Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Browser Redirect Problem

Started by wburrough , Sep 16 2011 09:22 AM

This topic is locked

#1
wburrough

Posted 16 September 2011 - 09:22 AM

Member

Member
43 posts

I have followed all the steps for the google redirect fix and it only helped a little bit. I am now able to at least get to this web site. When i open firefox or iexplore i am immidiatly taken to:

http://search.tuxend...9191ab&t=newtab

If i use the search function it will also take me to a similar link. I can not use the search function in the top right either. There is also a new search bar that has been added to firefox and iexplorer that i did not download and i can not get rid of. here is my otl log:

fOTL logfile created on: 9/16/2011 11:13:51 AM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Wesley\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.16% Memory free
3.95 Gb Paging File | 3.36 Gb Available in Paging File | 85.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.91 Gb Total Space | 6.19 Gb Free Space | 15.52% Space Free | Partition Type: NTFS
Drive E: | 24.42 Gb Total Space | 15.95 Gb Free Space | 65.33% Space Free | Partition Type: NTFS
Drive G: | 47.46 Gb Total Space | 0.67 Gb Free Space | 1.42% Space Free | Partition Type: NTFS
Drive H: | 74.53 Gb Total Space | 1.92 Gb Free Space | 2.58% Space Free | Partition Type: NTFS
Drive J: | 1.86 Gb Total Space | 1.79 Gb Free Space | 96.54% Space Free | Partition Type: FAT32

Computer Name: HOSTILE | User Name: Wesley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/16 11:10:34 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wesley\Desktop\OTL.exe
PRC - [2011/09/16 11:01:41 | 000,310,272 | ---- | M] () -- C:\WINDOWS\system32\bsh\usr\sbin\sshd.exe
PRC - [2011/09/16 09:48:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/02/13 17:33:52 | 006,056,448 | ---- | M] (Mobatek - http://mobassh.mobatek.net) -- C:\WINDOWS\system32\MobaSSH.exe
PRC - [2008/10/14 10:42:54 | 002,164,088 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/31 09:38:48 | 000,053,248 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WTSrv.exe
PRC - [2007/04/11 12:27:00 | 000,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\WTClient.exe
PRC - [2006/11/16 19:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 18:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/02/17 13:40:36 | 000,270,336 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
PRC - [2006/02/17 13:39:02 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2006/02/17 13:35:58 | 000,127,035 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/02/17 13:35:42 | 000,061,503 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/02/17 13:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2005/10/25 23:21:52 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/16 11:01:41 | 000,310,272 | ---- | M] () -- C:\WINDOWS\system32\bsh\usr\sbin\sshd.exe
MOD - [2011/09/16 11:01:40 | 001,089,024 | ---- | M] () -- C:\WINDOWS\system32\bsh\bin\cygcrypto-0.9.8.dll
MOD - [2011/09/16 11:01:40 | 000,066,048 | ---- | M] () -- C:\WINDOWS\system32\bsh\bin\cygz.dll
MOD - [2011/09/16 11:01:40 | 000,022,528 | ---- | M] () -- C:\WINDOWS\system32\bsh\bin\cygwrap-0.dll
MOD - [2011/09/16 11:01:39 | 000,006,656 | ---- | M] () -- C:\WINDOWS\system32\bsh\bin\cygcrypt-0.dll
MOD - [2011/09/16 09:48:14 | 001,001,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/05/19 12:54:33 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/05/19 12:54:32 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/05/19 12:54:30 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/05/19 12:54:30 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/05/19 12:54:30 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/05/19 12:54:30 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/05/19 12:54:29 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/05/19 12:54:29 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/05/19 12:54:29 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/05/19 12:54:28 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/05/19 12:54:28 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2010/12/15 13:31:04 | 004,300,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2010/12/15 13:26:48 | 000,737,280 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/10/26 07:34:12 | 011,853,824 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
MOD - [2010/10/25 23:37:32 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\phonon4.dll
MOD - [2010/10/25 23:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
MOD - [2010/10/25 23:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2010/10/25 23:23:34 | 008,351,744 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2010/10/25 23:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
MOD - [2010/10/25 23:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
MOD - [2010/10/25 23:06:28 | 000,364,544 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2010/10/25 23:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
MOD - [2010/10/25 23:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2010/07/03 15:50:07 | 005,612,496 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/05/20 12:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/20 12:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/17 08:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
MOD - [2010/05/17 08:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoNet.dll
MOD - [2010/05/17 08:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
MOD - [2010/05/17 08:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoXML.dll
MOD - [2010/05/17 08:47:20 | 000,291,840 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
MOD - [2010/05/17 08:47:20 | 000,175,616 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
MOD - [2010/05/17 08:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
MOD - [2010/05/17 08:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
MOD - [2010/05/17 08:47:18 | 000,110,592 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
MOD - [2010/02/03 15:24:48 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2010/02/03 15:20:55 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/02/03 15:20:55 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/02/03 15:20:54 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/02/03 15:20:53 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/02/03 15:20:53 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/02/03 15:20:53 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/02/03 15:20:53 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/02/03 15:20:53 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/02/03 15:20:53 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/02/03 15:20:53 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/02/03 15:12:16 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2010/02/03 15:12:06 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2010/02/03 15:08:27 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2010/02/03 15:08:26 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/02/03 15:08:25 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010/02/03 15:08:24 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/02/03 15:08:23 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/02/03 15:08:19 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2010/02/03 15:08:17 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/02/03 15:08:14 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2010/02/03 15:08:13 | 003,149,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2010/02/03 15:08:07 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/02/02 15:08:26 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/02/02 15:08:26 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/02/02 15:08:26 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/02/02 15:08:25 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/02/02 15:08:25 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/02/02 15:08:25 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/02/02 15:08:24 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2009/02/04 17:37:16 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2009/02/04 17:37:15 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2009/02/04 17:28:32 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2009/02/04 17:28:31 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2009/02/04 17:28:30 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2009/02/04 17:28:30 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2009/02/04 17:28:30 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2009/02/04 17:28:30 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MOD - [2008/05/16 14:01:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- e:\Program Files\WinRAR\RarExt.dll
MOD - [2006/02/17 13:39:02 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
MOD - [2006/02/17 13:17:08 | 000,876,544 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll
MOD - [2006/02/17 13:17:08 | 000,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll
MOD - [2006/02/17 13:17:08 | 000,024,691 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (wampmysqld)
SRV - File not found [On_Demand | Stopped] -- -- (wampapache)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/03/12 20:28:40 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2009/03/11 18:43:24 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/13 17:33:52 | 006,056,448 | ---- | M] (Mobatek - http://mobassh.mobatek.net) [Auto | Running] -- C:\WINDOWS\system32\MobaSSH.exe -- (MobaSSH1)
SRV - [2008/10/14 10:42:54 | 002,164,088 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2007/05/31 09:38:48 | 000,053,248 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\WINDOWS\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2006/11/10 19:18:02 | 000,774,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- E:\Program Files\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/02/17 13:39:02 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/02/17 13:35:58 | 000,127,035 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/02/17 13:35:42 | 000,061,503 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/02/17 13:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2005/10/25 23:21:52 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2005/10/25 22:06:08 | 000,122,880 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2005/06/28 21:46:00 | 014,745,600 | -HS- | M] () [Auto | Running] -- C:\Program Files\Common Files\\System\icm64.dll -- (wmcmgc)

