OTL logfile created on: 9/10/2011 9:43:55 AM - Run 1 OTL by OldTimer - Version 3.2.27.0 Folder = C:\My Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19120) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 52.28% Memory free 6.19 Gb Paging File | 4.69 Gb Available in Paging File | 75.77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 289.32 Gb Total Space | 61.65 Gb Free Space | 21.31% Space Free | Partition Type: NTFS Drive D: | 8.77 Gb Total Space | 1.57 Gb Free Space | 17.92% Space Free | Partition Type: NTFS Computer Name: HISWORLD2 | User Name: audstune | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/09/04 19:01:47 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\My Downloads\OTL.exe PRC - [2011/06/28 07:04:00 | 006,512,896 | ---- | M] (Just Great Software) -- C:\Program Files\JGsoft\EditPadLite\EditPadLite7.exe PRC - [2011/05/27 08:52:30 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2010/09/13 11:48:14 | 000,097,384 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe PRC - [2010/09/13 11:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe PRC - [2010/05/18 00:03:31 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE PRC - [2010/04/19 23:26:47 | 000,159,744 | ---- | M] () -- C:\Program Files\Kolbo Alert\alert.exe PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009/11/23 20:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.exe PRC - [2009/10/26 21:42:42 | 000,718,232 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\audstune\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe PRC - [2009/06/03 20:43:18 | 000,450,652 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2009/06/03 20:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe PRC - [2009/05/15 12:34:04 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe PRC - [2009/02/18 12:01:42 | 001,447,632 | ---- | M] (WhiteCanyon, Inc.) -- C:\Program Files\WhiteCanyon\MySecurityVault\MySecurityVault_TrayIcon.exe PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/08/06 20:37:22 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe PRC - [2008/07/23 22:35:42 | 000,292,216 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe PRC - [2008/07/23 22:35:42 | 000,116,080 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe PRC - [2008/07/23 22:35:12 | 000,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe PRC - [2008/07/14 22:15:10 | 000,814,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe PRC - [2008/07/14 22:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe PRC - [2008/05/26 08:43:58 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\WINDOWS\System32\vfsFPService.exe PRC - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008/04/15 20:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007/06/05 16:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\System32\PSIService.exe PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2000/06/29 04:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\Crypserv.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/08/11 10:43:29 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll MOD - [2011/08/11 10:43:19 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll MOD - [2011/08/11 10:42:51 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll MOD - [2011/08/11 10:42:42 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll MOD - [2011/08/11 09:14:46 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll MOD - [2011/08/11 09:14:41 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll MOD - [2010/04/19 23:26:47 | 000,159,744 | ---- | M] () -- C:\Program Files\Kolbo Alert\alert.exe MOD - [2008/07/23 22:35:44 | 000,120,216 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll MOD - [2008/07/23 22:35:42 | 000,259,480 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll MOD - [2008/07/23 22:35:42 | 000,038,184 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll MOD - [2008/07/23 22:35:40 | 000,345,384 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll MOD - [2008/07/23 22:35:04 | 000,066,856 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll MOD - [2008/02/28 09:12:17 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\actskn43.