESIGNER [2011/11/21 12:39:47 \| 000,000,000 \| ---D \| C] -- C:\Users\bedroom\AppData\Local\Western_Digital [2011/11/21 12:38:42 \| 000,000,000 \| ---D \| C] -- C:\Users\bedroom\AppData\Roaming\Western Digital [2011/11/21 12:38:27 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Western Digital [2011/11/21 12:38:07 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Western Digital [2011/11/21 12:38:06 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Western Digital [2011/11/21 12:38:06 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare [2011/11/20 11:49:48 \| 000,000,000 \| ---D \| C] -- C:\Users\bedroom\AppData\Local\MediaMonkey [2011/11/20 11:49:39 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey [2011/11/20 11:49:29 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\MediaMonkey [2011/11/20 11:49:27 \| 000,000,000 \| ---D \| C] -- C:\Users\bedroom\AppData\Roaming\MediaMonkey [2011/11/20 11:49:23 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\MediaMonkey [2010/03/22 23:51:48 \| 001,914,000 \| ---- \| C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe -- ~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
	to forum · permalink · 2011-12-20 09:50:37 ·
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:51 Reviews: ·Comcast Host: TV over IP Software RCN Inside Insight Team Discovery	[color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/12/19 21:00:01 \| 000,000,916 \| ---- \| M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1666440477-931179236-1171604352-1004UA.job [2011/12/19 21:00:01 \| 000,000,864 \| ---- \| M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1666440477-931179236-1171604352-1004Core.job [2011/12/19 20:41:16 \| 000,000,900 \| ---- \| M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011/12/19 20:30:04 \| 000,017,952 \| -H-- \| M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/12/19 20:30:04 \| 000,017,952 \| -H-- \| M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/12/19 20:28:29 \| 000,584,192 \| ---- \| M] (OldTimer Tools) -- C:\Users\bedroom\Desktop\OTL.exe [2011/12/19 20:27:25 \| 000,929,944 \| ---- \| M] () -- C:\windows\SysNative\PerfStringBackup.INI [2011/12/19 20:27:25 \| 000,760,532 \| ---- \| M] () -- C:\windows\SysNative\perfh009.dat [2011/12/19 20:27:25 \| 000,169,168 \| ---- \| M] () -- C:\windows\SysNative\perfc009.dat [2011/12/19 20:21:28 \| 000,000,896 \| ---- \| M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011/12/19 20:21:24 \| 000,067,584 \| --S- \| M] () -- C:\windows\bootstat.dat [2011/12/19 20:21:08 \| 3220,627,456 \| -HS- \| M] () -- C:\hiberfil.sys [2011/12/19 20:19:38 \| 000,446,464 \| ---- \| M] (OldTimer Tools) -- C:\Users\bedroom\Desktop\TFC.exe [2011/12/19 17:49:41 \| 000,002,093 \| ---- \| M] () -- C:\Users\bedroom\Desktop\HijackThis.lnk [2011/12/19 17:36:29 \| 000,002,088 \| ---- \| M] () -- C:\Users\bedroom\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk [2011/12/19 17:36:29 \| 000,002,064 \| ---- \| M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk [2011/12/19 09:33:48 \| 000,055,384 \| ---- \| M] (Sunbelt Software) -- C:\windows\SysNative\drivers\SBREDrv.sys [2011/12/19 09:31:51 \| 001,770,039 \| ---- \| M] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB [2011/12/19 09:01:03 \| 000,864,285 \| ---- \| M] () -- C:\Users\bedroom\AppData\Local\census.cache [2011/12/19 09:00:18 \| 000,132,435 \| ---- \| M] () -- C:\Users\bedroom\AppData\Local\ars.cache [2011/12/19 08:50:26 \| 000,000,036 \| ---- \| M] () -- C:\Users\bedroom\AppData\Local\housecall.guid.cache [2011/12/18 15:57:35 \| 000,001,808 \| ---- \| M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/12/18 15:57:19 \| 013,629,488 \| ---- \| M] (SUPERAntiSpyware.com) -- C:\Users\bedroom\Desktop\SUPERAntiSpyware.exe [2011/12/18 12:06:01 \| 000,119,808 \| ---- \| M] () -- C:\Users\bedroom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/18 11:53:21 \| 000,001,109 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/12/18 04:06:25 \| 000,002,368 \| ---- \| M] () -- C:\{C5F6D78B-7C2A-4D7F-A95E-E96C79B4555E} [2011/12/18 03:18:16 \| 000,000,999 \| ---- \| M] () -- C:\Users\bedroom\Desktop\magicJack.lnk [2011/12/17 09:37:24 \| 000,001,435 \| ---- \| M] () -- C:\Users\Public\Desktop\Verizon Media Manager.lnk [2011/12/16 19:12:54 \| 002,603,862 \| ---- \| M] () -- C:\Users\bedroom\Documents\mid-dec.flyer-canisterhostbonusandofferstill12-30only.zip [2011/12/16 19:01:07 \| 000,002,369 \| ---- \| M] () -- C:\Users\bedroom\Desktop\Google Chrome.lnk [2011/12/15 14:01:08 \| 000,000,260 \| ---- \| M] () -- C:\windows\SysWow64\cmdVBS.vbs [2011/12/15 14:01:08 \| 000,000,256 \| ---- \| M] () -- C:\windows\SysWow64\MSIevent.bat [2011/12/15 14:00:40 \| 000,002,727 \| ---- \| M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk [2011/12/15 12:02:02 \| 001,381,721 \| ---- \| M] () -- C:\Users\bedroom\Documents\PizzarelliGlassorder.pdf [2011/12/15 10:17:06 \| 000,000,822 \| ---- \| M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/12/15 03:24:08 \| 000,433,544 \| ---- \| M] () -- C:\windows\SysNative\FNTCACHE.DAT [2011/12/13 15:05:05 \| 000,001,783 \| ---- \| M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/12/12 16:13:25 \| 000,002,056 \| ---- \| M] () -- C:\Users\Public\Desktop\NETGEAR Genie.lnk [2011/12/12 16:13:11 \| 000,369,168 \| ---- \| M] (CACE Technologies, Inc.) -- C:\windows\SysNative\wpcap.dll [2011/12/12 16:13:11 \| 000,281,104 \| ---- \| M] (CACE Technologies, Inc.) -- C:\windows\SysWow64\wpcap.dll [2011/12/12 16:13:11 \| 000,106,000 \| ---- \| M] (CACE Technologies, Inc.) -- C:\windows\SysNative\packet.dll [2011/12/12 16:13:11 \| 000,096,784 \| ---- \| M] (CACE Technologies, Inc.) -- C:\windows\SysWow64\packet.dll [2011/12/12 16:13:11 \| 000,035,344 \| ---- \| M] (CACE Technologies, Inc.) -- C:\windows\SysNative\drivers\npf.sys [2011/12/12 13:03:49 \| 001,746,286 \| ---- \| M] () -- C:\Users\bedroom\Documents\PizzarelliCorrectedquotewithfreightcharge.pdf [2011/12/12 10:07:32 \| 000,069,376 \| ---- \| M] (Lavasoft AB) -- C:\windows\SysNative\drivers\Lbd.sys [2011/12/08 17:08:25 \| 000,002,501 \| ---- \| M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2011/12/07 19:37:38 \| 000,004,782 \| ---- \| M] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023 [2011/12/07 17:08:39 \| 000,001,945 \| ---- \| M] () -- C:\windows\epplauncher.mif [2011/12/07 16:36:43 \| 000,174,200 \| ---- \| M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS [2011/12/07 16:36:43 \| 000,007,530 \| ---- \| M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT [2011/12/07 16:36:43 \| 000,000,855 \| ---- \| M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF [2011/12/06 11:00:26 \| 000,057,781 \| ---- \| M] () -- C:\Users\bedroom\Documents\Inv_6548_from_Quivett_Creek_Landscaping_Inc._19516.pdf [2011/11/28 09:03:00 \| 000,026,894 \| ---- \| M] () -- C:\Users\bedroom\Documents\ChristmasLights.jpg [2011/11/22 13:42:01 \| 000,001,131 \| ---- \| M] () -- C:\Users\bedroom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk [2011/11/22 10:54:26 \| 000,085,204 \| ---- \| M] () -- C:\Users\bedroom\Documents\image0011.jpg [2011/11/21 12:38:19 \| 000,001,373 \| ---- \| M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2011/11/21 12:38:19 \| 000,001,318 \| ---- \| M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2011/11/20 11:49:41 \| 000,001,043 \| ---- \| M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/12/19 17:49:41 \| 000,002,093 \| ---- \| C] () -- C:\Users\bedroom\Desktop\HijackThis.lnk [2011/12/19 17:36:29 \| 000,002,088 \| ---- \| C] () -- C:\Users\bedroom\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk [2011/12/19 17:36:28 \| 000,002,076 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk [2011/12/19 17:36:28 \| 000,002,064 \| ---- \| C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk [2011/12/19 09:01:03 \| 000,864,285 \| ---- \| C] () -- C:\Users\bedroom\AppData\Local\census.cache [2011/12/19 09:00:18 \| 000,132,435 \| ---- \| C] () -- C:\Users\bedroom\AppData\Local\ars.cache [2011/12/19 08:50:26 \| 000,000,036 \| ---- \| C] () -- C:\Users\bedroom\AppData\Local\housecall.guid.cache [2011/12/18 15:57:35 \| 000,001,808 \| ---- \| C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/12/18 11:53:21 \| 000,001,109 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/12/18 04:06:25 \| 000,002,368 \| ---- \| C] () -- C:\{C5F6D78B-7C2A-4D7F-A95E-E96C79B4555E} [2011/12/17 09:38:09 \| 000,119,808 \| ---- \| C] () -- C:\Users\bedroom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/17 09:37:24 \| 000,001,435 \| ---- \| C] () -- C:\Users\Public\Desktop\Verizon Media Manager.lnk [2011/12/16 19:12:49 \| 002,603,862 \| ---- \| C] () -- C:\Users\bedroom\Documents\mid-dec.flyer-canisterhostbonusandofferstill12-30only.zip [2011/12/15 14:01:08 \| 000,000,260 \| ---- \| C] () -- C:\windows\SysWow64\cmdVBS.vbs [2011/12/15 14:01:08 \| 000,000,256 \| ---- \| C] () -- C:\windows\SysWow64\MSIevent.bat [2011/12/15 14:00:40 \| 000,002,727 \| ---- \| C] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk [2011/12/15 12:01:59 \| 001,381,721 \| ---- \| C] () -- C:\Users\bedroom\Documents\PizzarelliGlassorder.pdf [2011/12/13 15:05:04 \| 000,001,783 \| ---- \| C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/12/12 16:13:25 \| 000,002,056 \| ---- \| C] () -- C:\Users\Public\Desktop\NETGEAR Genie.lnk [2011/12/12 16:13:24 \| 000,002,068 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk [2011/12/12 13:03:46 \| 001,746,286 \| ---- \| C] () -- C:\Users\bedroom\Documents\PizzarelliCorrectedquotewithfreightcharge.pdf [2011/12/08 17:07:40 \| 001,770,039 \| ---- \| C] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB [2011/12/07 19:38:12 \| 000,004,782 \| ---- \| C] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023 [2011/12/07 19:37:36 \| 000,007,458 \| ---- \| C] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\symnet64.cat [2011/12/07 19:37:36 \| 000,001,440 \| ---- \| C] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\symnet.inf [2011/12/07 19:37:35 \| 000,007,510 \| ---- \| C] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.cat [2011/12/07 19:37:35 \| 000,007,504 \| ---- \| C] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.cat [2011/12/07 19:37:35 \| 000,007,502 \| ---- \| C] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\symefa64.cat [2011/12/07 19:37:35 \| 000,007,500 \| ---- \| C] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.cat [2011/12/07 19:37:35 \| 000,007,496 \| R--- \| C] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\symds64.cat [2011/12/07 19:37:35 \| 000,007,492 \| ---- \| C] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\iron.cat [2011/12/07 19:37:35 \| 000,003,433 \| ---- \| C] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\symefa.inf [2011/12/07 19:37:35 \| 000,002,852 \| R--- \| C] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\symds.inf [2011/12/07 19:37:35 \| 000,001,438 \| ---- \| C] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.inf [2011/12/07 19:37:35 \| 000,001,420 \| ---- \| C] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.inf [2011/12/07 19:37:35 \| 000,000,854 \| ---- \| C] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.inf [2011/12/07 19:37:35 \| 000,000,772 \| ---- \| C] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\iron.inf [2011/12/07 19:37:21 \| 000,000,172 \| ---- \| C] () -- C:\windows\SysNative\drivers\NISx64\1302000.00A\isolate.ini [2011/12/07 16:36:44 \| 000,007,530 \| ---- \| C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT [2011/12/07 16:36:43 \| 000,000,855 \| ---- \| C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF [2011/12/07 16:36:32 \| 000,002,501 \| ---- \| C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2011/12/06 11:00:26 \| 000,057,781 \| ---- \| C] () -- C:\Users\bedroom\Documents\Inv_6548_from_Quivett_Creek_Landscaping_Inc._19516.pdf [2011/11/28 13:42:31 \| 000,000,999 \| ---- \| C] () -- C:\Users\bedroom\Desktop\magicJack.lnk [2011/11/28 13:42:31 \| 000,000,985 \| ---- \| C] () -- C:\Users\bedroom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk [2011/11/28 09:03:00 \| 000,026,894 \| ---- \| C] () -- C:\Users\bedroom\Documents\ChristmasLights.jpg [2011/11/22 10:54:25 \| 000,085,204 \| ---- \| C] () -- C:\Users\bedroom\Documents\image0011.jpg [2011/11/21 12:38:19 \| 000,001,373 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2011/11/21 12:38:19 \| 000,001,318 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2011/11/20 11:49:41 \| 000,001,043 \| ---- \| C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk [2011/10/27 17:01:42 \| 000,038,501 \| ---- \| C] () -- C:\Users\bedroom\AppData\Roaming\Comma Separated Values (Windows).ADR [2011/10/27 14:54:15 \| 000,212,765 \| ---- \| C] () -- C:\windows\hpoins52.dat [2011/10/27 14:54:15 \| 000,001,333 \| ---- \| C] () -- C:\windows\hpomdl52.dat [2011/10/26 19:56:14 \| 000,000,335 \| ---- \| C] () -- C:\windows\nsreg.dat [2010/03/23 00:27:09 \| 000,201,728 \| ---- \| C] () -- C:\windows\SetDrive.exe [2010/03/23 00:27:09 \| 000,036,864 \| ---- \| C] () -- C:\windows\WinWait.exe [2010/03/23 00:06:36 \| 000,949,072 \| ---- \| C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2009/07/26 16:07:52 \| 000,000,000 \| ---- \| C] () -- C:\windows\ativpsrm.bin [2009/07/14 00:38:36 \| 000,067,584 \| --S- \| C] () -- C:\windows\bootstat.dat [2009/07/13 21:35:51 \| 000,000,741 \| ---- \| C] () -- C:\windows\SysWow64\NOISE.DAT [2009/07/13 21:34:42 \| 000,215,943 \| ---- \| C] () -- C:\windows\SysWow64\dssec.dat [2009/07/13 19:10:29 \| 000,043,131 \| ---- \| C] () -- C:\windows\mib.bin [2009/07/13 