========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/30 14:04:52 | 000,022,304 | ---- | M] (Doug Fetter Software Wizardry) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbkt1x1.sys -- (USBKT1X1)
DRV - [2011/05/30 14:04:52 | 000,013,504 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uks11ldr.sys -- (UKS11LDR)
DRV - [2008/11/02 04:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/10/14 01:03:46 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2008/07/18 07:14:54 | 000,099,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007/08/06 15:29:46 | 000,094,720 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camfilt2.sys -- (camfilt2)
DRV - [2007/07/17 18:07:42 | 010,371,072 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2007/06/07 13:16:28 | 000,018,944 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTSimBus.sys -- (PTSimBus)
DRV - [2007/04/23 11:28:56 | 000,010,752 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTSimHid.sys -- (PTSimHid)
DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/08/24 05:44:14 | 000,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(SMC)) 802.11g Wireless USB2.0 Adapter Driver(SMC)
DRV - [2006/02/16 22:28:32 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/16 22:28:30 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/27 02:04:16 | 000,099,584 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/10/25 23:19:56 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2005/10/25 22:12:06 | 000,105,472 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2005/09/27 08:00:02 | 000,069,920 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2005/08/11 01:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/03/09 18:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/27 18:21:30 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/27 03:26:48 | 000,005,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS -- (Asushwio)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/03/05 17:17:36 | 000,023,202 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2003/03/05 15:00:44 | 000,011,090 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2000/06/13 13:32:02 | 000,015,370 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Tablet2k.sys -- (Tablet2k)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.tuxend...=189&t=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.tuxend...=189&t=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://search.tuxend...=189&t=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.tuxend...=189&t=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.tuxend...=189&t=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Tuxendo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Tuxendo"
FF - prefs.js..browser.search.selectedEngine: "Tuxendo"
FF - prefs.js..browser.startup.homepage: "http://search.tuxend...1ab&t=homepage"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {3D098A34-4D9F-4873-A333-229BB80BF7F2}:1.0
FF - prefs.js..keyword.URL: "http://search.tuxend...&t=urlbar&key="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: e:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.17.3: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=5.2.5.48: C:\Program Files\Musicnotes\npsibelius.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/16 09:48:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/16 09:48:18 | 000,000,000 | ---D | M]

