Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ECO ANTIVIRUS

Started by 071966 , Nov 21 2009 04:43 PM

  • Please log in to reply

#1
071966
Posted 21 November 2009 - 04:43 PM

071966

    New Member

  • Member
  • Pip
  • 2 posts
i have tried anti-malware and tried deleting registry files.. but it doesnt work for me.

Malwarebytes' Anti-Malware 1.41
Database version: 3210
Windows 6.0.6000

11/21/2009 5:33:40 PM
mbam-log-2009-11-21 (17-33-40).txt

Scan type: Quick Scan
Objects scanned: 92528
Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\wstech.wstechb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wstech.wstechb.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\WStech.DLL (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

#2
071966
Posted 21 November 2009 - 06:21 PM

071966

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
OTL logfile created on: 11/21/2009 7:02:52 PM - Run 1
OTL by OldTimer - Version 3.1.6.2 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16916)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 59.74% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.96 Gb Total Space | 118.40 Gb Free Space | 53.58% Space Free | Partition Type: NTFS
Drive D: | 11.93 Gb Total Space | 1.85 Gb Free Space | 15.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/21 19:01:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/27 09:04:53 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/27 06:24:26 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009/07/17 22:12:12 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/07/01 11:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/06/12 02:23:56 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/06/12 02:18:25 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\WmiPrvSE.exe
PRC - [2009/06/12 02:14:30 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/26 20:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/04 01:42:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvsvc.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/06/19 20:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2008/06/16 07:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/06/02 02:55:22 | 00,080,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
PRC - [2008/03/31 20:54:06 | 00,507,904 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe
PRC - [2008/02/14 14:37:58 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/01/29 21:19:32 | 00,073,728 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files\Winamp Remote\bin\Orb.exe
PRC - [2007/10/01 19:10:48 | 01,783,136 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2007/09/30 22:34:54 | 00,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2007/09/30 22:34:54 | 00,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2007/09/30 22:34:14 | 00,181,544 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2007/09/19 17:31:34 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/09/15 03:50:54 | 01,021,224 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/09/15 03:29:10 | 00,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/09/13 11:47:52 | 00,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/09/04 16:54:20 | 00,554,320 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
PRC - [2007/08/31 10:49:50 | 00,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/23 19:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/08/23 19:36:30 | 00,455,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2007/07/12 07:00:36 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2007/07/10 09:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe
PRC - [2007/06/05 09:28:57 | 00,988,256 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\EmbarqVALite\EMBARQHelpHelper.exe
PRC - [2007/05/16 13:43:06 | 00,677,432 | R--- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/01/09 05:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/01/08 18:53:06 | 00,311,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2006/11/02 07:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2006/11/02 07:36:04 | 00,201,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/05/02 18:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe


========== Modules (SafeList) ==========

MOD - [2009/11/21 19:01:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2006/11/02 04:38:57 | 01,648,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/11 00:54:24 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/04 01:42:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/07/27 13:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/19 20:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/06/19 20:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/06/19 20:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/06/16 07:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/02/14 14:37:58 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2007/09/30 22:34:54 | 00,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007/09/30 22:34:54 | 00,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007/08/31 14:15:06 | 00,176,128 | ---- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)
SRV - [2007/08/31 10:49:50 | 00,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 19:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/08/23 13:35:00 | 03,192,184 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/22 00:21:00 | 00,055,640 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/07/23 18:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/07/10 09:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/03/05 13:30:06 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/09 05:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/11/02 07:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 07:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2006/10/26 22:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/02 18:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)
SRV - [2005/04/04 02:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:01:29 | 00,000,000 | ---D | M]

[2009/06/11 01:05:23 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2009/06/11 01:05:23 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: (781 bytes) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 eco-av.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EmbarqVALite_McciTrayApp] C:\Program Files\EmbarqVALite\EMBARQHelpHelper.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mxcll] C:\ProgramData\eca\vec.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe File not found
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/05 23:36:21 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\WINDOWS\System32\ias [2006/11/02 06:18:47 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/11/21 19:01:47 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2009/11/21 19:00:52 | 00,472,064 | ---- | C] ( ) -- C:\Users\Owner\Desktop\RootRepeal.exe
[2009/11/21 16:43:54 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2009/11/21 16:43:50 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/11/21 13:24:02 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Move Networks
[2009/11/21 13:10:32 | 00,000,000 | ---D | C] -- C:\ProgramData\eca
[2009/11/21 13:10:32 | 00,000,000 | ---D | C] -- C:\ProgramData\eca
[2009/11/13 01:27:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Temp
[2009/11/13 01:27:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Temp
[2009/11/08 20:20:09 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/08 20:20:06 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes

========== Files - Modified Within 14 Days ==========

[2009/11/21 19:02:09 | 01,835,008 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2009/11/21 19:01:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2009/11/21 19:01:09 | 00,034,816 | ---- | M] () -- C:\Windows\System32\drivers\rootrepeal.sys
[2009/11/21 19:01:09 | 00,000,000 | ---- | M] () -- C:\Users\Owner\settings.dat
[2009/11/21 19:01:01 | 00,472,064 | ---- | M] ( ) -- C:\Users\Owner\Desktop\RootRepeal.exe
[2009/11/21 18:52:34 | 00,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/11/21 18:51:57 | 00,081,883 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/21 18:51:33 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/21 18:51:33 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/21 18:51:31 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/21 18:51:29 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/21 18:51:24 | 20,792,48384 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/21 17:03:45 | 00,044,032 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/21 16:43:53 | 00,001,029 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2009/11/21 10:54:19 | 00,081,883 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/21 00:11:10 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/21 00:11:10 | 00,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/21 00:11:10 | 00,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/19 08:15:05 | 00,012,069 | ---- | M] () -- C:\Users\Owner\Desktop\Patrick Henry CC.pdf
[2009/11/19 00:13:05 | 00,006,944 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/11/16 20:15:08 | 00,000,546 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2009/11/15 21:03:44 | 00,073,959 | ---- | M] () -- C:\Users\Owner\Documents\fixed.jpg
[2009/11/12 01:11:31 | 00,311,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/08 20:21:20 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2009/11/21 19:01:09 | 00,034,816 | ---- | C] () -- C:\Windows\System32\drivers\rootrepeal.sys
[2009/11/21 19:01:09 | 00,000,000 | ---- | C] () -- C:\Users\Owner\settings.dat
[2009/11/21 18:51:24 | 20,792,48384 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/21 16:43:53 | 00,001,029 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2009/11/19 08:15:03 | 00,012,069 | ---- | C] () -- C:\Users\Owner\Desktop\Patrick Henry CC.pdf
[2009/11/15 21:03:40 | 00,073,959 | ---- | C] () -- C:\Users\Owner\Documents\fixed.jpg
[2009/11/08 20:21:20 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/09/16 12:40:56 | 00,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/16 12:40:56 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/07/10 23:19:15 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/06/20 00:04:35 | 00,044,032 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/18 08:17:02 | 00,006,944 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/06/15 02:21:44 | 00,081,883 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/15 02:21:42 | 00,081,883 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/13 14:59:07 | 00,027,335 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.001
[2009/06/13 14:54:36 | 00,027,335 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.dat
[2009/06/10 14:41:31 | 00,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\QSwitch.txt
[2009/06/10 14:41:31 | 00,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\DSwitch.txt
[2009/06/10 14:41:31 | 00,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\AtStart.txt
[2009/06/10 14:41:28 | 00,076,568 | ---- | C] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/01/31 18:18:04 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/12/05 23:51:03 | 00,000,371 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 07:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 00,716,948 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006/11/02 05:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 05:24:31 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 05:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:23:38 | 00,055,858 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:09:45 | 00,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006/11/02 02:09:44 | 00,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 02:09:44 | 00,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 02:09:42 | 00,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006/11/02 02:09:41 | 00,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 02:09:40 | 00,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 02:09:38 | 00,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 02:09:35 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 02:09:31 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 02:09:29 | 00,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 02:09:26 | 00,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 02:09:24 | 00,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 02:09:23 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 02:09:22 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006/11/02 02:09:20 | 00,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 01:47:51 | 00,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2006/11/02 01:25:08 | 00,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2006/03/09 17:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/07/21 21:25:32 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2009/06/13 15:05:42 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Adobe
[2009/11/03 11:27:10 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2009/10/23 09:55:17 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ashampoo
[2009/07/25 13:40:41 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CyberLink
[2009/06/12 01:30:49 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hewlett-Packard
[2009/06/10 14:45:25 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HP
[2009/06/10 14:40:43 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Identities
[2009/11/20 08:27:48 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LimeWire
[2009/06/10 14:39:43 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Macromedia
[2009/08/17 12:29:35 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2006/11/02 07:37:34 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Media Center Programs
[2009/11/19 08:29:52 | 00,000,000 | --SD | M] -- C:\Users\Owner\AppData\Roaming\Microsoft
[2009/11/21 13:24:03 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Move Networks
[2009/06/11 01:05:23 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla
[2009/06/10 14:41:28 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Symantec
[2009/11/21 16:43:54 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2009/06/10 21:50:33 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent
[2009/08/30 02:06:11 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Winamp
[2009/06/13 14:39:12 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinRAR
[2009/06/11 01:14:29 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Yahoo!
[2009/11/16 20:15:08 | 00,000,546 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2009/11/21 18:51:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/21 18:42:47 | 00,032,586 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2007/01/13 01:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\System32\scecli.dll
[2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\System32\netlogon.dll
[2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009/06/12 02:24:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\drivers\atapi.sys
[2009/06/12 02:24:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/06/12 02:24:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009/06/12 02:24:29 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2007/12/06 00:08:49 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/12/06 00:08:49 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2007/12/06 00:08:48 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >
< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP