Hi, thanks for responding to my thread.
Here is the results after following your instructions.
Thanks again!
OTL logfile created on: 18/12/2010 00:05:51 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Dave\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 67.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.63 Gb Total Space | 194.23 Gb Free Space | 27.80% Space Free | Partition Type: NTFS
Drive D: | 698.63 Gb Total Space | 163.81 Gb Free Space | 23.45% Space Free | Partition Type: NTFS
Drive F: | 18.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2010/12/17 23:57:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/28 20:04:34 | 000,328,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/04/03 15:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/12/30 17:47:38 | 000,523,408 | ---- | M] (Corel, Inc.) -- C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2009/12/29 13:54:56 | 000,105,632 | ---- | M] (Corel) -- C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
PRC - [2009/06/18 23:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/07/31 14:57:10 | 000,065,536 | ---- | M] (ASUSTeK) -- C:\Program Files (x86)\ASUS\P7131\Remote Control\P7131RemoteAppl.exe
PRC - [2008/07/30 19:41:42 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\P7131\Remote Control\RCService64.exe
PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
========== Modules (SafeList) ========== MOD - [2010/12/17 23:57:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
MOD - [2010/09/20 19:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\asoehook.dll
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/07/28 13:51:14 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010/07/28 13:51:14 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
========== Win32 Services (SafeList) ========== SRV:
64bit: - [2010/05/06 09:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:
64bit: - [2010/02/26 07:30:55 | 000,842,056 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV:
64bit: - [2010/02/26 07:30:52 | 000,506,696 | ---- | M] (TuneUp Software) [On_Demand | Running] -- C:\Windows\SysNative\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV:
64bit: - [2009/11/16 11:25:48 | 000,035,144 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:
64bit: - [2008/07/30 19:41:42 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\P7131\Remote Control\RCService64.exe -- (RCSERVICE)
SRV:
64bit: - [2008/01/21 02:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/03 15:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/28 19:26:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2009/11/16 11:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/06/18 23:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/03/30 04:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/07/10 13:43:28 | 000,593,000 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService)
========== Driver Services (SafeList) ========== DRV:
64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:
64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:
64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:
64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:
64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:
64bit: - [2010/05/06 04:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1108000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV:
64bit: - [2010/05/06 04:01:44 | 000,053,808 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:
64bit: - [2010/04/29 05:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\Ironx64.SYS -- (SymIRON)
DRV:
64bit: - [2010/04/22 03:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\SYMEFA64.SYS -- (SymEFA)
DRV:
64bit: - [2010/04/22 02:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1108000.005\SRTSP64.SYS -- (SRTSP)
DRV:
64bit: - [2010/04/22 02:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:
64bit: - [2010/03/28 12:17:41 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:
64bit: - [2010/03/18 09:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:
64bit: - [2010/03/18 09:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:
64bit: - [2010/02/26 00:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\ccHPx64.sys -- (ccHP)
DRV:
64bit: - [2010/02/25 15:22:54 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:
64bit: - [2009/12/17 17:07:10 | 003,110,528 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\3xHybr64.sys -- (3xHybr64)
DRV:
64bit: - [2009/12/08 23:03:58 | 000,569,792 | ---- | M] (Echo Digital Audio Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\echo24.sys -- (Echo24)
DRV:
64bit: - [2009/10/01 00:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:
64bit: - [2009/08/30 00:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\SYMDS64.SYS -- (SymDS)
DRV:
64bit: - [2009/06/16 18:38:04 | 000,343,360 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\V0560Vid.sys -- (V0560Vid)
DRV:
64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:
64bit: - [2008/08/12 15:50:48 | 000,159,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:
64bit: - [2008/01/21 02:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:
64bit: - [2007/12/17 11:30:02 | 000,339,968 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RTL8187.sys -- (RTL8187)