[2008/06/19 10:48:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Extensions
[2011/09/16 11:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Firefox\Profiles\t4tuokhv.default\extensions
[2011/01/04 16:18:28 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Firefox\Profiles\t4tuokhv.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/08/26 19:22:23 | 000,000,000 | ---D | M] (SearchToolbar) -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Firefox\Profiles\t4tuokhv.default\extensions\{3D098A34-4D9F-4873-A333-229BB80BF7F2}
[2010/07/26 20:24:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Firefox\Profiles\t4tuokhv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/26 20:24:30 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Firefox\Profiles\t4tuokhv.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/07/02 16:13:28 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Firefox\Profiles\t4tuokhv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/07/26 20:24:29 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Firefox\Profiles\t4tuokhv.default\extensions\[email protected]
[2011/08/26 19:26:48 | 000,002,222 | ---- | M] () -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Firefox\Profiles\t4tuokhv.default\searchplugins\tuxendo.xml
[2011/09/16 09:48:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 08:33:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/17 22:22:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/04/01 21:19:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/10/21 12:12:56 | 000,002,216 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml

O1 HOSTS File: ([2011/09/16 10:59:35 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "I:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] "I:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" File not found
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CloneCDTray] e:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [UpdatePDRShortCut] E:\Program Files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WService] C:\WINDOWS\System32\WService.exe (Tablet Driver)
O4 - HKLM..\Run: [WTClient] C:\WINDOWS\System32\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - i:\Program Files\WinHTTrack\WinHTTrackIEBar.dll File not found
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - i:\Program Files\WinHTTrack\WinHTTrackIEBar.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} https://vpn-standard....com AXXPEE.dll (Confidence Online Enterprise Edition)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1262436724265 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1262436716906 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://vpn-standard...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C653A997-4680-43D2-BA24-E4FA522AF253}: NameServer = 65.32.5.111,65.32.5.112
O20 - AppInit_DLLs: (qshkwe.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\qoMggfdc) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/23 13:59:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/22 11:18:23 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7b5807eb-3141-11df-ba45-806d6172696f}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{88294090-6737-11dd-911c-001a927c0c11}\Shell - "" = AutoRun
O33 - MountPoints2\{88294090-6737-11dd-911c-001a927c0c11}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{88294090-6737-11dd-911c-001a927c0c11}\Shell\AutoRun\command - "" = D:\SecureDrive_Launcher.exe
O33 - MountPoints2\{9d7c923a-f4bf-11de-af04-001a927c0c11}\Shell\AutoRun\command - "" = J:\Setup_FlipShare.exe
O33 - MountPoints2\{9d7c923a-f4bf-11de-af04-001a927c0c11}\Shell\Setup FlipShare\command - "" = J:\Setup_FlipShare.exe
O33 - MountPoints2\{cbee9ed5-5d95-11dd-bc5f-001a927c0c11}\Shell - "" = AutoRun
O33 - MountPoints2\{cbee9ed5-5d95-11dd-bc5f-001a927c0c11}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cbee9ed5-5d95-11dd-bc5f-001a927c0c11}\Shell\AutoRun\command - "" = J:\SecureDrive_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/16 11:11:22 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wesley\Desktop\OTL.exe
[2011/09/16 11:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wesley\Desktop\tdsskiller
[2011/09/16 10:57:54 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wesley\Desktop\OTM.exe
[2011/09/10 15:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wesley\My Documents\Triathlon
[2011/08/26 19:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\PuTTY
[2011/08/26 18:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/08/26 18:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/07/09 11:21:57 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009/07/09 11:21:57 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2008/08/14 08:14:14 | 000,996,720 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\adobetmp00052276
[2008/08/14 08:14:14 | 000,079,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\adobetmp00042276
[1 C:\Documents and Settings\Wesley\Desktop\*.tmp files -> C:\Documents and Settings\Wesley\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/16 11:10:34 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wesley\Desktop\OTL.exe
[2011/09/16 11:01:49 | 000,138,893 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/16 11:01:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/16 10:59:35 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/16 10:50:04 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wesley\Desktop\OTM.exe
[2011/09/15 18:00:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/15 18:00:45 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/09/13 15:03:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/10 14:41:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/02 01:02:10 | 478,943,333 | ---- | M] () -- C:\Documents and Settings\Wesley\Desktop\MVI_1510.MOV
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/26 22:00:07 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Wesley\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/20 14:36:17 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[1 C:\Documents and Settings\Wesley\Desktop\*.tmp files -> C:\Documents and Settings\Wesley\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/04 22:55:40 | 478,943,333 | ---- | C] () -- C:\Documents and Settings\Wesley\Desktop\MVI_1510.MOV
[2011/07/20 17:02:48 | 000,074,292 | ---- | C] () -- C:\Documents and Settings\Wesley\Application Data\Setup.1.2.exe
[2010/09/04 08:06:39 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2010/02/03 15:11:09 | 006,080,184 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/12 20:33:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/28 13:31:53 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/07/09 11:21:57 | 000,015,478 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009/07/09 11:21:43 | 003,600,384 | ---- | C] () -- C:\WINDOWS\ffmpeg.exe
[2009/02/13 09:34:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Wesley\Local Settings\Application Data\PUTTY.RND
[2008/09/06 12:01:55 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2008/09/06 12:01:55 | 000,000,048 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
[2008/06/19 10:48:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/21 10:24:36 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/16 13:45:43 | 000,000,081 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/05/16 13:01:13 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/16 13:01:13 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/01 10:45:56 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Wesley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/25 03:54:51 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/04/24 09:29:30 | 001,394,452 | ---- | C] () -- C:\WINDOWS\System32\ExpansionHD_Firmware.bin
[2008/04/24 01:00:09 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008/04/23 14:07:52 | 000,019,830 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/04/23 14:07:47 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/04/23 14:07:44 | 000,019,578 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/04/23 14:07:23 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/04/23 14:00:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/23 13:56:53 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/23 11:54:06 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/23 06:40:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/23 06:39:29 | 007,270,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/09/17 01:07:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/17 01:07:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/09/17 01:07:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/17 01:07:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/09/17 01:07:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/17 01:07:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/17 01:07:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/09/17 01:07:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/09/17 01:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/04/24 15:31:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll
[2007/04/24 12:27:02 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UCMfg.exe
[2003/03/31 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 08:00:00 | 000,462,714 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 08:00:00 | 000,219,392 | ---- | C] () -- C:\WINDOWS\System32\wsivmxkl.dat
[2003/03/31 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 08:00:00 | 000,077,486 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/07/24 14:04:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\lhtool.exe
[1913/08/01 10:18:54 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/06/11 17:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/09/01 18:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2011/05/06 22:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2009/11/04 20:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/04/24 11:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2011/05/25 15:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2008/07/27 15:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/01/09 16:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/04/09 18:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2008/04/24 09:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Ableton
[2008/09/26 17:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Alien Skin
[2009/02/20 17:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Blender Foundation
[2010/07/01 22:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\DAEMON Tools Lite
[2011/06/06 15:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Digidesign
[2008/05/09 14:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\DTLink Software
[2010/07/01 22:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Facebook
[2010/09/01 18:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Final Draft
[2011/05/06 22:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Flip Video
[2009/12/16 12:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\GameRanger
[2011/01/04 16:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\GARMIN
[2009/01/22 20:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Juniper Networks
[2008/04/24 11:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\PACE Anti-Piracy
[2009/07/10 19:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Trillian
[2011/08/26 18:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\uTorrent
[2008/04/24 10:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Waves Audio
[2008/05/16 11:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\WholeSecurity
[2011/09/15 18:00:45 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:75CD77C5717546A5
@Alternate Data Stream - 1397 bytes -> C:\Program Files\WindowsUpdate:GDw9ONydhyomwpMTTt6O0itNQMM
@Alternate Data Stream - 1394 bytes -> C:\Documents and Settings\Wesley\Cookies:UOqqVRA1A1UdHV8lJwBH
@Alternate Data Stream - 1354 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:tzR4qfFYMc15fShiINqP
@Alternate Data Stream - 1348 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Ij7cNUMUPjoBLTPEBrQwpigL
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:9482CFB4

