Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vista x64 Firewall shuts down at startup, unable to restart using Admi

Started by LukeSumthinShiny , Feb 18 2011 11:30 PM

  • Please log in to reply

#1
LukeSumthinShiny
Posted 18 February 2011 - 11:30 PM

LukeSumthinShiny

    New Member

  • Member
  • Pip
  • 1 posts
Hello, I hope I am complying with the posting requirements here. This looks like a great resource that I found earlier tonight from the "Analyze This" button on HiJack This.
My computer is HP DV7, running x64 Vista SP2. 4 GB Ram, 500GB HD, 2.2GHz - I am running Avast 5.0 Free Antivirus, and regularly use Advanced system care 3.7.3 free, and SuperAntiSpyware free. A couple days ago I was exploring CNEt.com and noticed an advertisement for the AVAST Internet Security Program. It offered a free version, which included an integrated firewall. I downloaded it, and installed it.
After installing it, and restarting my computer, I noticed that the red security center shield icon started appearing after starting the machine. I clicked to find out that the firewall was turned off, and since Avast was providing firewall protection, I indicated to Windows security center that I had a firewall I would monitor myself.
After installing Avast Internet Security, however, I could only get to secure sites. I tried to find and adjust firewall settings for Avast, and couldn't. I figured I didn't know enough about it yet to adjust it, so I would just un-install the avast internet security, while maintaining the Avast Antivirus. Even after the un-install, and restart, the no firewall notification appears. I try to start the firewall through the security center, and it fails, I try it manually, and it fails. I tried using admin tools to start, and restarting the firewall and related services with no luck.

Avast later today, alerted me that it had detected a rootkit, and recommended a full scan, which completed in about 3 hours. It appears the rootkit was contained, and quarantined, and the system seems to startup and operate okay, but still with the firewall notification. I have since run malwarebytes which found and eliminated 3 threats.

I have also run OTL, and the OTL.txt file contents are listed here.

OTL logfile created on: 2/18/2011 10:35:42 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Jeffrey\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.71 Gb Total Space | 185.87 Gb Free Space | 41.15% Space Free | Partition Type: NTFS
Drive D: | 14.05 Gb Total Space | 0.03 Gb Free Space | 0.22% Space Free | Partition Type: NTFS