DRV:
64bit: - [2007/10/03 08:18:20 | 000,136,704 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:
64bit: - [2007/04/03 18:30:14 | 001,418,112 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Ph3xIB64.sys -- (Ph3xIB64)
DRV:
64bit: - [2007/02/05 17:36:48 | 000,049,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV:
64bit: - [2006/11/10 13:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATITool64.sys -- (ATITool)
DRV:
64bit: - [2006/09/18 21:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/12/17 10:19:24 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101217.002\EX64.SYS -- (NAVEX15)
DRV - [2010/12/17 10:19:23 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101217.002\ENG64.SYS -- (NAVENG)
DRV - [2010/12/14 15:40:04 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/12/14 15:40:04 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/11/23 02:20:07 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/11/09 00:50:27 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101215.001\IDSviA64.sys -- (IDSVia64)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1671454532-1850210853-583735059-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://uk.msn.com/?ocid=iehpIE - HKU\S-1-5-21-1671454532-1850210853-583735059-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1671454532-1850210853-583735059-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 D8 33 E7 ED ED CA 01 [binary data]
IE - HKU\S-1-5-21-1671454532-1850210853-583735059-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1671454532-1850210853-583735059-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1671454532-1850210853-583735059-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/25 22:13:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/02/25 15:23:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/10 14:51:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/10 14:51:18 | 000,000,000 | ---D | M]
[2010/02/25 12:55:30 | 000,000,000 | -H-D | M] -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
[2010/12/17 10:28:01 | 000,000,000 | -H-D | M] -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ocgfb4ud.default\extensions
[2010/07/10 19:08:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ocgfb4ud.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/04 11:51:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ocgfb4ud.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/25 00:00:17 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ocgfb4ud.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/05/30 20:13:44 | 000,000,000 | -H-D | M] -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ocgfb4ud.default\extensions\
[email protected][2010/08/22 19:37:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/22 19:37:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 16:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/09/22 09:20:34 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/22 09:20:34 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/22 09:20:34 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/22 09:20:34 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2006/09/18 21:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1671454532-1850210853-583735059-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4:
64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:
64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [P7131Appl] C:\Program Files (x86)\ASUS\P7131\Remote Control\P7131RemoteAppl.exe (ASUSTeK)
O4 - HKLM..\Run: [Standby] C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1671454532-1850210853-583735059-1000..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKU\S-1-5-21-1671454532-1850210853-583735059-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dave\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dave\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6d91ab57-88e0-11df-84bb-0019666f9c33}\Shell - "" = AutoRun
O33 - MountPoints2\{6d91ab57-88e0-11df-84bb-0019666f9c33}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:
64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
========== Files/Folders - Created Within 30 Days ========== [2010/12/17 23:57:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2010/12/17 15:02:35 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Malwarebytes
[2010/12/17 15:02:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/17 15:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/17 15:00:29 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/17 15:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/12/14 16:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/14 16:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/12/12 22:15:43 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\CDJ-900v320
[2010/12/01 23:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/01 23:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/01 23:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/12/01 23:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/12/01 23:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/12/01 20:50:00 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\redsn0w_win_0.9.6b5