18:42:10 \| 000,064,000 \| ---- \| C] () -- C:\windows\SysWow64\BWContextHandler.dll [2009/07/13 16:03:59 \| 000,364,544 \| ---- \| C] () -- C:\windows\SysWow64\msjetoledb40.dll [2009/06/10 16:26:10 \| 000,673,088 \| ---- \| C] () -- C:\windows\SysWow64\mlang.dat [color=#E56717]========== LOP Check ==========[/color] [2011/10/26 22:19:26 \| 000,000,000 \| ---D \| M] -- C:\Users\bedroom\AppData\Roaming\BSD [2011/11/20 11:53:53 \| 000,000,000 \| ---D \| M] -- C:\Users\bedroom\AppData\Roaming\MediaMonkey [2011/12/18 03:18:19 \| 000,000,000 \| ---D \| M] -- C:\Users\bedroom\AppData\Roaming\mjusbsp [2011/12/19 20:13:09 \| 000,000,000 \| ---D \| M] -- C:\Users\bedroom\AppData\Roaming\SoftGrid Client [2011/12/18 09:09:48 \| 000,000,000 \| ---D \| M] -- C:\Users\bedroom\AppData\Roaming\TechWizard [2011/10/26 20:12:23 \| 000,000,000 \| ---D \| M] -- C:\Users\bedroom\AppData\Roaming\Thunderbird [2011/10/27 12:28:31 \| 000,000,000 \| ---D \| M] -- C:\Users\bedroom\AppData\Roaming\TP [2011/11/21 12:38:42 \| 000,000,000 \| ---D \| M] -- C:\Users\bedroom\AppData\Roaming\Western Digital [2011/12/18 15:48:47 \| 000,000,000 \| ---D \| M] -- C:\Users\bedroom\AppData\Roaming\WinPatrol [2009/07/14 00:08:49 \| 000,015,216 \| ---- \| M] () -- C:\windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] -- ~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
	to forum · permalink · 2011-12-20 09:50:58 ·
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:51 Reviews: ·Comcast Host: TV over IP Software RCN Inside Insight Team Discovery	reply to samone4 EXTRAS OTL Extras logfile created on: 12/19/2011 9:27:54 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\bedroom\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 4.00 Gb Total Physical Memory \| 1.61 Gb Available Physical Memory \| 40.34% Memory free 8.00 Gb Paging File \| 5.29 Gb Available in Paging File \| 66.17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 906.34 Gb Total Space \| 770.24 Gb Free Space \| 84.98% Space Free \| Partition Type: NTFS Drive E: \| 442.98 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: UDF Drive F: \| 930.86 Gb Total Space \| 759.42 Gb Free Space \| 81.58% Space Free \| Partition Type: NTFS Computer Name: BEDROOM-PC \| User Name: bedroom \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers "{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit) "{3DDDAF49-5CCD-461A-9045-C9AE94024D14}" = WiLife Command Center USB Driver x64 "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare "{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}" = HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CF29845C-705E-4450-A3FF-1D4754455AB9}" = Hybrid TV "{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "CCleaner" = CCleaner "DF9F23E360B18E10871A49C3BC1AEDA269B8E0E2" = Windows Driver Package - YUAN High-Tech Development Co., Ltd (ATIAVPCI) MEDIA (07/16/2009 6.14.10.373) "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "HPOCR" = OCR Software by I.R.I.S. 14.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers "Shop for HP Supplies" = Shop for HP Supplies [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar "{0EC766C7-F444-42BF-A05F-4A790F5360EB}" = FanSpeedControl "{0F052922-4BCE-4763-A540-00857554336D}" = Redist "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1DDDFDF2-4A92-4E77-959F-59D196B99C0C}" = C410 "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{29EA755D-404B-4310-872C-EB1B8513F9D6}" = LXH-JME8002B Hotkey Driver "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go "{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Driver and Application Installation "{49143692-9C1E-4D35-8A82-9BE0378846CB}" = WiLife Command Center 2.5 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}" = IHA_MessageCenter "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio "{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform "{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6C0EB42D-4E74-4CA8-B625-17948421824E}" = WiLife Command Center 2.5 "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73289228-1853-4623-982A-EB17FF0270CA}" = LIVE! OSD 0.08 "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{803E6DED-5050-4E3D-B26A-5915397362CD}" = Lenovo Screensaver "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOKR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.OUTLOOKR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.OUTLOOKR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010 "{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{97BD5533-8B5B-42FA-ADAE-A6F8DB997D7C}" = Ad-Aware "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BF307EDA-A176-4D83-9775-D337810CF7A7}" = Cookienator "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CamSuite "{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F13FBD0E-5CE1-4A3F-A4F0-C8633CB7B4DD}" = HP Product Detection "{F217D8AF-965B-4D3E-8F14-AC47B9CA535B}" = PS_AIO_07_C410_SW_Min "{F29CBF73-C211-4616-898A-379A2679F990}" = ThemeWallpaper "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "Adobe AIR" = Adobe AIR "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove) "Belarc Advisor" = Belarc Advisor 8.2 "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2 "Canon MX870 series User Registration" = Canon MX870 series User Registration "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "Coupons.com Toolbar" = Coupons.com Toolbar "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "ESET Online Scanner" = ESET Online Scanner v3 "HijackThis" = HijackThis 2.0.2 "HP Photo Creations" = HP Photo Creations "InstallShield_{0EC766C7-F444-42BF-A05F-4A790F5360EB}" = FanSpeedControl "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "MediaMonkey_is1" = MediaMonkey 4.0 "MediaWidget - Easy iPod Transfer_is1" = MediaWidget 6.0 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0) "MP Navigator EX 3.1" = Canon MP Navigator EX 3.1 "NETGEAR Genie" = NETGEAR Genie "NIS" = Norton Internet Security "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Office14.OUTLOOKR" = Microsoft Outlook 2010 "Picasa 3" = Picasa 3 "PROHYBRIDR" = 2007 Microsoft Office system "Speed Dial Utility" = Canon Speed Dial Utility "Verizon Media Manager" = Verizon Media Manager "ViewpointMediaPlayer" = Viewpoint Media Player "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinLiveSuite_Wave3" = Windows Live Essentials [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "magicJack" = magicJack [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 12/6/2011 9:55:02 AM \| Computer Name = bedroom-PC \| Source = Bonjour Service \| ID = 100 Description = Client application bug: DNSServiceResolve(24:ab:81:b0:84:e9@fe80::26ab:81ff:feb0:84e9._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network. Error - 12/7/2011 1:30:52 AM \| Computer Name = bedroom-PC \| Source = SideBySide \| ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 12/7/2011 1:32:10 AM \| Computer Name = bedroom-PC \| Source = SideBySide \| ID = 16842815 Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "" of attribute "language" in element "assemblyIdentity" is invalid. Error - 12/7/2011 10:40:03 AM \| Computer Name = bedroom-PC \| Source = SideBySide \| ID = 16842832 Description = Activation context generation failed for "G:\autorun.