Computer Name: DJJAZZYJEFF17 | User Name: Jeffrey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/18 22:23:23 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jeffrey\Desktop\OldTimersList.exe
PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/21 15:43:24 | 000,198,864 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
PRC - [2010/07/09 17:08:04 | 002,712,920 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit SmartDefrag\IObit SmartDefrag.exe
PRC - [2010/06/11 17:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/12/22 09:43:06 | 000,771,472 | ---- | M] (Hitachi Software Engineering Co., Ltd.) -- C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Driver\DGBoard.exe
PRC - [2008/12/02 20:28:22 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/13 10:42:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Software\StarBoardControlBox.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2011/02/18 22:23:23 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jeffrey\Desktop\OldTimersList.exe
MOD - [2011/01/13 03:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/28 11:31:04 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe -- (NitroReaderDriverReadSpool)
SRV:64bit: - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/10/04 21:41:26 | 001,436,424 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/16 15:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/05/27 11:59:40 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/05/07 21:01:47 | 000,662,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\atwtusb.exe -- (WTService)
SRV:64bit: - [2010/01/22 18:42:18 | 000,673,792 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe -- (mitsijm2011)
SRV:64bit: - [2009/08/14 09:10:25 | 000,010,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tcpsvcs.exe -- (simptcp)
SRV:64bit: - [2009/08/13 16:09:38 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/04/11 02:10:58 | 000,081,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2009/04/11 02:10:54 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2009/04/11 02:10:28 | 000,190,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqtgsvc.exe -- (MSMQTriggers)
SRV:64bit: - [2009/01/31 05:01:52 | 000,083,240 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [Disabled | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2008/12/10 15:37:26 | 000,252,712 | ---- | M] () [Auto | Running] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2009)
SRV:64bit: - [2008/07/29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2008/01/20 21:52:05 | 000,521,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ntmssvc.dll -- (NtmsSvc)
SRV:64bit: - [2008/01/20 21:52:05 | 000,041,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV:64bit: - [2008/01/20 21:51:30 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\wmsvc.exe -- (WMSvc)
SRV:64bit: - [2008/01/20 21:51:26 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/03/12 16:05:42 | 000,213,584 | ---- | M] (CANON INC.) [Disabled | Stopped] -- C:\Windows\SysNative\cnwiols6.exe -- (iPFDeviceAgentService)
SRV:64bit: - [2006/11/02 10:04:59 | 000,034,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV:64bit: - [2006/11/02 10:04:59 | 000,011,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV:64bit: - [2006/11/02 10:03:41 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/01/03 21:35:40 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010/12/10 10:01:28 | 000,317,720 | ---- | M] (Speedbit Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2010/10/01 05:54:44 | 001,045,256 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/19 18:52:27 | 000,407,336 | ---- | M] (Valve Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/11 17:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 11:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/11 16:52:49 | 000,079,360 | ---- | M] (SolidWorks) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/08/14 08:49:20 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/04/11 01:28:04 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/26 18:55:12 | 000,368,288 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWow64\atwtusb.exe -- (WTService)
SRV - [2008/12/02 20:28:22 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/13 03:05:48 | 001,539,224 | ---- | M] (Autodesk, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/12/10 22:41:14 | 000,843,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/13 03:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/01 13:42:21 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2010/07/16 15:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 15:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/05/27 21:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/27 12:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/05/27 12:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/27 11:25:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/12/30 11:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/02 02:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/08/26 00:15:10 | 000,007,552 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\walvhid.sys -- (vhidmini)
DRV:64bit: - [2009/08/13 16:09:38 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/11 00:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/03/25 21:19:20 | 000,083,776 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009/03/25 21:19:20 | 000,063,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/03/08 06:16:14 | 000,007,680 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\moufiltr.sys -- (moufiltr)
DRV:64bit: - [2008/11/21 21:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/10/27 19:40:02 | 001,164,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/08/18 15:25:22 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2008/07/21 05:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/05/28 16:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/04/28 00:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/01/24 08:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 21:51:49 | 000,167,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008/11/28 20:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/08/01 20:59:09] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C1 61 71 01 26 D1 38 4D B7 F1 6D B3 08 42 E5 99 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://www.google.co...|www.ebay.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.6
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6
FF - prefs.js..extensions.enabledItems: {cdd09450-7280-11de-8a39-0800200c9a66}:0.82
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.22.5
FF - prefs.js..extensions.enabledItems: {28197867-b1ef-4140-8e3b-55c45b9c8460}:2.6.11
FF - prefs.js..extensions.enabledItems: {a6e4a4eb-d169-4e99-8988-250fcbafe767}:2.5.6.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0.20091223
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {31387338-a9a2-4c43-bc21-222daa42b854}:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {732A141A-E40A-45c7-8F12-520284102A7D}:1.2
FF - prefs.js..extensions.enabledItems: {732A141A-E40A-45c7-8F12-520284102A7E}:1.2
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.5
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\firefox\
FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox [2011/02/17 14:00:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\SearchPredict\PRFireFox [2011/02/17 14:00:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/15 20:58:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/17 13:02:33 | 000,000,000 | ---D | M]