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011/08/02 20:49:17 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai) SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe -- (NAV) SRV - [2011/04/13 18:10:34 | 000,103,336 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService) SRV - [2010/09/13 11:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService) SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2010/05/18 00:03:31 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE -- (MyWebSearchService) SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010/01/30 19:17:28 | 000,946,180 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files\NCH Software\BroadCam\broadcam.exe -- (BroadCamService) SRV - [2009/11/23 20:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\System32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2009/06/03 20:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe -- (STacSV) SRV - [2009/05/15 12:34:04 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe -- (AESTFilters) SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/08/06 20:37:22 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008/07/23 22:35:42 | 000,292,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS) SRV - [2008/07/23 22:35:42 | 000,116,080 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS) SRV - [2008/07/14 22:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2008/05/26 08:43:58 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\WINDOWS\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008/04/15 20:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/06/05 16:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3) SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2000/06/29 04:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011/09/01 20:04:13 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20110901.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2011/08/23 00:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20110909.030\IDSvix86.sys -- (IDSVix86) DRV - [2011/08/03 22:03:58 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110909.024\NAVEX15.SYS -- (NAVEX15) DRV - [2011/08/03 22:03:58 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20110909.024\NAVENG.SYS -- (NAVENG) DRV - [2011/07/27 22:06:01 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2011/07/27 19:47:24 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2011/07/27 19:47:24 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011/05/13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV - [2011/05/13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2011/05/09 20:18:40 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011/04/01 10:23:02 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\tbhsd.sys -- (tbhsd) DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1206000.01D\SRTSP.SYS -- (SRTSP) DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2011/03/21 20:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1206000.01D\SYMTDIV.SYS -- (SYMTDIv) DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS -- (SymEFA) DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS -- (SymDS) DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS -- (SymIRON) DRV - [2010/09/19 10:01:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) DRV - [2010/09/19 10:01:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) DRV - [2010/09/19 10:01:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) DRV - [2010/09/19 10:01:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) DRV - [2010/09/19 10:01:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) DRV - [2010/06/25 13:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF) DRV - [2009/10/02 20:23:12 | 006,000,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2009/06/30 16:02:26 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\DbusAudio.sys -- (DbusAudio) DRV - [2009/06/03 20:43:18 | 000,407,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009/05/20 15:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2008/12/17 09:31:50 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\AsAudioDevice_351.sys -- (AsAudioDevice_351) DRV - [2008/08/28 21:52:34 | 000,016,896 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VirtualAudio.sys -- (wsvad_driver) DRV - [2008/08/06 01:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/07/25 09:28:00 | 007,547,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/07/24 00:55:40 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2008/07/07 15:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008/06/26 00:05:06 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008/05/26 08:44:14 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008/04/28 06:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir) DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007/02/16 15:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2006/11/29 01:46:24 | 000,028,224 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\APLMp50.sys -- (APLMp50) DRV - [2005/11/02 16:47:26 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc) DRV - [2000/02/03 15:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\ckldrv.sys -- (NetworkX) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/access/autosearch.asp?p=%s IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=fbpage&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files\Soft-Search\tbSof1.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ediblog.