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 12/8/2011 2:00:34 AM \| Computer Name = bedroom-PC \| Source = SideBySide \| ID = 16842815 Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "" of attribute "language" in element "assemblyIdentity" is invalid. Error - 12/8/2011 6:18:53 PM \| Computer Name = bedroom-PC \| Source = CVHSVC \| ID = 100 Description = Information only. (Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved Error - 12/9/2011 1:31:24 AM \| Computer Name = bedroom-PC \| Source = SideBySide \| ID = 16842815 Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "" of attribute "language" in element "assemblyIdentity" is invalid. Error - 12/9/2011 12:49:19 PM \| Computer Name = bedroom-PC \| Source = SideBySide \| ID = 16842832 Description = Activation context generation failed for "G:\autorun.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 12/9/2011 12:51:39 PM \| Computer Name = bedroom-PC \| Source = SideBySide \| ID = 16842832 Description = Activation context generation failed for "G:\autorun.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 12/10/2011 1:32:33 AM \| Computer Name = bedroom-PC \| Source = SideBySide \| ID = 16842815 Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "" of attribute "language" in element "assemblyIdentity" is invalid. [ System Events ] Error - 12/12/2011 5:01:59 PM \| Computer Name = bedroom-PC \| Source = EventLog \| ID = 6008 Description = The previous system shutdown at 3:50:04 PM on ?12/?12/?2011 was unexpected. Error - 12/12/2011 5:02:25 PM \| Computer Name = bedroom-PC \| Source = Disk \| ID = 262155 Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 12/12/2011 5:02:25 PM \| Computer Name = bedroom-PC \| Source = Disk \| ID = 262155 Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 12/12/2011 5:02:26 PM \| Computer Name = bedroom-PC \| Source = Disk \| ID = 262155 Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 12/12/2011 5:02:26 PM \| Computer Name = bedroom-PC \| Source = Disk \| ID = 262155 Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 12/12/2011 5:02:27 PM \| Computer Name = bedroom-PC \| Source = Disk \| ID = 262155 Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 12/13/2011 11:35:51 AM \| Computer Name = bedroom-PC \| Source = Tcpip \| ID = 4199 Description = The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 00-1D-0D-EB-38-32. Network operations on this system may be disrupted as a result. Error - 12/15/2011 4:25:44 AM \| Computer Name = bedroom-PC \| Source = Service Control Manager \| ID = 7022 Description = The NETGEARGenieDaemon service hung on starting. Error - 12/15/2011 2:18:47 PM \| Computer Name = bedroom-PC \| Source = Service Control Manager \| ID = 7022 Description = The NETGEARGenieDaemon service hung on starting. Error - 12/15/2011 2:32:19 PM \| Computer Name = bedroom-PC \| Source = Service Control Manager \| ID = 7022 Description = The NETGEARGenieDaemon service hung on starting. -- ~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
	to forum · permalink · 2011-12-20 09:51:30 ·
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:51 Reviews: ·Comcast Host: TV over IP Software RCN Inside Insight Team Discovery	reply to samone4 Sec Check Results of screen317's Security Check version 0.99.29 Windows 7 x64 (UAC is enabled) Internet Explorer 9 `````````````````````````````` [u]Antivirus/Firewall Check:[/u] Windows Firewall Enabled! ESET Online Scanner v3 Norton Internet Security [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] ``````````````````````````````` [u]Anti-malware/Other Utilities Check:[/u] Ad-Aware Malwarebytes' Anti-Malware HijackThis 2.0.2 Adobe Reader X (10.1.1) Mozilla Thunderbird (8.0.) ```````````````````````````````` Process Check: [u]objlist.exe by Laurent[/u] Norton ccSvcHst.exe [color=red]Ad-Aware AAWService.exe is disabled![/color] [color=red]Ad-Aware AAWTray.exe is disabled![/color] [color=red]Spybot Teatimer.exe is disabled![/color] Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe ``````````End of Log```````````` -- ~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
	to forum · permalink · 2011-12-20 09:52:01 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to samone4 Re: [Trojan] HJT Log The logs are clean. Time to check for rootkits.. Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found. You find link(s) and instructions here: »Security Cleanup FAQ »Rootkit Detection Applications -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2011-12-20 11:46:44 ·
pizzarelli join:2005-04-24 Pleasantville, NY	Question: The option to select "running processes" is grey. Unable to check. Is there a workaround for this issue?
	to forum · permalink · 2011-12-20 14:18:27 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	said by pizzarelli: Question: The option to select "running processes" is grey. Unable to check. Is there a workaround for this issue? What is your relationship to this thread's original poster?
	to forum · permalink · 2011-12-20 15:06:10 ·
pizzarelli join:2005-04-24 Pleasantville, NY	we are one and the same person scan shows 75 "hidden files" but clean up not recommeded Also, I can not find file log
	to forum · permalink · 2011-12-20 15:08:47 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23	reply to samone4 Try here... When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
	to forum · permalink · 2011-12-20 15:13:01 ·