[2011/02/12 21:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/12 21:55:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/17 14:00:40 | 000,000,000 | ---D | M] (SearchPredict) -- C:\PROGRAM FILES (X86)\SEARCHPREDICT\PRFIREFOX
[2011/02/17 14:00:46 | 000,000,000 | ---D | M] (SpeedBit Video Downloader) -- C:\PROGRAM FILES (X86)\SPEEDBIT VIDEO DOWNLOADER\SPFIREFOX
[2010/03/27 22:24:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\{02450954-CDD9-410F-B1DA-DB804E18C671}
[2010/12/17 18:18:10 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}
[2010/04/29 22:01:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
[2011/02/05 11:37:40 | 000,000,000 | ---D | M] (Integrated Gmail) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\{28197867-B1EF-4140-8E3B-55C45B9C8460}
[2010/07/22 13:46:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\{31387338-A9A2-4C43-BC21-222DAA42B854}
[2010/03/10 06:57:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
[2010/08/26 03:37:35 | 000,000,000 | ---D | M] (Affixa - Login Handler) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\{732A141A-E40A-45C7-8F12-520284102A7D}
[2010/08/26 03:37:35 | 000,000,000 | ---D | M] (Affixa - Login Handler) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\{732A141A-E40A-45C7-8F12-520284102A7E}
[2010/11/14 13:10:06 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\{89506680-E3F4-484C-A2C0-ED711D481EDA}
[2010/02/14 15:43:22 | 000,000,000 | ---D | M] (isoHunt Toolbar) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\{A6E4A4EB-D169-4E99-8988-250FCBAFE767}
[2010/11/23 11:24:51 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}
[2011/01/18 21:25:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
[2010/02/27 23:33:04 | 000,000,000 | ---D | M] (FlipClock) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\{CDD09450-7280-11DE-8A39-0800200C9A66}
[2010/12/24 21:07:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
[2011/02/05 11:37:58 | 000,000,000 | ---D | M] ("Yoono") -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\{D9284E50-81FC-11DA-A72B-0800200C9A66}
[2011/02/05 11:37:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}
[2010/11/23 11:24:53 | 000,000,000 | ---D | M] (FoxTab) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}
[2011/01/18 21:24:50 | 000,000,000 | ---D | M] (PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD)) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\[email protected]
[2011/02/05 11:37:27 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\[email protected]
[2010/09/14 00:28:14 | 000,000,000 | ---D | M] (Personas) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\[email protected]
[2010/01/09 22:42:11 | 000,000,000 | ---D | M] (Reframe It) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\[email protected]
[2010/08/12 18:13:33 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\USERS\JEFFREY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4V88QOM.DEFAULT\EXTENSIONS\[email protected]
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (SPEEDBIT1 Class) - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\Program Files (x86)\SpeedBit Toolbar\Toolbar\tbcore3.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SpeedBit) - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\Program Files (x86)\SpeedBit Toolbar\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit) - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\Program Files (x86)\SpeedBit Toolbar\Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MacrokeyManager] File not found
O4 - HKLM..\Run: [StarBoardCtrlBox] C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Software\StarBoardControlBox.exe ()
O4 - HKLM..\Run: [StarBoardDriver] C:\Program Files (x86)\Hitachi Software Engineering\StarBoard Driver\DGBoard.exe (Hitachi Software Engineering Co., Ltd.)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: autodesk.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: excite.com ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: excite.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: excite.com ([www1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([docs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\Windows\system32\dmdskmgr32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\cmifw32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\dmdskres232.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\cmlua32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\ctl3d3232.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\dmdskres23232.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\autoplay32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\chtbrkr32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\cmlua3232.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\C_IS202232.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\dhcpcsvc632.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\cmlua3232.dllxxqdp6vz32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\AuxiliaryDisplayCpl32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\CHxReadingStringIME32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\cmlua3232.dllxxqdp6vz32.dllwynixblb32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\cmstplua32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\C_G1803032.