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search" FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search" FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=" FF - prefs.js..browser.search.order.1: "Fast Browser Search" FF - prefs.js..browser.search.selectedEngine: "Bing" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.ediblog.com/" FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.1 FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.8.0 FF - prefs.js..extensions.enabledItems: feedly@devhd:2.15 FF - prefs.js..extensions.enabledItems: spellbound@sourceforge.net:4.0.0 FF - prefs.js..extensions.enabledItems: tunebite-firefox-surf-and-catch-extension@audials.com:1.4.7600.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5 FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2 FF - prefs.js..extensions.enabledItems: esnipsxpi@logia.esnips:1.1 FF - prefs.js..extensions.enabledItems: fontfinder@bendodson.com:1.0 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280 FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=" FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Users/audstune/AppData/Local/Temp/RapidSolution/Tunebite/.downloading/profile/rrproxy_ffox_4dcfcb89.pac" FF - prefs.js..network.proxy.type: 2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.) FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll (MyWebSearch.com) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Users\audstune\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/09/07 05:00:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009/03/25 07:48:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin [2010/05/18 00:03:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2010/05/28 21:07:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\esnipsxpi@logia.esnips: C:\Program Files\Logia\eSnipsDownloader\ext [2010/11/16 15:13:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPlgn\ [2011/08/17 09:32:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 20:25:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/15 12:13:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2009/03/25 07:48:14 | 000,000,000 | ---D | M] [2009/03/25 12:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\audstune\AppData\Roaming\Mozilla\Extensions [2011/09/06 09:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions [2009/06/28 23:41:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/08/29 09:38:09 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2011/08/01 21:51:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/12/08 00:05:09 | 000,000,000 | ---D | M] (Fast Browser Search (My Web Tattoo)) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} [2011/08/18 15:43:12 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2011/08/18 15:42:26 | 000,000,000 | ---D | M] (Dictionary.com) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\dictionary@mozila.firefox.com [2011/01/11 18:54:13 | 000,000,000 | ---D | M] (Font Finder) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\fontfinder@bendodson.com [2011/08/05 21:50:04 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack [2010/11/16 15:13:30 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\searchtoolbar@zugo.com [2010/02/18 10:29:04 | 000,000,000 | ---D | M] (SpellBound) -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\extensions\spellbound@sourceforge.net [2010/11/16 15:13:31 | 000,001,919 | ---- | M] () -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\searchplugins\bing-zugo.xml [2009/12/08 00:05:10 | 000,005,413 | ---- | M] () -- C:\Users\audstune\AppData\Roaming\Mozilla\Firefox\Profiles\a8odo0g6.default\searchplugins\fast-browser-search.xml [2011/08/24 11:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/05/27 14:25:49 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010/04/16 12:43:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011/02/16 13:28:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/08/24 11:33:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2010/04/04 22:21:16 | 000,000,000 | ---D | M] (Facemoods) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com [2011/01/08 13:26:11 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2011/08/17 09:32:52 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPLGN () (No name found) -- C:\USERS\AUDSTUNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A8ODO0G6.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI () (No name found) -- C:\USERS\AUDSTUNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A8ODO0G6.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI () (No name found) -- C:\USERS\AUDSTUNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A8ODO0G6.