OTL logfile created on: 11/21/2009 7:02:52 PM - Run 1
OTL by OldTimer - Version 3.1.6.2 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16916)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.94 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 59.74% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.96 Gb Total Space | 118.40 Gb Free Space | 53.58% Space Free | Partition Type: NTFS
Drive D: | 11.93 Gb Total Space | 1.85 Gb Free Space | 15.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2009/11/21 19:01:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/27 09:04:53 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/27 06:24:26 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009/07/17 22:12:12 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/07/01 11:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/06/12 02:23:56 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/06/12 02:18:25 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\WmiPrvSE.exe
PRC - [2009/06/12 02:14:30 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/26 20:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/04 01:42:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvsvc.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/06/19 20:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2008/06/16 07:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/06/02 02:55:22 | 00,080,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
PRC - [2008/03/31 20:54:06 | 00,507,904 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe
PRC - [2008/02/14 14:37:58 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/01/29 21:19:32 | 00,073,728 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files\Winamp Remote\bin\Orb.exe
PRC - [2007/10/01 19:10:48 | 01,783,136 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2007/09/30 22:34:54 | 00,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2007/09/30 22:34:54 | 00,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2007/09/30 22:34:14 | 00,181,544 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2007/09/19 17:31:34 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/09/15 03:50:54 | 01,021,224 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/09/15 03:29:10 | 00,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/09/13 11:47:52 | 00,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/09/04 16:54:20 | 00,554,320 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
PRC - [2007/08/31 10:49:50 | 00,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/23 19:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/08/23 19:36:30 | 00,455,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2007/07/12 07:00:36 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2007/07/10 09:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe
PRC - [2007/06/05 09:28:57 | 00,988,256 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\EmbarqVALite\EMBARQHelpHelper.exe
PRC - [2007/05/16 13:43:06 | 00,677,432 | R--- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/01/09 05:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/01/08 18:53:06 | 00,311,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2006/11/02 07:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2006/11/02 07:36:04 | 00,201,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/05/02 18:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
========== Modules (SafeList) ========== MOD - [2009/11/21 19:01:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2006/11/02 04:38:57 | 01,648,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/11 00:54:24 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/04 01:42:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/07/27 13:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/19 20:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/06/19 20:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/06/19 20:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/06/16 07:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/02/14 14:37:58 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2007/09/30 22:34:54 | 00,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007/09/30 22:34:54 | 00,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007/08/31 14:15:06 | 00,176,128 | ---- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)
SRV - [2007/08/31 10:49:50 | 00,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 19:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/08/23 13:35:00 | 03,192,184 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/22 00:21:00 | 00,055,640 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/07/23 18:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/07/10 09:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/03/05 13:30:06 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/09 05:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/11/02 07:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 07:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2006/10/26 22:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/02 18:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)
SRV - [2005/04/04 02:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...a...n&pf=laptopIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...a...n&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...a...n&pf=laptopIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:01:29 | 00,000,000 | ---D | M]
[2009/06/11 01:05:23 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2009/06/11 01:05:23 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\
[email protected] O1 HOSTS File: (781 bytes) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 eco-av.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EmbarqVALite_McciTrayApp] C:\Program Files\EmbarqVALite\EMBARQHelpHelper.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mxcll] C:\ProgramData\eca\vec.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe File not found
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A}
http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}
http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/05 23:36:21 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\WINDOWS\System32\ias [2006/11/02 06:18:47 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ========== [2009/11/21 19:01:47 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2009/11/21 19:00:52 | 00,472,064 | ---- | C] ( ) -- C:\Users\Owner\Desktop\RootRepeal.exe
[2009/11/21 16:43:54 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2009/11/21 16:43:50 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/11/21 13:24:02 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Move Networks
[2009/11/21 13:10:32 | 00,000,000 | ---D | C] -- C:\ProgramData\eca
[2009/11/21 13:10:32 | 00,000,000 | ---D | C] -- C:\ProgramData\eca
[2009/11/13 01:27:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Temp
[2009/11/13 01:27:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Temp
[2009/11/08 20:20:09 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/08 20:20:06 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
========== Files - Modified Within 14 Days ========== [2009/11/21 19:02:09 | 01,835,008 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2009/11/21 19:01:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2009/11/21 19:01:09 | 00,034,816 | ---- | M] () -- C:\Windows\System32\drivers\rootrepeal.sys
[2009/11/21 19:01:09 | 00,000,000 | ---- | M] () -- C:\Users\Owner\settings.dat
[2009/11/21 19:01:01 | 00,472,064 | ---- | M] ( ) -- C:\Users\Owner\Desktop\RootRepeal.exe
[2009/11/21 18:52:34 | 00,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/11/21 18:51:57 | 00,081,883 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/21 18:51:33 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/21 18:51:33 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/21 18:51:31 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/21 18:51:29 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/21 18:51:24 | 20,792,48384 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/21 17:03:45 | 00,044,032 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/21 16:43:53 | 00,001,029 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2009/11/21 10:54:19 | 00,081,883 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/21 00:11:10 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/21 00:11:10 | 00,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/21 00:11:10 | 00,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/19 08:15:05 | 00,012,069 | ---- | M] () -- C:\Users\Owner\Desktop\Patrick Henry CC.pdf
[2009/11/19 00:13:05 | 00,006,944 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/11/16 20:15:08 | 00,000,546 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2009/11/15 21:03:44 | 00,073,959 | ---- | M] () -- C:\Users\Owner\Documents\fixed.jpg
[2009/11/12 01:11:31 | 00,311,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/08 20:21:20 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
========== Files Created - No Company Name ========== [2009/11/21 19:01:09 | 00,034,816 | ---- | C] () -- C:\Windows\System32\drivers\rootrepeal.sys
[2009/11/21 19:01:09 | 00,000,000 | ---- | C] () -- C:\Users\Owner\settings.dat
[2009/11/21 18:51:24 | 20,792,48384 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/21 16:43:53 | 00,001,029 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2009/11/19 08:15:03 | 00,012,069 | ---- | C] () -- C:\Users\Owner\Desktop\Patrick Henry CC.pdf
[2009/11/15 21:03:40 | 00,073,959 | ---- | C] () -- C:\Users\Owner\Documents\fixed.jpg
[2009/11/08 20:21:20 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/09/16 12:40:56 | 00,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/16 12:40:56 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/07/10 23:19:15 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/06/20 00:04:35 | 00,044,032 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/18 08:17:02 | 00,006,944 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/06/15 02:21:44 | 00,081,883 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/15 02:21:42 | 00,081,883 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/13 14:59:07 | 00,027,335 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.001
[2009/06/13 14:54:36 | 00,027,335 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.dat
[2009/06/10 14:41:31 | 00,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\QSwitch.txt
[2009/06/10 14:41:31 | 00,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\DSwitch.txt
[2009/06/10 14:41:31 | 00,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\AtStart.txt
[2009/06/10 14:41:28 | 00,076,568 | ---- | C] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/01/31 18:18:04 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/12/05 23:51:03 | 00,000,371 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 07:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 00,716,948 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006/11/02 05:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 05:24:31 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 05:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:23:38 | 00,055,858 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:09:45 | 00,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006/11/02 02:09:44 | 00,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 02:09:44 | 00,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 02:09:42 | 00,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006/11/02 02:09:41 | 00,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 02:09:40 | 00,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 02:09:38 | 00,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 02:09:35 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 02:09:31 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 02:09:29 | 00,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 02:09:26 | 00,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 02:09:24 | 00,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 02:09:23 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 02:09:22 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006/11/02 02:09:20 | 00,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 01:47:51 | 00,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2006/11/02 01:25:08 | 00,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2006/03/09 17:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
========== LOP Check ========== [2009/07/21 21:25:32 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2009/06/13 15:05:42 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Adobe
[2009/11/03 11:27:10 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2009/10/23 09:55:17 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ashampoo
[2009/07/25 13:40:41 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CyberLink
[2009/06/12 01:30:49 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hewlett-Packard
[2009/06/10 14:45:25 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HP
[2009/06/10 14:40:43 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Identities
[2009/11/20 08:27:48 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LimeWire
[2009/06/10 14:39:43 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Macromedia
[2009/08/17 12:29:35 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2006/11/02 07:37:34 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Media Center Programs
[2009/11/19 08:29:52 | 00,000,000 | --SD | M] -- C:\Users\Owner\AppData\Roaming\Microsoft
[2009/11/21 13:24:03 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Move Networks
[2009/06/11 01:05:23 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla
[2009/06/10 14:41:28 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Symantec
[2009/11/21 16:43:54 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2009/06/10 21:50:33 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent
[2009/08/30 02:06:11 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Winamp
[2009/06/13 14:39:12 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinRAR
[2009/06/11 01:14:29 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Yahoo!
[2009/11/16 20:15:08 | 00,000,546 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2009/11/21 18:51:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/21 18:42:47 | 00,032,586 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\eventlog.dll /s /md5 >[2007/01/13 01:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
< %SYSTEMDRIVE%\scecli.dll /s /md5 >[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\System32\scecli.dll
[2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\System32\netlogon.dll
[2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 >[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
< %SYSTEMDRIVE%\atapi.sys /s /md5 >[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009/06/12 02:24:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\drivers\atapi.sys
[2009/06/12 02:24:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/06/12 02:24:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009/06/12 02:24:29 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 >[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2007/12/06 00:08:49 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/12/06 00:08:49 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2007/12/06 00:08:48 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > < %SYSTEMDRIVE%\nvatabus.sys /s /md5 > < %SYSTEMDRIVE%\viamraid.sys /s /md5 > < %SYSTEMDRIVE%\nvata.sys /s /md5 >< End of report >