< End of report >

#2
wburrough

Posted 16 September 2011 - 10:07 AM

Member

Topic Starter
Member
43 posts

There is a firefox extension called SeachToolbar 1.0 that will not let me uninstall it. I uninstall it and it tell me to restart firefox and it is back every time.

#3
Essexboy

Posted 16 September 2011 - 11:43 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there lets try this first and see if it removes it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.tuxend...=189&t=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.tuxend...=189&t=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://search.tuxend...=189&t=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.tuxend...=189&t=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.tuxend...=189&t=homepage
FF - prefs.js..browser.search.defaultenginename: "Tuxendo"
FF - prefs.js..browser.search.order.1: "Tuxendo"
FF - prefs.js..browser.search.selectedEngine: "Tuxendo"
FF - prefs.js..browser.startup.homepage: "http://search.tuxend...1ab&t=homepage"
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {3D098A34-4D9F-4873-A333-229BB80BF7F2}:1.0
FF - prefs.js..keyword.URL: "http://search.tuxend...&t=urlbar&key="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
[2011/08/26 19:22:23 | 000,000,000 | ---D | M] (SearchToolbar) -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Firefox\Profiles\t4tuokhv.default\extensions\{3D098A34-4D9F-4873-A333-229BB80BF7F2}
[2011/08/26 19:26:48 | 000,002,222 | ---- | M] () -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Firefox\Profiles\t4tuokhv.default\searchplugins\tuxendo.xml
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O20 - AppInit_DLLs: (qshkwe.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\qoMggfdc) - File not found
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:75CD77C5717546A5
@Alternate Data Stream - 1397 bytes -> C:\Program Files\WindowsUpdate:GDw9ONydhyomwpMTTt6O0itNQMM
@Alternate Data Stream - 1394 bytes -> C:\Documents and Settings\Wesley\Cookies:UOqqVRA1A1UdHV8lJwBH
@Alternate Data Stream - 1354 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:tzR4qfFYMc15fShiINqP
@Alternate Data Stream - 1348 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Ij7cNUMUPjoBLTPEBrQwpigL