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI () (No name found) -- C:\USERS\AUDSTUNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A8ODO0G6.DEFAULT\EXTENSIONS\AUTOFILLFORMS@BLUEIMP.NET.XPI () (No name found) -- C:\USERS\AUDSTUNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A8ODO0G6.DEFAULT\EXTENSIONS\FEEDLY@DEVHD.XPI () (No name found) -- C:\USERS\AUDSTUNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A8ODO0G6.DEFAULT\EXTENSIONS\SPELLCHECKEVERYTHING@EXAMPLE.COM.XPI [2011/09/07 20:25:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009/04/01 01:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll [2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009/09/26 21:02:30 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll [2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2011/05/13 20:16:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010/03/10 11:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll () O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com) O2 - BHO: (Soft-Search Toolbar) - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files\Soft-Search\tbSof1.dll (Conduit Ltd.) O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.3.61.0\facemoods.dll (facemoods.com) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll () O2 - BHO: (AddThis Toolbar BHO) - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files\AddThis Toolbar\Toolbar.dll () O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (eSnipsBHO Class) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - C:\Program Files\Logia\eSnipsDownloader\eSnipsBHO.dll (Logia Media) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com) O3 - HKLM\..\Toolbar: (Soft-Search Toolbar) - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files\Soft-Search\tbSof1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll () O3 - HKLM\..\Toolbar: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll () O3 - HKLM\..\Toolbar: (MySecurityVault Toolbar) - {D3117279-E115-4C9B-A8FE-D2983653EC51} - C:\Program Files\WhiteCanyon\MySecurityVault\WCVaultToolbar.dll () O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.3.61.0\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (MP3Bar) - {F6BD6330-76F8-44d9-B775-87614E2D8374} - C:\Program Files\Fiesta Download Manager\mp3bar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com) O3 - HKCU\..\Toolbar\WebBrowser: (Soft-Search Toolbar) - {09E55BA0-F9C6-4B81-82DF-46853F6F7B3F} - C:\Program Files\Soft-Search\tbSof1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (MP3Bar) - {F6BD6330-76F8-44D9-B775-87614E2D8374} - C:\Program Files\Fiesta Download Manager\mp3bar.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe () O4 - HKLM..\Run: [MySecurityVault Tray] C:\Program Files\WhiteCanyon\MySecurityVault\MySecurityVault_TrayIcon.exe (WhiteCanyon, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Aim6] File not found O4 - HKCU..\Run: [WeatherEye] C:\Users\audstune\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.) O4 - Startup: C:\Users\audstune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kolbo Alert.lnk = C:\Program Files\Kolbo Alert\alert.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: dreamtemplate.com ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: ediblog.com ([www] http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{351E24A1-3EB0-47AC-AAED-EE6C91C2BAC5}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img217.jpg O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img217.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/09/07 02:58:10 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{26a7ae5b-0e09-11df-b67e-00238b21dd91}\Shell\AutoRun\command - "" = setup.exe /AUTORUN O33 - MountPoints2\{26a7ae5b-0e09-11df-b67e-00238b21dd91}\Shell\configure\command - "" = setup.exe -- [2011/05/10 19:56:41 | 009,722,931 | ---- | M] () O33 - MountPoints2\{26a7ae5b-0e09-11df-b67e-00238b21dd91}\Shell\install\command - "" = setup.exe -- [2011/05/10 19:56:41 | 009,722,931 | ---- | M] () O33 - MountPoints2\{26a7ae5e-0e09-11df-b67e-00238b21dd91}\Shell - "" = AutoRun O33 - MountPoints2\{26a7ae5e-0e09-11df-b67e-00238b21dd91}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{59fcadbf-cb93-11de-8055-00238b21dd91}\Shell - "" = AutoRun O33 - MountPoints2\{59fcadbf-cb93-11de-8055-00238b21dd91}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{c3b0ba81-1054-11df-b67e-00238b21dd91}\Shell - "" = AutoRun O33 - MountPoints2\{c3b0ba81-1054-11df-b67e-00238b21dd91}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/09/09 20:21:52 | 000,000,000 | ---D | C] -- C:\Users\audstune\AppData\Local\TuneUpMedic [2011/09/09 20:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedic [2011/09/09 20:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUpMedic [2011/09/09 20:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedic [2011/09/09 15:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Amazon [2011/09/06 10:39:29 | 000,000,000 | ---D | C] -- C:\Users\audstune\Documents\10 years on, anti-Semitic conspiracy theories about 9-11 persist JTA - Jewish & Israel News_files [2011/09/03 19:19:41 | 000,000,000 | ---D | C] -- C:\Users\audstune\Documents\christianmalard_files [2011/09/03 19:19:00 | 000,000,000 | ---D | C] -- C:\Users\audstune\Documents\Google Translate_files [2011/09/03 14:48:14 | 000,000,000 | ---D | C] -- C:\Users\audstune\Documents\History of the Jews in Turkey - Wikipedia, the free encyclopedia_files [2011/09/02 09:24:25 | 000,000,000 | -HSD | C] -- C:\found.000 [2011/09/01 16:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011/09/01 16:19:08 | 000,000,000 | ---D | C] -- C:\Users\audstune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011/08/24 11:33:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/08/24 11:33:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/08/24 11:33:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/08/24 08:17:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011/08/23 12:02:16 | 000,000,000 | ---D | C] -- C:\Debra Rae [2011/08/17 23:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiesta Download Manager [2011/08/17 18:43:14 | 000,000,000 | ---D | C] -- C:\flashtuts [2011/08/17 18:43:14 | 000,000,000 | ---D | C] -- C:\Flashstuff [2011/08/17 18:43:13 | 000,000,000 | ---D | C] -- C:\flash [2011/08/17 18:42:04 | 000,000,000 | ---D | C] -- C:\Petie [2011/08/17 18:42:04 | 000,000,000 | ---D | C] -- C:\pete [2011/08/17 18:39:41 | 004,718,864 | ---- | C] (HTML-Helper) -- C:\Program Files\ussher.exe [2011/08/17 18:35:32 | 000,000,000 | ---D | C] -- C:\Users\audstune\AppData\Roaming\Help [2011/08/17 18:35:32 | 000,000,000 | ---D | C] -- C:\Users\audstune\AppData\Local\Help [2011/08/17 18:35:16 | 000,000,000 | ---D | C] -- C:\Windows\INDSOFT [2011/08/17 18:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\Screen Creator [2011/08/17 18:33:30 | 000,000,000 | ---D | C] -- C:\screenplays [2011/08/17 18:32:14 | 000,000,000 | ---D | C] -- C:\Users\audstune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeLifter 5.0 [2011/08/17 18:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\CodeLifter5 [2011/08/17 17:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\SaverGenDemo [2011/08/17 17:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaverGen Demo [2011/08/17 17:04:34 | 000,000,000 | ---D | C] -- C:\Users\audstune\AppData\Local\Flat Rock Software [2011/08/17 17:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\SSSTUDIO [2011/08/16 13:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate [2011/08/16 13:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate [2011/08/16 00:05:29 | 000,000,000 | ---D | C] -- C:\Users\audstune\AppData\Roaming\AI Internet Solutions [2011/08/16 00:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\HTMLValidatorLite80 [2011/08/13 09:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2011/08/13 09:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2011/08/13 09:35:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\SRSLabs [2011/08/12 21:11:34 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2011/08/12 21:06:59 | 000,000,000 | ---D | C] -- C:\Users\audstune\AppData\Local\Research In Motion [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/09/10 09:48:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/09/10 09:35:04 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/09/10 09:35:04 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/09/10 09:30:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3888258364-4078971072-2230631149-1000UA.job [2011/09/10 09:28:27 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB887F21-7757-4988-9E41-5A580E782853}.job [2011/09/10 07:43:23 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011/09/10 07:36:02 | 000,001,806 | ---- | M] () -- C:\ProgramData\hpqp.ini [2011/09/10 07:36:00 | 000,028,124 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011/09/10 07:35:24 | 000,028,124 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011/09/10 07:35:15 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/09/10 07:35:06 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\TuneUpMedic_scan_schedule_task_e40d44a1-a616-4b7b-97b7-382eb690109a.job [2011/09/10 07:35:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/09/10 07:34:50 | 3216,232,448 | -HS- | M] () -- C:\hiberfil.sys [2011/09/10 07:32:43 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3888258364-4078971072-2230631149-1000Core.job [2011/09/10 00:40:09 | 000,000,840 | ---- | M] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\TuneUpMedic.lnk [2011/09/09 15:30:51 | 000,370,208 | ---- | M] () -- C:\Users\audstune\AppData\Local\Schedule8.dat [2011/09/09 15:10:39 | 000,001,807 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2011/09/09 15:10:39 | 000,001,777 | ---- | M] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Amazon Unbox Video.lnk [2011/09/08 09:45:29 | 000,642,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/09/08 09:45:29 | 000,120,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/09/08 08:42:57 | 000,002,305 | ---- | M] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk [2011/09/08 08:06:14 | 000,000,378 | ---- | M] () -- C:\Windows\System32\Pen_Tablet.dat [2011/09/07 16:45:09 | 000,007,518 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2011/09/06 10:39:30 | 000,042,374 | ---- | M] () -- C:\Users\audstune\Documents\10 years on, anti-Semitic conspiracy theories about 9-11 persist JTA - Jewish & Israel News.htm [2011/09/05 07:46:19 | 000,007,592 | ---- | M] () -- C:\Users\audstune\AppData\Local\d3d9caps.dat [2011/09/03 19:19:45 | 000,000,617 | ---- | M] () -- C:\Users\audstune\Documents\christianmalard.htm [2011/09/03 19:19:02 | 000,000,623 | ---- | M] () -- C:\Users\audstune\Documents\Google Translate.htm [2011/09/03 14:48:16 | 000,201,945 | ---- | M] () -- C:\Users\audstune\Documents\History of the Jews in Turkey - Wikipedia, the free encyclopedia.htm [2011/09/03 14:33:56 | 000,002,529 | ---- | M] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\HiJackThis.lnk [2011/09/03 10:25:54 | 000,628,799 | ---- | M] () -- C:\Users\audstune\Documents\Palmer-Committee-Final-report.pdf [2011/08/29 08:16:34 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011/08/28 11:39:30 | 000,000,460 | ---- | M] () -- C:\Users\audstune\Documents\dr_site.cs [2011/08/27 20:32:45 | 000,538,292 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [2011/08/26 23:49:08 | 000,002,571 | ---- | M] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\Web Image Studio.lnk [2011/08/25 22:11:29 | 000,000,951 | ---- | M] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhymesaurus.lnk [2011/08/25 22:09:35 | 000,000,718 | ---- | M] () -- C:\Users\audstune\Desktop\DropZip.exe - Shortcut.lnk [2011/08/25 15:27:59 | 000,000,408 | ---- | M] () -- C:\Users\audstune\Documents\debrarae.cs [2011/08/25 15:19:13 | 000,000,406 | ---- | M] () -- C:\Users\audstune\Desktop\Debra Rae.lnk [2011/08/24 22:45:57 | 000,000,504 | ---- | M] () -- C:\{FD59F626-0F2A-4FDF-96BE-5F24364F5674} [2011/08/24 08:49:32 | 000,202,782 | ---- | M] () -- C:\Users\audstune\Documents\durban_ngo_declaration_2001.pdf [2011/08/23 15:58:41 | 001,341,797 | ---- | M] () -- C:\Users\audstune\Documents\WSWF%20Poker%20Save%20the%20Date%202011%20wh-final.pdf [2011/08/23 11:17:27 | 000,000,943 | ---- | M] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/08/21 22:37:28 | 000,134,041 | ---- | M] () -- C:\Users\audstune\Documents\CT_New_Hair_Biology_Model.pdf [2011/08/17 23:23:12 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Fiesta Download Manager.lnk [2011/08/17 18:36:43 | 000,000,210 | ---- | M] () -- C:\Windows\Screen Creator.INI [2011/08/17 18:32:14 | 000,000,835 | ---- | M] () -- C:\Users\audstune\Desktop\Code Lifter.lnk [2011/08/17 17:04:30 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Screen Saver Studio Deluxe.LNK [2011/08/14 07:58:45 | 002,263,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/08/13 09:34:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2011/08/12 22:27:41 | 001,033,561 | ---- | M] () -- C:\Users\audstune\Documents\LoaderBackup-(2011-08-12).ipd [2011/08/12 21:32:39 | 000,096,256 | ---- | M] () -- C:\Users\audstune\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/08/12 21:12:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf [2011/08/12 21:12:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2011/08/12 21:04:52 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/09/10 00:40:09 | 000,000,840 | ---- | C] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\TuneUpMedic.lnk [2011/09/09 20:21:53 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\TuneUpMedic_scan_schedule_task_e40d44a1-a616-4b7b-97b7-382eb690109a.job [2011/09/09 15:10:39 | 000,001,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2011/09/09 15:10:39 | 000,001,777 | ---- | C] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Amazon Unbox Video.lnk [2011/09/07 08:01:45 | 000,000,378 | ---- | C] () -- C:\Windows\System32\Pen_Tablet.dat [2011/09/06 10:39:28 | 000,042,374 | ---- | C] () -- C:\Users\audstune\Documents\10 years on, anti-Semitic conspiracy theories about 9-11 persist JTA - Jewish & Israel News.htm [2011/09/03 19:19:41 | 000,000,617 | ---- | C] () -- C:\Users\audstune\Documents\christianmalard.htm [2011/09/03 19:19:00 | 000,000,623 | ---- | C] () -- C:\Users\audstune\Documents\Google Translate.htm [2011/09/03 14:48:12 | 000,201,945 | ---- | C] () -- C:\Users\audstune\Documents\History of the Jews in Turkey - Wikipedia, the free encyclopedia.htm [2011/09/03 14:33:56 | 000,002,529 | ---- | C] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\HiJackThis.lnk [2011/09/03 10:25:54 | 000,628,799 | ---- | C] () -- C:\Users\audstune\Documents\Palmer-Committee-Final-report.pdf [2011/08/28 11:39:29 | 000,000,460 | ---- | C] () -- C:\Users\audstune\Documents\dr_site.cs [2011/08/26 23:49:08 | 000,002,571 | ---- | C] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\Web Image Studio.lnk [2011/08/25 22:11:29 | 000,000,951 | ---- | C] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhymesaurus.lnk [2011/08/25 22:09:35 | 000,000,718 | ---- | C] () -- C:\Users\audstune\Desktop\DropZip.exe - Shortcut.lnk [2011/08/25 15:27:59 | 000,000,408 | ---- | C] () -- C:\Users\audstune\Documents\debrarae.cs [2011/08/25 15:19:12 | 000,000,406 | ---- | C] () -- C:\Users\audstune\Desktop\Debra Rae.lnk [2011/08/25 11:40:31 | 000,000,398 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB887F21-7757-4988-9E41-5A580E782853}.job [2011/08/24 22:45:57 | 000,000,504 | ---- | C] () -- C:\{FD59F626-0F2A-4FDF-96BE-5F24364F5674} [2011/08/24 08:49:32 | 000,202,782 | ---- | C] () -- C:\Users\audstune\Documents\durban_ngo_declaration_2001.pdf [2011/08/23 15:58:41 | 001,341,797 | ---- | C] () -- C:\Users\audstune\Documents\WSWF%20Poker%20Save%20the%20Date%202011%20wh-final.pdf [2011/08/23 11:17:26 | 000,000,943 | ---- | C] () -- C:\Users\audstune\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/08/21 22:37:28 | 000,134,041 | ---- | C] () -- C:\Users\audstune\Documents\CT_New_Hair_Biology_Model.pdf [2011/08/17 23:23:12 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Fiesta Download Manager.lnk [2011/08/17 18:35:16 | 000,000,210 | ---- | C] () -- C:\Windows\Screen Creator.INI [2011/08/17 18:32:14 | 000,000,835 | ---- | C] () -- C:\Users\audstune\Desktop\Code Lifter.lnk [2011/08/17 17:04:30 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Screen Saver Studio Deluxe.LNK [2011/08/17 17:04:23 | 000,000,764 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screen Saver Studio Deluxe.lnk [2011/08/13 09:34:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2011/08/12 22:27:40 | 001,033,561 | ---- | C] () -- C:\Users\audstune\Documents\LoaderBackup-(2011-08-12).ipd [2011/08/12 21:12:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf [2011/08/12 21:12:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2011/08/12 21:11:46 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf [2011/05/31 13:07:23 | 000,000,054 | ---- | C] () -- C:\Windows\Musician.INI [2011/04/27 01:19:30 | 000,000,074 | RHS- | C] () -- C:\Windows\ICMET20.BIN [2011/03/22 09:25:00 | 000,538,292 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011/01/08 13:44:41 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2010/09/26 19:51:44 | 004,054,056 | ---- | C] () -- C:\Windows\System32\PhotoLooksRenderer.dll [2010/07/23 09:09:47 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin [2010/07/16 22:50:33 | 000,000,621 | ---- | C] () -- C:\Windows\tlknw17.ini [2010/07/16 16:44:52 | 000,000,625 | ---- | C] () -- C:\Windows\tlknw3.ini [2010/07/16 15:04:53 | 000,000,623 | ---- | C] () -- C:\Windows\tlknw5.ini [2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2010/06/16 19:18:59 | 000,000,030 | R--- | C] () -- C:\Windows\System32\drivers\RevHDD.ini [2010/06/10 22:15:05 | 000,000,200 | ---- | C] () -- C:\Windows\ulead32.ini [2010/06/05 00:31:22 | 000,005,120 | ---- | C] () -- C:\Windows\EyeCand3.INI [2010/06/03 22:56:06 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll [2010/05/06 17:44:04 | 000,000,008 | RHS- | C] () -- C:\ProgramData\7C3CD8275B.sys [2010/05/05 12:45:53 | 000,188,416 | ---- | C] () -- C:\Windows\System32\muangsys.dll [2010/05/05 12:45:53 | 000,077,824 | ---- | C] () -- C:\Windows\System32\muadisp.dll [2010/02/09 21:50:55 | 000,000,096 | ---- | C] () -- C:\Users\audstune\AppData\Local\fusioncache.dat [2010/02/09 19:22:02 | 000,000,032 | ---- | C] () -- C:\Windows\tdlp32.ini [2010/01/06 17:29:55 | 000,000,318 | -HS- | C] () -- C:\Windows\WSYS049.SYS [2009/12/17 17:26:00 | 000,007,518 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009/10/30 14:42:07 | 000,370,208 | ---- | C] () -- C:\Users\audstune\AppData\Local\Schedule8.dat [2009/09/01 15:25:33 | 000,000,044 | ---- | C] () -- C:\Windows\Crypkey.ini [2009/09/01 15:25:31 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe [2009/09/01 15:25:31 | 000,024,608 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys [2009/09/01 15:25:31 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll [2009/09/01 15:25:31 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe [2009/08/31 13:03:42 | 000,262,144 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll [2009/08/25 14:48:47 | 000,004,000 | ---- | C] () -- C:\Windows\logos20.ini [2009/08/23 23:06:59 | 000,634,880 | ---- | C] () -- C:\Windows\System32\ISerifVideo1.dll [2009/08/23 23:06:59 | 000,524,288 | ---- | C] () -- C:\Windows\System32\ISerifVideoDX1.dll [2009/08/23 23:06:59 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ISerifAnimation1.dll [2009/08/23 23:06:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\ISerifDSFiltEnum1.dll [2009/08/23 23:06:58 