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\DfsShlEx32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\cmlua3232.dllxxqdp6vz32.dllwynixblb32.dlln62ho4ng32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\dmdskmgr3232.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\avifil3232.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\cic32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\cmlua3232.dllxxqdp6vz32.dllwynixblb32.dlln62ho4ng32.dllongv7qn0cx7a32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\cmutil32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\avifil3232.dll74car32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\DfsShlEx3232.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\dmdskmgr32.dlld3hkdp7h7432.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\avifil3232.dll74car32.dllz11ecvdd7e1nqjq32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\DfsShlEx3232.dllrmb5nhqahesnpyw32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\dmdskmgr32.dlld3hkdp7h7432.dll7v9tz32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\avifil3232.dll74car32.dllz11ecvdd7e1nqjq32.dllsjbe48gz32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\DfsShlEx3232.dllrmb5nhqahesnpyw32.dllzebacs4vgw5d3la32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\dmdskmgr32.dlld3hkdp7h7432.dll7v9tz32.dllpujk5232.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\avifil3232.dll74car32.dllz11ecvdd7e1nqjq32.dllsjbe48gz32.dllrr0ztniw32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\DfsShlEx3232.dllrmb5nhqahesnpyw32.dllzebacs4vgw5d3la32.dll815u1fazur8myc32.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\dmdskmgr32.dlld3hkdp7h7432.dll7v9tz32.dllpujk5232.dllficwn432.dll) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\DfsShlEx3232.dllrmb5nhqahesnpyw32.dllzebacs4vgw5d3la32.dll815u1fazur8myc32.dllew3dpzq532.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/04 07:56:21 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{043f600b-4f50-11df-9182-00235aba5ce8}\Shell - "" = AutoRun
O33 - MountPoints2\{043f600b-4f50-11df-9182-00235aba5ce8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/18 22:23:11 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Jeffrey\Desktop\OldTimersList.exe
[2011/02/17 14:05:21 | 000,000,000 | -HSD | C] -- C:\%APPDATA%
[2011/02/17 14:05:21 | 000,000,000 | -HSD | C] -- \%APPDATA%
[2011/02/17 14:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedBit Video Downloader
[2011/02/17 13:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2011/02/15 13:45:01 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/02/15 13:45:01 | 000,000,000 | RH-D | C] -- \MSOCache
[2011/02/12 21:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/02/12 00:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/02/09 23:41:26 | 000,000,000 | -HSD | C] -- C:\found.004
[2011/02/09 23:41:26 | 000,000,000 | -HSD | C] -- \found.004
[2011/02/09 23:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MacroKey Manager
[2011/02/09 00:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2011/02/09 00:03:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2011/02/08 21:12:42 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\Desktop\MYCA Cycle 24 Spring 11
[2011/02/05 13:23:05 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\Documents\WhiteWinXP_files
[2011/01/31 10:30:31 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\Desktop\The NVIDIA GPU Litigation - Affected Models_files
[2011/01/28 15:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/28 15:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/28 15:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/28 12:16:22 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\Documents\Forms
[2011/01/22 23:45:12 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\Desktop\Gaming
[2011/01/21 22:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desert Nights Casino
[2011/01/21 22:31:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DesertNightsCasino
[2011/01/21 22:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\FileCure
[2011/01/21 21:47:17 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slots of Vegas
[2011/01/20 00:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slots of Vegas
[2011/01/20 00:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Slots of Vegas
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/18 22:40:41 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2011/02/18 22:40:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/18 22:23:23 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jeffrey\Desktop\OldTimersList.exe
[2011/02/18 22:21:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1557280487-2522044058-1071277063-1000UA.job
[2011/02/18 22:15:11 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/18 22:15:11 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/18 22:04:37 | 000,002,563 | ---- | M] () -- C:\Users\Jeffrey\Desktop\HiJackThis.lnk
[2011/02/18 20:28:15 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E4EEBFDA-4F8A-45A8-9F58-AAFA04C7A652}.job