pizzarelli join:2005-04-24 Pleasantville, NY 1 edit	reply to samone4 Thank you Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc Started logging on 12/20/2011 at 11:56:42 AM User "bedroom" on computer "BEDROOM-PC" Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64 Info:Starting registry scan. Info:Starting disk scan of C: (NTFS). Hidden:file C:\ProgramData\Norton\00000082\0000011a\00000585\cltLMS1.dat Hidden:file C:\ProgramData\Norton\00000082\0000011a\00000585\cltLMS2.dat Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZU6W8AJY\48uW0Foh9V4gAKbhfwBQJAb-Ub2rAe9dLxAi1NLYY1UCv-nCfBuTUOrMDiDYoEYFzEAU-UtSYpxf14XuhO ugIe0MBh7NEGGP-Zg5sUwdK8HbZAO3svZRSY1la1WG5f9RRLPbV4rRLZrRoObPpOp4_gWY[1].gif Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301108356[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZU6W8AJY\6r9VWR4QmbNrEf-arw_2xfufePV3rldScW0MioUgnGKcjJo_EGddiYBfJ5NxiMU2sWECuL9OrNYRqAizgbMigeUOSTfnG9J5eDOdQHgvYrPhqzQsbYzW96YsQ6p7rOo54g EY7X0oqzAYY5m33ttIQPn3[1].gif Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SP6V0NCV\_2xfufePV3rldScW0MioUgnGKcjJo_EGddiYBfJ5NxiMU2sWECuL9OrNYRqAizgbMigeUOSTfnG9J5eDOdQHgvYrPhqzQsbYzW96YsQ6p7rOo54g EY7X0oqzAYY5m33ttIQPn3&callback=google.LU[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=389892916[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=389922516[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\article%7C%7CD%7Cs=10347,10422,10443,10448,10456%7C%7Cfront%7Cbizsolutions%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=353202638[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\5;u=article%7C%7CD%7Cs=10347,10422,10443,10448,10456%7C%7Cfront%7Ctrending%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=353202638[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=391183591[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\tile=2;u=article%7C%7CD%7Cs=10347,10422,10443,10448,10456%7C%7Cfront%7Ctop%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=353202638[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\;u=article%7C%7CD%7Cs=10347,10422,10443,10448,10456%7C%7Cfront%7Cpresented%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=353202638[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\e=3;u=article%7C%7CD%7Cs=10347,10422,10443,10448,10456%7C%7Cfront%7Cframe1%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=353202638[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\e=6;u=article%7C%7CD%7Cs=10347,10422,10443,10448,10456%7C%7Cfront%7Cframe2%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=353202638[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\article%7C%7CD%7Cs=10347,10422,10443,10448,10451,10456%7C%7Cfront%7Cframe2%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=302124517[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\e%7C%7CD%7Cs=10347,10422,10443,10448,10451,10456%7C%7Cfront%7Cbizsolutions%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=302124517[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\ticle%7C%7CD%7Cs=10347,10422,10443,10448,10451,10456%7C%7Cfront%7Ctrending%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=302124517[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\icle%7C%7CD%7Cs=10347,10422,10443,10448,10451,10456%7C%7Cfront%7Cpresented%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=302124517[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\;u=article%7C%7CD%7Cs=10347,10422,10443,10448,10451,10456%7C%7Cfront%7Ctop%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=302124517[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\article%7C%7CD%7Cs=10347,10422,10443,10448,10451,10456%7C%7Cfront%7Cframe1%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=302124517[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y8Y89LA6\BCWPXOLq5kMBZa0ZL7Q-Q_0nVip_sSqzURfMFBOPq6Vb4rX2RH0a7mMNFpAuVOo70ZjAdL5kRPnlEnAw1_y9hz6ciNQwjYk5ZFt2nhoLLsM_jplgTC6B2LIqsJYviT0nt8sV9kJxZ70wYwBfTHcqOjSA[1].gif Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SP6V0NCV\RbhUpewrRt5BbQ9gOhezx0UJe8izS0gXXD2pjrTjVXU5251J2Q1ypZ3WN6e9GAWbMM6VDzJwtFC2j11ASv fzE2JwFCV2HvzM_mTDaCIn9VHUYZbGNMfM3OZsoXFZTbyhtSvQQggtUNbA-ooZ8LB47CYQ[1].gif Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y8Y89LA6\ezx0UJe8izS0gXXD2pjrTjVXU5251J2Q1ypZ3WN6e9GAWbMM6VDzJwtFC2j11ASvfzE2JwFCV2HvzM_mTDaCIn9VHUYZbGNMfM3OZsoXFZTbyhtSvQQggtUNbA-ooZ8LB47CYQ&callback=google.LU[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZU6W8AJY\Q-Q_0nVip_sSqzURfMFBOPq6Vb4rX2RH0a7mMNFpAuVOo70ZjAdL5kRPnlEnAw1_y9hz6ciNQwjYk5ZFt2nhoLLsM_jplgTC6B2LIqsJYviT0nt8sV9kJxZ70wYwBfTHcqOjSA&callback=google.LU[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SP6V0NCV\Q-Q_0nVip_sSqzURfMFBOPq6Vb4rX2RH0a7mMNFpAuVOo70ZjAdL5kRPnlEnAw1_y9hz6ciNQwjYk5ZFt2nhoLLsM_jplgTC6B2LIqsJYviT0nt8sV9kJxZ70wYwBfTHcqOjSA&callback=google.LU[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\83%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D128723%3Bnodecode%3Dyes%3Blink%3D;ord=301044618[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301130113[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301102057[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301138852[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301104666[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301141421[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301171226[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301172201[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301350319[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D1775%3Bnodecode%3Dyes%3Blink%3D;ord=301319560[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301326524[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301336837[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SP6V0NCV\sWniL-e5URgBPSX7SFwbhDYs1KmFdzE80ngz1gvqV7TzX63wGmuMN7Q6uoj2Z0UHBKBoc61_o0iLVBpo9d2o5qiKdUdSRCGqBiLNmMrybNZlZNuYRoT_eXTOQf1QdDUVPqU_bCo_UBt-giiGOqOyWmlU[1].gif Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P84YMOBI\yt0NORnvQwtrfOsZeZOJrcBsotrTHQe_Cva_x4Xw_vPwQMgPXf-TtzI7csgm10A0EgfiZprI7kNDZ3nOVGgmE_70qMwHydfs-p8osO94nYD_-Tr2DdQ09DheJXRlf6V3n66sHApFxLONg4k1TUCU367g[1].gif Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y8Y89LA6\OJrcBsotrTHQe_Cva_x4Xw_vPwQMgPXf-TtzI7csgm10A0EgfiZprI7kNDZ3nOVGgmE_70qMwHydfs-p8osO94nYD_-Tr2DdQ09DheJXRlf6V3n66sHApFxLONg4k1TUCU367g&callback=google.LU[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZU6W8AJY\JpcHRzL2pxdWVyeS0xLjQuNC5qczsvU3RvL1NjcmlwdHMvU2VjdXJpdHlCdWxsZXRpblNlYXJjaC5qczsv U3RvL1NjcmlwdHMvc3RvLmpzOy9TdG8vU2NyaXB0cy9vbW5pX3JzaWQuanM7.1111231344[1].js Hidden:file C:\WiLife Video\living room 6 (00-12-AB-0D-A9-E1)\WVR S2011-12-20T122649.8378427-0500 E.wmv Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZU6W8AJY\VjaE5ldC9EZWZhdWx0LmNzczsvU3RvL1N0eWxlcy9UZWNoTmV0L1NlY3VyaXR5QnVsbGV0aW5TZWFyY2gu Y3NzOy9TdG8vU3R5bGVzL1RlY2hOZXQvU2VjdXJpdHlDb250ZW50LmNzczs.1111231344[1].css Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZU6W8AJY\x=10408;u=cat-computers_scat-computertroubleshooting_sscat-pcsupport_art-4962730_dmd-AB3517A8-E2C1-4FE3-9E76-F688E24E4845_dcs-y0;tile=1;ord=7774992751936[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y8Y89LA6\x=10408;u=cat-computers_scat-computertroubleshooting_sscat-pcsupport_art-4962730_dmd-AB3517A8-E2C1-4FE3-9E76-F688E24E4845_dcs-y0;tile=2;ord=7774992751936[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y8Y89LA6\x=10408;u=cat-computers_scat-computertroubleshooting_sscat-pcsupport_art-4962730_dmd-AB3517A8-E2C1-4FE3-9E76-F688E24E4845_dcs-y0;tile=3;ord=7774992751936[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y8Y89LA6\9bvqZK6T1ypoXUm-FdN_ospK9zFZExuiKPkI0s60qnlZ8QsmTZSLqlB9XkunSY7ZNEzClv6QLFYeAbKMv-7_6hieuSafRXcPBRdM3r0fR8Vy5Z5siq7ojDDdU8Ojy08HNw0EVs4DDtLb6cpyYIqgZF9A[1].gif Hidden:file C:\Users\bedroom\AppData\Roaming\Western Digital\WD SmartWare\instances\8483DACA-3179-4D3F-9E5F-7933C1FB1C4E\8483daca-3179-4d3f-9e5f-7933c1fb1c4e-errors.db3-journal Hidden:file C:\Users\bedroom\AppData\Local\Temp\wmv566C.tmp Hidden:file C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\NCW\ncwperfm.db-journal Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=389897860[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D128723%3Bnodecode%3Dyes%3Blink%3D;ord=389876260[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=389926685[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=389979161[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=389954594[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=389936860[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=390132026[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=390172634[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=390141257[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=391153089[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=390923003[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=390942075[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=390950690[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=391116184[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=391158620[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4T4M9G20\eypnu3PGv_MIqckRcR_ticBZA9Y04-Zqv2A_Zx5jvjzoExVEtZxVr4qY9FbM1N1AZUf2uELA8oI3fAisPSiypzVsg9l8BpuDFKeeA1OZMbKxS_15hvjA2rK4rXH7zrSr0XA-eRdk7sgMgNlQIuGia9Tg[1].gif Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CI5PR4ZG\_ticBZA9Y04-Zqv2A_Zx5jvjzoExVEtZxVr4qY9FbM1N1AZUf2uELA8oI3fAisPSiypzVsg9l8BpuDFKeeA1OZMbKxS_15hvjA2rK4rXH7zrSr0XA-eRdk7sgMgNlQIuGia9Tg&callback=google.LU[1].js Info:Starting disk scan of F: (NTFS). Stopped logging on 12/20/2011 at 12:41:39 PM Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc Started logging on 12/20/2011 at 14:00:09 PM User "bedroom" on computer "BEDROOM-PC" Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64 Info:Starting registry scan. Info:Starting disk scan of C: (NTFS). Hidden:file C:\ProgramData\Norton\00000082\0000011a\00000585\cltLMS1.dat Hidden:file C:\ProgramData\Norton\00000082\0000011a\00000585\cltLMS2.dat Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZU6W8AJY\48uW0Foh9V4gAKbhfwBQJAb-Ub2rAe9dLxAi1NLYY1UCv-nCfBuTUOrMDiDYoEYFzEAU-UtSYpxf14XuhO ugIe0MBh7NEGGP-Zg5sUwdK8HbZAO3svZRSY1la1WG5f9RRLPbV4rRLZrRoObPpOp4_gWY[1].gif Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301108356[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZU6W8AJY\6r9VWR4QmbNrEf-arw_2xfufePV3rldScW0MioUgnGKcjJo_EGddiYBfJ5NxiMU2sWECuL9OrNYRqAizgbMigeUOSTfnG9J5eDOdQHgvYrPhqzQsbYzW96YsQ6p7rOo54g EY7X0oqzAYY5m33ttIQPn3[1].gif Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SP6V0NCV\_2xfufePV3rldScW0MioUgnGKcjJo_EGddiYBfJ5NxiMU2sWECuL9OrNYRqAizgbMigeUOSTfnG9J5eDOdQHgvYrPhqzQsbYzW96YsQ6p7rOo54g EY7X0oqzAYY5m33ttIQPn3&callback=google.LU[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=389892916[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=389922516[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\article%7C%7CD%7Cs=10347,10422,10443,10448,10456%7C%7Cfront%7Cbizsolutions%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=353202638[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\5;u=article%7C%7CD%7Cs=10347,10422,10443,10448,10456%7C%7Cfront%7Ctrending%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=353202638[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=391183591[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\tile=2;u=article%7C%7CD%7Cs=10347,10422,10443,10448,10456%7C%7Cfront%7Ctop%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=353202638[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\;u=article%7C%7CD%7Cs=10347,10422,10443,10448,10456%7C%7Cfront%7Cpresented%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=353202638[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\e=3;u=article%7C%7CD%7Cs=10347,10422,10443,10448,10456%7C%7Cfront%7Cframe1%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=353202638[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\e=6;u=article%7C%7CD%7Cs=10347,10422,10443,10448,10456%7C%7Cfront%7Cframe2%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=353202638[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\article%7C%7CD%7Cs=10347,10422,10443,10448,10451,10456%7C%7Cfront%7Cframe2%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=302124517[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\e%7C%7CD%7Cs=10347,10422,10443,10448,10451,10456%7C%7Cfront%7Cbizsolutions%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=302124517[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\ticle%7C%7CD%7Cs=10347,10422,10443,10448,10451,10456%7C%7Cfront%7Ctrending%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=302124517[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\icle%7C%7CD%7Cs=10347,10422,10443,10448,10451,10456%7C%7Cfront%7Cpresented%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=302124517[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\;u=article%7C%7CD%7Cs=10347,10422,10443,10448,10451,10456%7C%7Cfront%7Ctop%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=302124517[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\article%7C%7CD%7Cs=10347,10422,10443,10448,10451,10456%7C%7Cfront%7Cframe1%7Cus_2011_12_18_toddler-missing-for-over-day-found-safe-in-woods_%7C;ord=302124517[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y8Y89LA6\BCWPXOLq5kMBZa0ZL7Q-Q_0nVip_sSqzURfMFBOPq6Vb4rX2RH0a7mMNFpAuVOo70ZjAdL5kRPnlEnAw1_y9hz6ciNQwjYk5ZFt2nhoLLsM_jplgTC6B2LIqsJYviT0nt8sV9kJxZ70wYwBfTHcqOjSA[1].gif Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SP6V0NCV\RbhUpewrRt5BbQ9gOhezx0UJe8izS0gXXD2pjrTjVXU5251J2Q1ypZ3WN6e9GAWbMM6VDzJwtFC2j11ASv