[2010/11/29 23:23:49 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\redsn0w_win_0.9.6b4
[2010/11/29 19:55:33 | 000,000,000 | ---D | C] -- C:\Users\Dave\Logitech
[2010/11/29 19:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control Software Common
[2010/11/29 19:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2010/11/29 19:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control USB Driver
[2010/11/24 22:22:10 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\Beatport.Artist.Deadmau5.Tracks-SDT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/12/18 00:00:19 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\NeroLiveEpgUpdate-Dave-PC_Dave.job
[2010/12/18 00:00:00 | 000,000,520 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2010/12/17 23:57:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2010/12/17 23:19:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/17 22:25:31 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/17 22:25:31 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/17 21:53:53 | 000,188,928 | -H-- | M] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/17 20:10:42 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1F22FAB9-F4F8-4795-A4B0-EAE2690573F3}.job
[2010/12/17 15:02:05 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/17 14:52:13 | 000,097,141 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/12/17 14:52:11 | 000,097,141 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/12/17 14:52:04 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/17 14:25:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/17 10:08:18 | 002,212,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/15 02:19:42 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/12/14 21:47:51 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/14 21:47:51 | 000,608,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/14 21:47:51 | 000,108,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/14 16:52:29 | 000,001,097 | ---- | M] () -- C:\Users\Dave\Desktop\Spybot - Search & Destroy.lnk
[2010/12/09 17:26:13 | 183,607,296 | ---- | M] () -- C:\Users\Dave\Desktop\30.rock.510.hdtv-lol.avi
[2010/12/06 15:00:23 | 367,699,640 | ---- | M] () -- C:\Users\Dave\Desktop\the.vampire.diaries.s02e09.hdtv.xvid-2hd.avi
[2010/12/06 14:56:11 | 001,534,459 | ---- | M] () -- C:\Users\Dave\Desktop\de.jpg
[2010/12/04 08:51:15 | 000,933,944 | ---- | M] () -- C:\Users\Dave\Desktop\2411_lifesaver_1920x1080.jpg
[2010/12/02 14:50:04 | 009,587,576 | ---- | M] () -- C:\Users\Dave\Desktop\DSC01943.ARW
[2010/12/02 13:10:37 | 003,595,195 | ---- | M] () -- C:\Users\Dave\Desktop\neveysnow3.jpg
[2010/12/02 13:08:19 | 004,027,626 | ---- | M] () -- C:\Users\Dave\Desktop\neveysnow2.jpg
[2010/12/02 13:06:10 | 003,949,356 | ---- | M] () -- C:\Users\Dave\Desktop\kelsnow2.jpg
[2010/12/02 12:58:12 | 003,606,675 | ---- | M] () -- C:\Users\Dave\Desktop\nevey1.jpg
[2010/12/02 12:55:46 | 000,817,709 | ---- | M] () -- C:\Users\Dave\Desktop\kelnevesnow.jpg
[2010/12/02 12:52:47 | 001,198,275 | ---- | M] () -- C:\Users\Dave\Desktop\kelsnow.jpg
[2010/12/02 12:43:30 | 000,004,182 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/01 23:48:09 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/29 23:31:51 | 338,579,762 | ---- | M] () -- C:\Users\Dave\Desktop\iPhone1,2_4.2.1_8C148_Restore.ipsw
[2010/11/29 23:23:50 | 015,240,704 | ---- | M] () -- C:\Users\Dave\Desktop\redsn0w.exe
[2010/11/29 23:07:03 | 479,001,595 | ---- | M] () -- C:\Users\Dave\Desktop\iPad1,1_3.2.2_7B500_Restore.ipsw
[2010/11/29 19:55:30 | 000,002,192 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/24 15:39:56 | 039,725,817 | ---- | M] () -- C:\Users\Dave\Desktop\dave house 2.mp3
[2010/11/21 22:59:00 | 035,947,904 | ---- | M] () -- C:\Users\Dave\Desktop\Dave House.mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/12/17 16:26:45 | 183,339,420 | ---- | C] () -- C:\Users\Dave\Desktop\cougar.town.s02e08.hdtv.xvid-fqm.avi
[2010/12/17 15:42:37 | 183,095,296 | ---- | C] () -- C:\Users\Dave\Desktop\cougar.town.207.hdtv-lol.avi
[2010/12/17 15:02:05 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/14 19:26:42 | 183,607,296 | ---- | C] () -- C:\Users\Dave\Desktop\30.rock.510.hdtv-lol.avi
[2010/12/14 16:52:29 | 000,001,097 | ---- | C] () -- C:\Users\Dave\Desktop\Spybot - Search & Destroy.lnk
[2010/12/06 14:56:09 | 001,534,459 | ---- | C] () -- C:\Users\Dave\Desktop\de.jpg
[2010/12/04 08:51:10 | 000,933,944 | ---- | C] () -- C:\Users\Dave\Desktop\2411_lifesaver_1920x1080.jpg
[2010/12/02 13:10:32 | 003,595,195 | ---- | C] () -- C:\Users\Dave\Desktop\neveysnow3.jpg
[2010/12/02 13:08:15 | 004,027,626 | ---- | C] () -- C:\Users\Dave\Desktop\neveysnow2.jpg
[2010/12/02 13:06:06 | 003,949,356 | ---- | C] () -- C:\Users\Dave\Desktop\kelsnow2.jpg
[2010/12/02 12:58:07 | 003,606,675 | ---- | C] () -- C:\Users\Dave\Desktop\nevey1.jpg
[2010/12/02 12:55:43 | 000,817,709 | ---- | C] () -- C:\Users\Dave\Desktop\kelnevesnow.jpg
[2010/12/02 12:52:44 | 001,198,275 | ---- | C] () -- C:\Users\Dave\Desktop\kelsnow.jpg
[2010/12/02 12:41:01 | 009,587,576 | ---- | C] () -- C:\Users\Dave\Desktop\DSC01943.ARW