[2011/02/18 19:19:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/18 19:19:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/18 19:19:05 | 2950,516,736 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/18 19:17:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/02/18 01:40:51 | 000,009,376 | ---- | M] () -- C:\Users\Jeffrey\.recently-used.xbel
[2011/02/17 16:08:22 | 000,014,336 | ---- | M] () -- C:\Users\Jeffrey\Documents\Agenda Thursday 17FEB11.ppt
[2011/02/17 14:05:54 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2011/02/15 13:52:06 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/02/15 13:31:42 | 000,161,792 | ---- | M] () -- C:\Users\Jeffrey\Desktop\tptemplate.doc
[2011/02/15 13:20:59 | 000,030,720 | ---- | M] () -- C:\Users\Jeffrey\Desktop\weekly+planning_guide.doc
[2011/02/15 11:21:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1557280487-2522044058-1071277063-1000Core.job
[2011/02/14 10:43:21 | 000,024,064 | ---- | M] () -- C:\Users\Jeffrey\Documents\Andrea StarAward.doc
[2011/02/14 10:38:00 | 000,024,064 | ---- | M] () -- C:\Users\Jeffrey\Documents\Felicia StarAward.doc
[2011/02/14 10:34:37 | 000,024,064 | ---- | M] () -- C:\Users\Jeffrey\Documents\Sage StarAward.doc
[2011/02/14 10:31:48 | 000,024,064 | ---- | M] () -- C:\Users\Jeffrey\Documents\Courtney StarAward.doc
[2011/02/14 10:27:27 | 000,024,064 | ---- | M] () -- C:\Users\Jeffrey\Documents\Jace StarAward.doc
[2011/02/14 09:50:11 | 000,024,064 | ---- | M] () -- C:\Users\Jeffrey\Documents\StarAward blank.doc
[2011/02/14 08:08:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/02/11 21:11:39 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJeffrey.job
[2011/02/09 23:33:52 | 000,009,564 | -H-- | M] () -- C:\Users\Jeffrey\Documents\DJJAZZYJEFF17.pro
[2011/02/09 23:33:52 | 000,000,152 | -H-- | M] () -- C:\Users\Jeffrey\Documents\Profile.ini
[2011/02/09 12:53:49 | 000,835,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/09 12:53:49 | 000,697,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/09 12:53:49 | 000,138,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/09 12:44:08 | 000,534,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/07 15:52:24 | 000,024,458 | ---- | M] () -- C:\Users\Jeffrey\Documents\bi-polar_moodchart-2.pdf
[2011/02/07 15:51:20 | 000,039,167 | ---- | M] () -- C:\Users\Jeffrey\Documents\bi-polar_moodchart1.pdf
[2011/02/05 13:23:05 | 000,004,642 | ---- | M] () -- C:\Users\Jeffrey\Documents\WhiteWinXP.htm
[2011/02/04 23:18:53 | 000,001,880 | ---- | M] () -- C:\Users\Jeffrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Desert Nights Casino.lnk
[2011/01/31 10:31:25 | 000,014,598 | ---- | M] () -- C:\Users\Jeffrey\Desktop\TX1000 IdentifiedSymptomsList.pdf
[2011/01/28 15:58:12 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/28 11:30:26 | 000,017,200 | ---- | M] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui.dll
[2011/01/28 11:30:24 | 000,028,976 | ---- | M] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon.dll
[2011/01/23 00:40:58 | 000,231,424 | ---- | M] () -- C:\Users\Jeffrey\Documents\Full sail jobs.doc
[2011/01/21 19:56:11 | 000,397,148 | ---- | M] () -- C:\Users\Jeffrey\Documents\Rregistry Backup before CCleaner 1-21-11.reg
[2011/01/21 19:47:58 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/01/21 19:01:18 | 000,019,825 | ---- | M] () -- C:\Users\Jeffrey\Documents\SSDI-Documents for Evaluation.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/18 01:40:51 | 000,009,376 | ---- | C] () -- C:\Users\Jeffrey\.recently-used.xbel
[2011/02/17 16:06:12 | 000,014,336 | ---- | C] () -- C:\Users\Jeffrey\Documents\Agenda Thursday 17FEB11.ppt
[2011/02/17 14:05:54 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/02/16 15:15:22 | 000,029,184 | ---- | C] () -- C:\Users\Jeffrey\Documents\Following Directions Test.doc
[2011/02/15 13:31:40 | 000,161,792 | ---- | C] () -- C:\Users\Jeffrey\Desktop\tptemplate.doc
[2011/02/15 13:20:58 | 000,030,720 | ---- | C] () -- C:\Users\Jeffrey\Desktop\weekly+planning_guide.doc
[2011/02/14 10:39:49 | 000,024,064 | ---- | C] () -- C:\Users\Jeffrey\Documents\Andrea StarAward.doc
[2011/02/14 10:36:23 | 000,024,064 | ---- | C] () -- C:\Users\Jeffrey\Documents\Felicia StarAward.doc
[2011/02/14 10:33:47 | 000,024,064 | ---- | C] () -- C:\Users\Jeffrey\Documents\Sage StarAward.doc
[2011/02/14 10:31:48 | 000,024,064 | ---- | C] () -- C:\Users\Jeffrey\Documents\Courtney StarAward.doc
[2011/02/14 09:58:06 | 000,024,064 | ---- | C] () -- C:\Users\Jeffrey\Documents\Jace StarAward.doc
[2011/02/14 09:50:10 | 000,024,064 | ---- | C] () -- C:\Users\Jeffrey\Documents\StarAward blank.doc
[2011/02/13 12:47:56 | 2950,516,736 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/13 12:47:56 | 2950,516,736 | -HS- | C] () --
[2011/02/12 00:19:21 | 000,373,484 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\dd_vcredistMSI3FA0.txt
[2011/02/12 00:19:19 | 000,012,326 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\dd_vcredistUI3FA0.txt
[2011/02/09 00:03:06 | 000,001,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Reader.lnk
[2011/02/07 15:52:24 | 000,024,458 | ---- | C] () -- C:\Users\Jeffrey\Documents\bi-polar_moodchart-2.pdf
[2011/02/07 15:51:20 | 000,039,167 | ---- | C] () -- C:\Users\Jeffrey\Documents\bi-polar_moodchart1.pdf