:Files
ipconfig /flushdns /c
C:\WINDOWS\tasks\At*.job

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#4
wburrough

Posted 17 September 2011 - 12:55 PM

Member

Topic Starter
Member
43 posts

It gets stuck on "killing processes. DO NOT INTERRUPT..." every time. I am not sure how long it is supposed to take but i waited 15 mins the first time and it is still going right now for the second time and it about about 30 mins. It also says not responding at the top.

#5
Essexboy

Posted 17 September 2011 - 01:53 PM

GeekU Moderator

Retired Staff
69,964 posts

OK lets run the fix with a slight difference

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.tuxend...=189&t=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.tuxend...=189&t=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://search.tuxend...=189&t=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.tuxend...=189&t=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.tuxend...=189&t=homepage
FF - prefs.js..browser.search.defaultenginename: "Tuxendo"
FF - prefs.js..browser.search.order.1: "Tuxendo"
FF - prefs.js..browser.search.selectedEngine: "Tuxendo"
FF - prefs.js..browser.startup.homepage: "http://search.tuxend...1ab&t=homepage"
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {3D098A34-4D9F-4873-A333-229BB80BF7F2}:1.0
FF - prefs.js..keyword.URL: "http://search.tuxend...&t=urlbar&key="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
[2011/08/26 19:22:23 | 000,000,000 | ---D | M] (SearchToolbar) -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Firefox\Profiles\t4tuokhv.default\extensions\{3D098A34-4D9F-4873-A333-229BB80BF7F2}
[2011/08/26 19:26:48 | 000,002,222 | ---- | M] () -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Firefox\Profiles\t4tuokhv.default\searchplugins\tuxendo.xml
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O20 - AppInit_DLLs: (qshkwe.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\qoMggfdc) - File not found
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:75CD77C5717546A5
@Alternate Data Stream - 1397 bytes -> C:\Program Files\WindowsUpdate:GDw9ONydhyomwpMTTt6O0itNQMM
@Alternate Data Stream - 1394 bytes -> C:\Documents and Settings\Wesley\Cookies:UOqqVRA1A1UdHV8lJwBH
@Alternate Data Stream - 1354 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:tzR4qfFYMc15fShiINqP
@Alternate Data Stream - 1348 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Ij7cNUMUPjoBLTPEBrQwpigL

:Files
ipconfig /flushdns /c
C:\WINDOWS\tasks\At*.job

:Commands
[purity]
[EMPTYFLASH]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#6
wburrough

Posted 18 September 2011 - 03:19 PM

Member

Topic Starter
Member
43 posts

ok now it worked. here is the new log:

OTL logfile created on: 9/18/2011 5:14:01 PM - Run 2
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Wesley\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 70.80% Memory free
3.95 Gb Paging File | 3.42 Gb Available in Paging File | 86.68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.91 Gb Total Space | 6.27 Gb Free Space | 15.70% Space Free | Partition Type: NTFS
Drive E: | 24.42 Gb Total Space | 15.95 Gb Free Space | 65.33% Space Free | Partition Type: NTFS
Drive G: | 47.46 Gb Total Space | 0.67 Gb Free Space | 1.42% Space Free | Partition Type: NTFS
Drive H: | 74.53 Gb Total Space | 1.92 Gb Free Space | 2.58% Space Free | Partition Type: NTFS