[2010/12/01 23:48:08 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/01 12:37:26 | 367,699,640 | ---- | C] () -- C:\Users\Dave\Desktop\the.vampire.diaries.s02e09.hdtv.xvid-2hd.avi
[2010/11/29 23:25:44 | 338,579,762 | ---- | C] () -- C:\Users\Dave\Desktop\iPhone1,2_4.2.1_8C148_Restore.ipsw
[2010/11/29 22:58:29 | 479,001,595 | ---- | C] () -- C:\Users\Dave\Desktop\iPad1,1_3.2.2_7B500_Restore.ipsw
[2010/11/29 19:55:30 | 000,002,192 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk
[2010/11/24 15:36:55 | 039,725,817 | ---- | C] () -- C:\Users\Dave\Desktop\dave house 2.mp3
[2010/11/23 01:46:04 | 015,240,704 | ---- | C] () -- C:\Users\Dave\Desktop\redsn0w.exe
[2010/09/26 22:15:41 | 000,000,008 | RHS- | C] () -- C:\ProgramData\30C29E5FC8.sys
[2010/09/26 19:16:59 | 000,004,182 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/07/28 14:13:47 | 000,422,024 | ---- | C] () -- C:\Users\Dave\AppData\Local\dd_vcredistMSI1C3A.txt
[2010/07/28 14:13:47 | 000,011,688 | ---- | C] () -- C:\Users\Dave\AppData\Local\dd_vcredistUI1C3A.txt
[2010/07/28 13:53:03 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/07/19 20:20:22 | 000,434,136 | ---- | C] () -- C:\Users\Dave\AppData\Local\dd_vcredistMSI7596.txt
[2010/07/19 20:20:21 | 000,011,474 | ---- | C] () -- C:\Users\Dave\AppData\Local\dd_vcredistUI7596.txt
[2010/05/26 19:54:07 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/04/27 21:52:18 | 000,427,590 | -H-- | C] () -- C:\Users\Dave\AppData\Local\dd_vcredistMSI66EA.txt
[2010/04/27 21:52:17 | 000,011,398 | -H-- | C] () -- C:\Users\Dave\AppData\Local\dd_vcredistUI66EA.txt
[2010/03/29 16:57:46 | 000,000,165 | -H-- | C] () -- C:\Users\Dave\AppData\Roaming\default.rss
[2010/02/28 18:47:52 | 000,001,860 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/02/28 11:51:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/02/28 11:50:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/02/25 21:36:44 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/02/25 19:27:07 | 000,188,928 | -H-- | C] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/25 19:25:04 | 000,097,141 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/02/25 19:25:03 | 000,097,141 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/02/25 07:18:15 | 000,000,732 | -H-- | C] () -- C:\Users\Dave\AppData\Local\d3d9caps64.dat
[2008/01/21 02:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
========== LOP Check ========== [2010/07/19 17:36:36 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\C303145C417C5541F69AA17A290027B3
[2010/03/28 12:31:18 | 000,000,000 | -H-D | M] -- C:\Users\Dave\AppData\Roaming\DAEMON Tools Lite
[2010/10/18 19:23:43 | 000,000,000 | -H-D | M] -- C:\Users\Dave\AppData\Roaming\Echo PCI Console
[2010/07/19 20:23:11 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Leadertech
[2010/05/30 19:51:21 | 000,000,000 | -H-D | M] -- C:\Users\Dave\AppData\Roaming\Music Label
[2010/04/27 21:55:33 | 000,000,000 | -H-D | M] -- C:\Users\Dave\AppData\Roaming\OpenOffice.org
[2010/08/15 17:45:17 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\OTi
[2010/11/01 22:28:48 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Pioneer
[2010/02/26 07:24:45 | 000,000,000 | -H-D | M] -- C:\Users\Dave\AppData\Roaming\TuneUp Software
[2010/09/26 19:23:16 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Ulead Systems
[2010/12/18 00:07:39 | 000,000,000 | -H-D | M] -- C:\Users\Dave\AppData\Roaming\uTorrent
[2010/12/18 00:00:00 | 000,000,520 | ---- | M] () -- C:\Windows\Tasks\1-Click Maintenance.job
[2010/12/17 12:21:24 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/17 20:10:42 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1F22FAB9-F4F8-4795-A4B0-EAE2690573F3}.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe >[2007/11/07 07:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< MD5 for: EXPLORER.EXE >[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 06:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 07:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 07:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/28 02:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 06:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 05:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/21 02:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/21 02:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
< MD5 for: SVCHOST.EXE >[2008/01/21 02:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/21 02:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/21 02:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/21 02:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/21 02:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/21 02:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/21 02:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/21 02:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/04/11 07:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/21 02:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 02:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< %systemroot%\*. /mp /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Dave\Desktop\the.vampire.diaries.s02e09.hdtv.xvid-2hd.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Dave\Desktop\jmj-dup-cd1.avi:TOC.WMV
< End of report >