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll [2009/08/23 23:06:58 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll [2009/08/23 23:06:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2009/08/23 23:06:56 | 000,053,248 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2009/08/23 22:57:34 | 000,314,880 | ---- | C] () -- C:\Windows\System32\Tx32.dll [2009/08/23 22:53:17 | 000,000,108 | ---- | C] () -- C:\Windows\LETSDRAW.INI [2009/08/23 22:51:57 | 000,000,109 | ---- | C] () -- C:\Windows\TOONWORX.INI [2009/08/18 18:03:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/18 18:03:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/08/07 21:30:52 | 000,047,104 | ---- | C] () -- C:\Windows\System32\Wh2Robo.dll [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/07/28 20:30:27 | 001,015,808 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2009/07/28 20:30:27 | 000,220,160 | ---- | C] () -- C:\Windows\System32\WnASPI32.dll [2009/07/28 20:30:27 | 000,172,032 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2009/07/28 20:30:27 | 000,061,440 | ---- | C] () -- C:\Windows\System32\libfaac.dll [2009/07/28 20:30:27 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ogg.dll [2009/07/28 20:30:27 | 000,036,864 | ---- | C] () -- C:\Windows\System32\DGRip.dll [2009/07/28 20:30:27 | 000,036,352 | ---- | C] () -- C:\Windows\System32\MP2enc.dll [2009/07/16 22:08:16 | 000,032,768 | ---- | C] () -- C:\Users\audstune\AppData\Roaming\SharedSettings.ccs [2009/07/16 22:08:01 | 000,000,168 | ---- | C] () -- C:\Windows\System32\xpysys.dll [2009/07/15 08:08:56 | 000,007,592 | ---- | C] () -- C:\Users\audstune\AppData\Local\d3d9caps.dat [2009/07/05 22:23:36 | 000,096,256 | ---- | C] () -- C:\Users\audstune\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/06/11 20:13:04 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009/05/15 12:43:28 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2009/04/26 22:07:27 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\E9F27C3760.sys [2009/04/26 22:07:26 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2009/04/25 23:05:44 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2009/03/26 00:58:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/03/25 12:20:04 | 000,028,124 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/03/25 12:20:02 | 000,028,124 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008/09/07 04:13:16 | 000,001,806 | ---- | C] () -- C:\ProgramData\hpqp.ini [2008/09/07 03:38:34 | 000,107,359 | ---- | C] () -- C:\Windows\hpqins13.dat [2007/11/14 19:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll [2007/06/05 16:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:47:37 | 002,263,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:33:01 | 000,642,906 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,120,064 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/02/23 17:37:18 | 000,047,104 | ---- | C] () -- C:\Windows\System32\dsfFLACEncoder.dll [2006/02/23 16:37:06 | 000,047,616 | ---- | C] () -- C:\Windows\System32\dsfVorbisDecoder.dll [2006/02/23 16:36:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dsfOggDemux2.dll [2006/02/23 16:35:56 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsfOGMDecoder.dll [2006/02/23 16:35:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsfNativeFLACSource.dll [2006/02/23 16:35:40 | 000,049,664 | ---- | C] () -- C:\Windows\System32\dsfFLACDecoder.dll [2006/02/23 16:34:58 | 000,083,456 | ---- | C] () -- C:\Windows\System32\libFLAC++.dll [2006/02/23 16:34:56 | 000,106,496 | ---- | C] () -- C:\Windows\System32\libFishSound.dll [2006/02/23 16:34:38 | 000,029,696 | ---- | C] () -- C:\Windows\System32\libOOOggSeek.dll [2006/02/23 16:34:26 | 001,163,264 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2006/02/23 16:34:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\libOOogg.dll [2006/02/23 16:33:54 | 000,140,288 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [color=#E56717]========== Files - Unicode (All) ==========[/color] [2009/09/02 09:29:43 | 000,000,000 | ---D | M](C:\Windows\System32\?I???I?I?I?I?I?I) -- C:\Windows\System32\Ĩ䘺睗ĨĨĨĨĨĨ [2009/09/02 09:29:43 | 000,000,000 | ---D | C](C:\Windows\System32\?I???I?I?I?I?I?I) -- C:\Windows\System32\Ĩ䘺睗ĨĨĨĨĨĨ [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 961 bytes -> C:\Users\audstune\Documents\Special Savings Coupon from The Tree!.eml:OECustomProperty @Alternate Data Stream - 881 bytes -> C:\Users\audstune\Documents\When Metaphors Attack! (Latest Oped).eml:OECustomProperty @Alternate Data Stream - 836 bytes -> C:\ProgramData\Temp:35E5AF34 @Alternate Data Stream - 264 bytes -> C:\ProgramData\Temp:890CC2F3 @Alternate Data Stream - 182 bytes -> C:\ProgramData\Temp:0CFE8F97 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:8CE646EE @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0A8E2C33 < End of report >