Computer Name: HOSTILE | User Name: Wesley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/18 17:11:36 | 000,310,272 | ---- | M] () -- C:\WINDOWS\system32\bsh\usr\sbin\sshd.exe
PRC - [2011/09/16 12:03:50 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/16 11:10:34 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wesley\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/02/13 17:33:52 | 006,056,448 | ---- | M] (Mobatek - http://mobassh.mobatek.net) -- C:\WINDOWS\system32\MobaSSH.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/31 09:38:48 | 000,053,248 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WTSrv.exe
PRC - [2007/04/11 12:27:00 | 000,040,960 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\WTClient.exe
PRC - [2006/11/16 19:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 18:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/02/17 13:39:02 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2006/02/17 13:35:58 | 000,127,035 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/02/17 13:35:42 | 000,061,503 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/02/17 13:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2005/10/25 23:21:52 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/18 17:11:36 | 000,310,272 | ---- | M] () -- C:\WINDOWS\system32\bsh\usr\sbin\sshd.exe
MOD - [2011/09/18 17:11:23 | 000,066,048 | ---- | M] () -- C:\WINDOWS\system32\bsh\bin\cygz.dll
MOD - [2011/09/18 17:11:23 | 000,022,528 | ---- | M] () -- C:\WINDOWS\system32\bsh\bin\cygwrap-0.dll
MOD - [2011/09/18 17:11:13 | 001,089,024 | ---- | M] () -- C:\WINDOWS\system32\bsh\bin\cygcrypto-0.9.8.dll
MOD - [2011/09/18 17:11:10 | 000,006,656 | ---- | M] () -- C:\WINDOWS\system32\bsh\bin\cygcrypt-0.dll
MOD - [2011/09/16 12:03:50 | 001,000,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/05/19 12:54:33 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/05/19 12:54:32 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/05/19 12:54:30 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/05/19 12:54:30 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/05/19 12:54:30 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/05/19 12:54:30 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/05/19 12:54:29 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/05/19 12:54:29 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/05/19 12:54:29 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/05/19 12:54:28 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/05/19 12:54:28 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2010/12/15 13:31:04 | 004,300,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2010/12/15 13:26:48 | 000,737,280 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/10/26 07:34:12 | 011,853,824 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
MOD - [2010/10/25 23:37:32 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\phonon4.dll
MOD - [2010/10/25 23:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
MOD - [2010/10/25 23:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2010/10/25 23:23:34 | 008,351,744 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2010/10/25 23:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
MOD - [2010/10/25 23:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
MOD - [2010/10/25 23:06:28 | 000,364,544 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2010/10/25 23:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
MOD - [2010/10/25 23:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2010/05/20 12:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/20 12:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/17 08:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
MOD - [2010/05/17 08:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoNet.dll
MOD - [2010/05/17 08:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
MOD - [2010/05/17 08:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoXML.dll
MOD - [2010/05/17 08:47:20 | 000,291,840 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
MOD - [2010/05/17 08:47:20 | 000,175,616 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
MOD - [2010/05/17 08:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
MOD - [2010/05/17 08:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
MOD - [2010/05/17 08:47:18 | 000,110,592 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
MOD - [2010/02/03 15:24:48 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2010/02/03 15:20:55 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/02/03 15:20:55 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/02/03 15:20:54 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/02/03 15:20:53 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/02/03 15:20:53 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/02/03 15:20:53 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/02/03 15:20:53 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/02/03 15:20:53 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/02/03 15:20:53 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/02/03 15:20:53 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/02/03 15:12:16 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2010/02/03 15:12:06 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2010/02/03 15:08:27 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2010/02/03 15:08:26 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/02/03 15:08:25 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010/02/03 15:08:24 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/02/03 15:08:23 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/02/03 15:08:19 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2010/02/03 15:08:17 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/02/03 15:08:14 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2010/02/03 15:08:13 | 003,149,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2010/02/03 15:08:07 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/02/02 15:08:26 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/02/02 15:08:26 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/02/02 15:08:26 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/02/02 15:08:25 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/02/02 15:08:25 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/02/02 15:08:25 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/02/02 15:08:24 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2009/02/04 17:37:16 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2009/02/04 17:37:15 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2009/02/04 17:28:32 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2009/02/04 17:28:31 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2009/02/04 17:28:30 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2009/02/04 17:28:30 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2009/02/04 17:28:30 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2009/02/04 17:28:30 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- e:\Program Files\WinRAR\RarExt.dll
MOD - [2006/02/17 13:39:02 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
MOD - [2006/02/17 13:17:08 | 000,876,544 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll
MOD - [2006/02/17 13:17:08 | 000,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll
MOD - [2006/02/17 13:17:08 | 000,024,691 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (wampmysqld)
SRV - File not found [On_Demand | Stopped] -- -- (wampapache)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/03/12 20:28:40 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2009/03/11 18:43:24 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/13 17:33:52 | 006,056,448 | ---- | M] (Mobatek - http://mobassh.mobatek.net) [Auto | Running] -- C:\WINDOWS\system32\MobaSSH.exe -- (MobaSSH1)
SRV - [2008/10/14 10:42:54 | 002,164,088 | ---- | M] (RealVNC Ltd.) [Auto | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2007/05/31 09:38:48 | 000,053,248 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\WINDOWS\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2006/11/10 19:18:02 | 000,774,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- E:\Program Files\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/02/17 13:39:02 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/02/17 13:35:58 | 000,127,035 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/02/17 13:35:42 | 000,061,503 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/02/17 13:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2005/10/25 23:21:52 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2005/10/25 22:06:08 | 000,122,880 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2005/06/28 21:46:00 | 014,745,600 | -HS- | M] () [Auto | Running] -- C:\Program Files\Common Files\\System\icm64.dll -- (wmcmgc)