fzE2JwFCV2HvzM_mTDaCIn9VHUYZbGNMfM3OZsoXFZTbyhtSvQQggtUNbA-ooZ8LB47CYQ[1].gif Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y8Y89LA6\ezx0UJe8izS0gXXD2pjrTjVXU5251J2Q1ypZ3WN6e9GAWbMM6VDzJwtFC2j11ASvfzE2JwFCV2HvzM_mTDaCIn9VHUYZbGNMfM3OZsoXFZTbyhtSvQQggtUNbA-ooZ8LB47CYQ&callback=google.LU[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZU6W8AJY\Q-Q_0nVip_sSqzURfMFBOPq6Vb4rX2RH0a7mMNFpAuVOo70ZjAdL5kRPnlEnAw1_y9hz6ciNQwjYk5ZFt2nhoLLsM_jplgTC6B2LIqsJYviT0nt8sV9kJxZ70wYwBfTHcqOjSA&callback=google.LU[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SP6V0NCV\Q-Q_0nVip_sSqzURfMFBOPq6Vb4rX2RH0a7mMNFpAuVOo70ZjAdL5kRPnlEnAw1_y9hz6ciNQwjYk5ZFt2nhoLLsM_jplgTC6B2LIqsJYviT0nt8sV9kJxZ70wYwBfTHcqOjSA&callback=google.LU[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\83%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D128723%3Bnodecode%3Dyes%3Blink%3D;ord=301044618[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301130113[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301102057[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301138852[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301104666[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301141421[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301171226[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301172201[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301350319[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D1775%3Bnodecode%3Dyes%3Blink%3D;ord=301319560[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301326524[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3A806%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17et9761p2ngsh%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=301336837[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SP6V0NCV\sWniL-e5URgBPSX7SFwbhDYs1KmFdzE80ngz1gvqV7TzX63wGmuMN7Q6uoj2Z0UHBKBoc61_o0iLVBpo9d2o5qiKdUdSRCGqBiLNmMrybNZlZNuYRoT_eXTOQf1QdDUVPqU_bCo_UBt-giiGOqOyWmlU[1].gif Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P84YMOBI\yt0NORnvQwtrfOsZeZOJrcBsotrTHQe_Cva_x4Xw_vPwQMgPXf-TtzI7csgm10A0EgfiZprI7kNDZ3nOVGgmE_70qMwHydfs-p8osO94nYD_-Tr2DdQ09DheJXRlf6V3n66sHApFxLONg4k1TUCU367g[1].gif Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y8Y89LA6\OJrcBsotrTHQe_Cva_x4Xw_vPwQMgPXf-TtzI7csgm10A0EgfiZprI7kNDZ3nOVGgmE_70qMwHydfs-p8osO94nYD_-Tr2DdQ09DheJXRlf6V3n66sHApFxLONg4k1TUCU367g&callback=google.LU[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZU6W8AJY\JpcHRzL2pxdWVyeS0xLjQuNC5qczsvU3RvL1NjcmlwdHMvU2VjdXJpdHlCdWxsZXRpblNlYXJjaC5qczsv U3RvL1NjcmlwdHMvc3RvLmpzOy9TdG8vU2NyaXB0cy9vbW5pX3JzaWQuanM7.1111231344[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZU6W8AJY\VjaE5ldC9EZWZhdWx0LmNzczsvU3RvL1N0eWxlcy9UZWNoTmV0L1NlY3VyaXR5QnVsbGV0aW5TZWFyY2gu Y3NzOy9TdG8vU3R5bGVzL1RlY2hOZXQvU2VjdXJpdHlDb250ZW50LmNzczs.1111231344[1].css Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZU6W8AJY\x=10408;u=cat-computers_scat-computertroubleshooting_sscat-pcsupport_art-4962730_dmd-AB3517A8-E2C1-4FE3-9E76-F688E24E4845_dcs-y0;tile=1;ord=7774992751936[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y8Y89LA6\x=10408;u=cat-computers_scat-computertroubleshooting_sscat-pcsupport_art-4962730_dmd-AB3517A8-E2C1-4FE3-9E76-F688E24E4845_dcs-y0;tile=2;ord=7774992751936[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y8Y89LA6\x=10408;u=cat-computers_scat-computertroubleshooting_sscat-pcsupport_art-4962730_dmd-AB3517A8-E2C1-4FE3-9E76-F688E24E4845_dcs-y0;tile=3;ord=7774992751936[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y8Y89LA6\9bvqZK6T1ypoXUm-FdN_ospK9zFZExuiKPkI0s60qnlZ8QsmTZSLqlB9XkunSY7ZNEzClv6QLFYeAbKMv-7_6hieuSafRXcPBRdM3r0fR8Vy5Z5siq7ojDDdU8Ojy08HNw0EVs4DDtLb6cpyYIqgZF9A[1].gif Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=389897860[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D128723%3Bnodecode%3Dyes%3Blink%3D;ord=389876260[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=389926685[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=389979161[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=389954594[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=389936860[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=390132026[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=390172634[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=390141257[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=391153089[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D33926%3Bnodecode%3Dyes%3Blink%3D;ord=390923003[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=390942075[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=390950690[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=391116184[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\5%3A446%3A454%3A455%3A458%3A482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=391158620[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4T4M9G20\eypnu3PGv_MIqckRcR_ticBZA9Y04-Zqv2A_Zx5jvjzoExVEtZxVr4qY9FbM1N1AZUf2uELA8oI3fAisPSiypzVsg9l8BpuDFKeeA1OZMbKxS_15hvjA2rK4rXH7zrSr0XA-eRdk7sgMgNlQIuGia9Tg[1].gif Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CI5PR4ZG\_ticBZA9Y04-Zqv2A_Zx5jvjzoExVEtZxVr4qY9FbM1N1AZUf2uELA8oI3fAisPSiypzVsg9l8BpuDFKeeA1OZMbKxS_15hvjA2rK4rXH7zrSr0XA-eRdk7sgMgNlQIuGia9Tg&callback=google.LU[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\rticle%7C%7CD%7Cs=10347,10422,10443,10448,10456%7C%7Cdefault%7Cbizsolutions%7Cus_2011_12_20_police-seize-vehicle-missing-maine-girls-father_%7C;ord=450545113[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\;u=article%7C%7CD%7Cs=10347,10422,10443,10448,10456%7C%7Cdefault%7Ctrending%7Cus_2011_12_20_police-seize-vehicle-missing-maine-girls-father_%7C;ord=450545113[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\u=article%7C%7CD%7Cs=10347,10422,10443,10448,10456%7C%7Cdefault%7Cpresented%7Cus_2011_12_20_police-seize-vehicle-missing-maine-girls-father_%7C;ord=450545113[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQWTRAVG\ile=2;u=article%7C%7CD%7Cs=10347,10422,10443,10448,10456%7C%7Cdefault%7Ctop%7Cus_2011_12_20_police-seize-vehicle-missing-maine-girls-father_%7C;ord=450545113[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65T5IKHT\=3;u=article%7C%7CD%7Cs=10347,10422,10443,10448,10456%7C%7Cdefault%7Cframe1%7Cus_2011_12_20_police-seize-vehicle-missing-maine-girls-father_%7C;ord=450545113[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WGGTUZI\=6;u=article%7C%7CD%7Cs=10347,10422,10443,10448,10456%7C%7Cdefault%7Cframe2%7Cus_2011_12_20_police-seize-vehicle-missing-maine-girls-father_%7C;ord=450545113[1].js Hidden:file C:\Users\bedroom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66QV0HFT\482%3A483%3A485%3A705%3A706%3A708%3A709%3A710%3A713%3Bkvug%3D1%3Bkvzip%3D02638%3Bkvtid%3D17f15eo11643c0%3Bkp%3D26986%3Bnodecode%3Dyes%3Blink%3D;ord=405964262[1].js Hidden:file C:\ProgramData\AOL\ACS\1.0\Localities.new Hidden:file C:\WiLife Video\driveway 2 (00-12-AB-10-9B-87)\WVR S2011-12-20T143102.2020935-0500 E.wmv Hidden:file C:\Users\bedroom\AppData\Local\Temp\sqlite_lrlA3flj4H66nUC Hidden:file C:\Users\bedroom\AppData\Local\Temp\wmvF5A.tmp Info:Starting disk scan of F: (NTFS). Stopped logging on 12/20/2011 at 14:45:11 PM
	to forum · permalink · 2011-12-20 15:17:00 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to samone4 That's fine too. One more program to try.. Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected. You'll find the link(s) and instruction(s) here: »Security Cleanup FAQ »Rootkit Detection Applications -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2011-12-20 15:31:59 ·
pizzarelli join:2005-04-24 Pleasantville, NY	okay, I ran TDSS killer. and nothing detected. However, I am having trouble finding the log on my hard drive. There is a report tab w the log data. But I am unable to copy/past from the program itself.