========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/30 14:04:52 | 000,022,304 | ---- | M] (Doug Fetter Software Wizardry) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbkt1x1.sys -- (USBKT1X1)
DRV - [2011/05/30 14:04:52 | 000,013,504 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uks11ldr.sys -- (UKS11LDR)
DRV - [2008/11/02 04:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/10/14 01:03:46 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2008/07/18 07:14:54 | 000,099,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007/08/06 15:29:46 | 000,094,720 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camfilt2.sys -- (camfilt2)
DRV - [2007/07/17 18:07:42 | 010,371,072 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2007/06/07 13:16:28 | 000,018,944 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTSimBus.sys -- (PTSimBus)
DRV - [2007/04/23 11:28:56 | 000,010,752 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTSimHid.sys -- (PTSimHid)
DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/08/24 05:44:14 | 000,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(SMC)) 802.11g Wireless USB2.0 Adapter Driver(SMC)
DRV - [2006/02/16 22:28:32 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/16 22:28:30 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/27 02:04:16 | 000,099,584 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/10/25 23:19:56 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2005/10/25 22:12:06 | 000,105,472 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2005/09/27 08:00:02 | 000,069,920 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2005/08/11 01:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/03/09 18:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/27 18:21:30 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/27 03:26:48 | 000,005,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS -- (Asushwio)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/03/05 17:17:36 | 000,023,202 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2003/03/05 15:00:44 | 000,011,090 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2000/06/13 13:32:02 | 000,015,370 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Tablet2k.sys -- (Tablet2k)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: e:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.17.3: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=5.2.5.48: C:\Program Files\Musicnotes\npsibelius.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/16 12:03:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/16 12:03:52 | 000,000,000 | ---D | M]

[2008/06/19 10:48:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Extensions
[2011/09/18 17:11:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Firefox\Profiles\t4tuokhv.default\extensions
[2011/01/04 16:18:28 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Firefox\Profiles\t4tuokhv.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/07/26 20:24:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Firefox\Profiles\t4tuokhv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/26 20:24:30 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Firefox\Profiles\t4tuokhv.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/07/02 16:13:28 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Firefox\Profiles\t4tuokhv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/07/26 20:24:29 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Wesley\Application Data\Mozilla\Firefox\Profiles\t4tuokhv.default\extensions\[email protected]
[2011/09/16 12:05:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 08:33:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/17 22:22:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/04/01 21:19:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/10/21 12:12:56 | 000,002,216 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml

O1 HOSTS File: ([2011/09/16 10:59:35 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "I:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] "I:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" File not found
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CloneCDTray] e:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [UpdatePDRShortCut] E:\Program Files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WService] C:\WINDOWS\System32\WService.exe (Tablet Driver)
O4 - HKLM..\Run: [WTClient] C:\WINDOWS\System32\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - i:\Program Files\WinHTTrack\WinHTTrackIEBar.dll File not found
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - i:\Program Files\WinHTTrack\WinHTTrackIEBar.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} https://vpn-standard....com AXXPEE.dll (Confidence Online Enterprise Edition)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1262436724265 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1262436716906 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://vpn-standard...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C653A997-4680-43D2-BA24-E4FA522AF253}: NameServer = 65.32.5.111,65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/23 13:59:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/22 11:18:23 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7b5807eb-3141-11df-ba45-806d6172696f}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{88294090-6737-11dd-911c-001a927c0c11}\Shell - "" = AutoRun
O33 - MountPoints2\{88294090-6737-11dd-911c-001a927c0c11}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{88294090-6737-11dd-911c-001a927c0c11}\Shell\AutoRun\command - "" = D:\SecureDrive_Launcher.exe
O33 - MountPoints2\{9d7c923a-f4bf-11de-af04-001a927c0c11}\Shell\AutoRun\command - "" = J:\Setup_FlipShare.exe
O33 - MountPoints2\{9d7c923a-f4bf-11de-af04-001a927c0c11}\Shell\Setup FlipShare\command - "" = J:\Setup_FlipShare.exe
O33 - MountPoints2\{cbee9ed5-5d95-11dd-bc5f-001a927c0c11}\Shell - "" = AutoRun
O33 - MountPoints2\{cbee9ed5-5d95-11dd-bc5f-001a927c0c11}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cbee9ed5-5d95-11dd-bc5f-001a927c0c11}\Shell\AutoRun\command - "" = J:\SecureDrive_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/17 14:14:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/16 11:11:22 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wesley\Desktop\OTL.exe
[2011/09/16 11:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wesley\Desktop\tdsskiller
[2011/09/16 10:57:54 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wesley\Desktop\OTM.exe
[2011/09/10 15:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wesley\My Documents\Triathlon
[2011/08/26 19:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\PuTTY
[2011/08/26 18:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/08/26 18:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/07/09 11:21:57 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009/07/09 11:21:57 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2008/08/14 08:14:14 | 000,996,720 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\adobetmp00052276
[2008/08/14 08:14:14 | 000,079,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\adobetmp00042276
[1 C:\Documents and Settings\Wesley\Desktop\*.tmp files -> C:\Documents and Settings\Wesley\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/18 17:10:41 | 000,138,893 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/18 17:10:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/17 14:25:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/16 11:10:34 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wesley\Desktop\OTL.exe
[2011/09/16 10:59:35 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/16 10:50:04 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wesley\Desktop\OTM.exe
[2011/09/13 15:03:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/10 14:41:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/02 01:02:10 | 478,943,333 | ---- | M] () -- C:\Documents and Settings\Wesley\Desktop\MVI_1510.MOV
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/26 22:00:07 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Wesley\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/08/20 14:36:17 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[1 C:\Documents and Settings\Wesley\Desktop\*.tmp files -> C:\Documents and Settings\Wesley\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/04 22:55:40 | 478,943,333 | ---- | C] () -- C:\Documents and Settings\Wesley\Desktop\MVI_1510.MOV
[2011/07/20 17:02:48 | 000,074,292 | ---- | C] () -- C:\Documents and Settings\Wesley\Application Data\Setup.1.2.exe
[2010/09/04 08:06:39 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2010/02/03 15:11:09 | 006,080,184 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/12 20:33:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/28 13:31:53 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/07/09 11:21:57 | 000,015,478 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009/07/09 11:21:43 | 003,600,384 | ---- | C] () -- C:\WINDOWS\ffmpeg.exe
[2009/02/13 09:34:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Wesley\Local Settings\Application Data\PUTTY.RND
[2008/09/06 12:01:55 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2008/09/06 12:01:55 | 000,000,048 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
[2008/06/19 10:48:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/21 10:24:36 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/16 13:45:43 | 000,000,081 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/05/16 13:01:13 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/16 13:01:13 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/01 10:45:56 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Wesley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/25 03:54:51 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/04/24 09:29:30 | 001,394,452 | ---- | C] () -- C:\WINDOWS\System32\ExpansionHD_Firmware.bin
[2008/04/24 01:00:09 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008/04/23 14:07:52 | 000,019,830 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/04/23 14:07:47 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/04/23 14:07:44 | 000,019,578 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/04/23 14:07:23 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/04/23 14:00:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/23 13:56:53 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/23 11:54:06 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/23 06:40:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/23 06:39:29 | 007,270,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/09/17 01:07:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/17 01:07:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/09/17 01:07:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/17 01:07:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/09/17 01:07:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/17 01:07:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/17 01:07:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/09/17 01:07:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/09/17 01:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/04/24 15:31:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll
[2007/04/24 12:27:02 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UCMfg.exe
[2003/03/31 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 08:00:00 | 000,462,714 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 08:00:00 | 000,219,392 | ---- | C] () -- C:\WINDOWS\System32\wsivmxkl.dat
[2003/03/31 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 08:00:00 | 000,077,486 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/07/24 14:04:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\lhtool.exe
[1913/08/01 10:18:54 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/06/11 17:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/09/01 18:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2011/05/06 22:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2009/11/04 20:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/04/24 11:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2011/05/25 15:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2008/07/27 15:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/01/09 16:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/04/09 18:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2008/04/24 09:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Ableton
[2008/09/26 17:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Alien Skin
[2009/02/20 17:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Blender Foundation
[2010/07/01 22:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\DAEMON Tools Lite
[2011/06/06 15:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Digidesign
[2008/05/09 14:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\DTLink Software
[2010/07/01 22:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Facebook
[2010/09/01 18:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Final Draft
[2011/05/06 22:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Flip Video
[2009/12/16 12:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\GameRanger
[2011/01/04 16:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\GARMIN
[2009/01/22 20:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Juniper Networks
[2008/04/24 11:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\PACE Anti-Piracy
[2009/07/10 19:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Trillian
[2011/08/26 18:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\uTorrent
[2008/04/24 10:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\Waves Audio
[2008/05/16 11:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wesley\Application Data\WholeSecurity

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:9482CFB4

< End of report >

#7
wburrough

Posted 18 September 2011 - 03:21 PM

Member

Topic Starter
Member
43 posts

My internet also seems to be working now. Let me know if there is anything more i need to do. I can't thank you enough for all your help.

#8
Essexboy

Posted 18 September 2011 - 03:25 PM

GeekU Moderator

Retired Staff
69,964 posts

Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems. I would recommend you update to SP3 and IE8

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to this site and click Do I have Java
It will check your current version and then offer to update to the latest version

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :unsure:

#9
Essexboy

Posted 21 September 2011 - 12:44 PM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.