	to forum · permalink · 2011-12-20 16:01:52 ·
pizzarelli join:2005-04-24 Pleasantville, NY	reply to LoPhatPhuud Found it! 15:35:39.0860 3600TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31 15:35:40.0084 3600============================================================ 15:35:40.0084 3600Current date / time: 2011/12/20 15:35:40.0084 15:35:40.0084 3600SystemInfo: 15:35:40.0084 3600 15:35:40.0084 3600OS Version: 6.1.7601 ServicePack: 1.0 15:35:40.0084 3600Product type: Workstation 15:35:40.0084 3600ComputerName: BEDROOM-PC 15:35:40.0084 3600UserName: bedroom 15:35:40.0084 3600Windows directory: C:\windows 15:35:40.0084 3600System windows directory: C:\windows 15:35:40.0084 3600Running under WOW64 15:35:40.0084 3600Processor architecture: Intel x64 15:35:40.0084 3600Number of processors: 4 15:35:40.0084 3600Page size: 0x1000 15:35:40.0084 3600Boot type: Normal boot 15:35:40.0084 3600============================================================ 15:35:41.0127 3600Initialize success 15:35:48.0118 5016============================================================ 15:35:48.0118 5016Scan started 15:35:48.0118 5016Mode: Manual; 15:35:48.0118 5016============================================================ 15:35:49.0531 50161394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 15:35:49.0533 50161394ohci - ok 15:35:49.0738 5016ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 15:35:49.0740 5016ACPI - ok 15:35:49.0764 5016AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 15:35:49.0764 5016AcpiPmi - ok 15:35:49.0798 5016adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys 15:35:49.0801 5016adp94xx - ok 15:35:49.0814 5016adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys 15:35:49.0816 5016adpahci - ok 15:35:49.0826 5016adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys 15:35:49.0827 5016adpu320 - ok 15:35:49.0867 5016AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys 15:35:49.0869 5016AFD - ok 15:35:49.0884 5016agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 15:35:49.0885 5016agp440 - ok 15:35:49.0905 5016aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 15:35:49.0906 5016aliide - ok 15:35:49.0918 5016amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 15:35:49.0918 5016amdide - ok 15:35:49.0942 5016AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys 15:35:49.0943 5016AmdK8 - ok 15:35:49.0960 5016AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys 15:35:49.0961 5016AmdPPM - ok 15:35:49.0976 5016amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 15:35:49.0977 5016amdsata - ok 15:35:49.0989 5016amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys 15:35:49.0991 5016amdsbs - ok 15:35:50.0008 5016amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 15:35:50.0009 5016amdxata - ok 15:35:50.0053 5016AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 15:35:50.0053 5016AppID - ok 15:35:50.0093 5016arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys 15:35:50.0093 5016arc - ok 15:35:50.0103 5016arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys 15:35:50.0104 5016arcsas - ok 15:35:50.0127 5016AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 15:35:50.0128 5016AsyncMac - ok 15:35:50.0147 5016atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 15:35:50.0147 5016atapi - ok 15:35:50.0187 5016ATIAVPCI (c5b7809742ad1b792bdd075b763b13a3) C:\windows\system32\DRIVERS\atinavrr.sys 15:35:50.0194 5016ATIAVPCI - ok 15:35:50.0288 5016atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\windows\system32\drivers\atikmdag.sys 15:35:50.0311 5016atikmdag - ok 15:35:50.0367 5016A_USBETHMP (e437794d8dc3a49cabd598760a9d7535) C:\windows\system32\Drivers\usbethmp.sys 15:35:50.0368 5016A_USBETHMP - ok 15:35:50.0399 5016b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys 15:35:50.0401 5016b06bdrv - ok 15:35:50.0424 5016b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 15:35:50.0425 5016b57nd60a - ok 15:35:50.0508 5016BCM43XX (fb4fda64f2e8552eaeb5986c3f34462c) C:\windows\system32\DRIVERS\bcmwl664.sys 15:35:50.0521 5016BCM43XX - ok 15:35:50.0544 5016Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 15:35:50.0544 5016Beep - ok 15:35:50.0650 5016BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111210.003\BHDrvx64.sys 15:35:50.0657 5016BHDrvx64 - ok 15:35:50.0684 5016blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 15:35:50.0685 5016blbdrive - ok 15:35:50.0714 5016bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 15:35:50.0715 5016bowser - ok 15:35:50.0723 5016BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys 15:35:50.0724 5016BrFiltLo - ok 15:35:50.0734 5016BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys 15:35:50.0734 5016BrFiltUp - ok 15:35:50.0758 5016Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 15:35:50.0760 5016Brserid - ok 15:35:50.0769 5016BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 15:35:50.0770 5016BrSerWdm - ok 15:35:50.0788 5016BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 15:35:50.0788 5016BrUsbMdm - ok 15:35:50.0811 5016BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 15:35:50.0812 5016BrUsbSer - ok 15:35:50.0843 5016BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys 15:35:50.0844 5016BthEnum - ok 15:35:50.0864 5016BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys 15:35:50.0865 5016BTHMODEM - ok 15:35:50.0884 5016BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys 15:35:50.0885 5016BthPan - ok 15:35:50.0907 5016BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys 15:35:50.0910 5016BTHPORT - ok 15:35:50.0927 5016BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys 15:35:50.0928 5016BTHUSB - ok 15:35:50.0939 5016btusbflt (6e04458e98daf28826482e41a7a62df5) C:\windows\system32\drivers\btusbflt.sys 15:35:50.0940 5016btusbflt - ok 15:35:50.0962 5016btwaudio (4bdbdb86abba924e029fb2683be7c505) C:\windows\system32\drivers\btwaudio.sys 15:35:50.0964 5016btwaudio - ok 15:35:50.0980 5016btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\windows\system32\drivers\btwavdt.sys 15:35:50.0982 5016btwavdt - ok 15:35:51.0018 5016btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys 15:35:51.0019 5016btwl2cap - ok 15:35:51.0027 5016btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\windows\system32\DRIVERS\btwrchid.sys 15:35:51.0028 5016btwrchid - ok 15:35:51.0080 5016ccSet_NIS (a8ad33c9dd88c810cac00acc7f4329fb) C:\windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys 15:35:51.0081 5016ccSet_NIS - ok 15:35:51.0093 5016cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 15:35:51.0093 5016cdfs - ok 15:35:51.0113 5016cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys 15:35:51.0114 5016cdrom - ok 15:35:51.0136 5016circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys 15:35:51.0136 5016circlass - ok 15:35:51.0164 5016CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 15:35:51.0244 5016CLFS - ok 15:35:51.0367 5016CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 15:35:51.0367 5016CmBatt - ok 15:35:51.0402 5016cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 15:35:51.0403 5016cmdide - ok 15:35:51.0431 5016CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys 15:35:51.0434 5016CNG - ok 15:35:51.0462 5016Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys 15:35:51.0463 5016Compbatt - ok 15:35:51.0489 5016CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys 15:35:51.0489 5016CompositeBus - ok 15:35:51.0499 5016crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys 15:35:51.0500 5016crcdisk - ok 15:35:51.0543 5016DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 15:35:51.0544 5016DfsC - ok 15:35:51.0558 5016discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 15:35:51.0559 5016discache - ok 15:35:51.0574 5016Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys 15:35:51.0575 5016Disk - ok 15:35:51.0611 5016Dot4 (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys 15:35:51.0611 5016Dot4 - ok 15:35:51.0633 5016Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\windows\system32\DRIVERS\Dot4Prt.sys 15:35:51.0634 5016Dot4Print - ok 15:35:51.0651 5016dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys 15:35:51.0652 5016dot4usb - ok 15:35:51.0668 5016drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 15:35:51.0669 5016drmkaud - ok 15:35:51.0693 5016DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 15:35:51.0703 5016DXGKrnl - ok 15:35:51.0772 5016ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys 15:35:51.0788 5016ebdrv - ok 15:35:51.0843 5016eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 15:35:51.0846 5016eeCtrl - ok 15:35:51.0878 5016elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
	to forum · permalink · 2011-12-20 16:03:26 ·

Broadband Tech > Security > Security Cleanup > [Trojan] HJT Log

MBAM

OTL

EXTRAS

Sec Check

Re: [Trojan] HJT Log