[2011/02/05 13:23:04 | 000,004,642 | ---- | C] () -- C:\Users\Jeffrey\Documents\WhiteWinXP.htm
[2011/01/31 10:31:25 | 000,014,598 | ---- | C] () -- C:\Users\Jeffrey\Desktop\TX1000 IdentifiedSymptomsList.pdf
[2011/01/28 15:58:12 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/23 00:23:37 | 000,231,424 | ---- | C] () -- C:\Users\Jeffrey\Documents\Full sail jobs.doc
[2011/01/21 22:33:51 | 000,001,880 | ---- | C] () -- C:\Users\Jeffrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Desert Nights Casino.lnk
[2011/01/21 19:55:49 | 000,397,148 | ---- | C] () -- C:\Users\Jeffrey\Documents\Rregistry Backup before CCleaner 1-21-11.reg
[2011/01/21 19:01:18 | 000,019,825 | ---- | C] () -- C:\Users\Jeffrey\Documents\SSDI-Documents for Evaluation.pdf
[2010/12/09 20:14:28 | 000,338,944 | ---- | C] () -- \hpzids40.dll
[2010/10/10 23:07:40 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\ATWTINK.DLL
[2010/10/10 23:07:39 | 000,013,254 | R--- | C] () -- C:\Windows\SysWow64\Vista.ini
[2010/10/10 23:07:39 | 000,012,948 | R--- | C] () -- C:\Windows\SysWow64\XP_2000.ini
[2010/10/10 00:30:42 | 000,000,593 | R--- | C] () -- C:\Windows\SysWow64\MKProfile.ini
[2010/10/05 13:59:14 | 000,011,678 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\dd_ReportViewerUI05E0.txt
[2010/10/04 21:36:01 | 001,218,386 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\dd_rdbgexp64_80MSI155A.txt
[2010/10/04 21:36:01 | 000,010,774 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\dd_rdbgexp64_80UI155A.txt
[2010/10/04 19:08:20 | 031,508,915 | ---- | C] () -- \Data1.cab
[2010/10/04 19:08:20 | 007,765,504 | ---- | C] () -- \Vision.msi
[2010/10/04 19:08:20 | 000,993,792 | ---- | C] () -- \ISScript1050.msi
[2010/10/01 07:03:50 | 3264,233,472 | -HS- | C] () --
[2010/08/28 01:42:49 | 000,369,582 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\dd_vcredistMSI392E.txt
[2010/08/28 01:42:48 | 000,014,342 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\dd_vcredistUI392E.txt
[2010/07/25 02:15:27 | 000,361,294 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\dd_vcredistMSI71A5.txt
[2010/07/25 02:15:27 | 000,011,166 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\dd_vcredistUI71A5.txt
[2010/06/25 00:27:01 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/05/25 22:42:00 | 000,440,562 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\dd_vcredistMSI7E4C.txt
[2010/05/25 22:42:00 | 000,013,298 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\dd_vcredistUI7E4C.txt
[2010/04/06 15:32:39 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2010/04/06 15:32:39 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2010/04/01 02:14:55 | 000,000,237 | ---- | C] () -- C:\Program Files (x86)\Common Files\eInstruction.ini
[2010/01/02 18:01:42 | 000,429,294 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\dd_vcredistMSI02C0.txt
[2010/01/02 18:01:42 | 000,011,486 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\dd_vcredistUI02C0.txt
[2009/12/09 00:01:45 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/08 20:47:58 | 000,014,848 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/12 19:06:54 | 000,000,402 | ---- | C] () -- \Music Files - Shortcut.lnk
[2009/10/24 21:57:40 | 000,849,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/20 06:15:20 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/20 06:13:37 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/10 10:02:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/17 17:20:14 | 000,000,000 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\Temptable.xml
[2009/09/17 16:45:01 | 000,000,000 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\FnF4.txt
[2009/09/17 08:01:36 | 000,007,052 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\d3d9caps.dat
[2009/09/11 17:00:49 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2009/09/11 14:39:35 | 000,000,000 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\QSwitch.txt
[2009/09/11 14:39:35 | 000,000,000 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\DSwitch.txt
[2009/09/11 14:39:35 | 000,000,000 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\AtStart.txt
[2009/09/11 14:39:30 | 000,000,376 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/07/30 20:58:42 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/01/07 09:54:44 | 000,007,296 | ---- | C] () -- C:\Windows\aiptbl.ini
[2008/06/09 01:01:12 | 000,333,257 | RHS- | C] () -- \bootmgr
[2008/04/28 08:22:38 | 000,110,592 | R--- | C] () -- C:\Windows\SysWow64\JPEG32.DLL
[2008/04/28 08:22:38 | 000,053,760 | R--- | C] () -- C:\Windows\SysWow64\BuEResNT.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/08/21 18:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2006/12/02 01:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll

========== LOP Check ==========

[2011/02/18 22:40:41 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\AutoSmartDefrag.job
[2011/02/18 19:17:44 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/18 20:28:15 | 000,000,396 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E4EEBFDA-4F8A-45A8-9F58-AAFA04C7A652}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:9A870F8B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:2B11E0DF

< End of report >
  • 0

Advertisements

Back to Windows Vista and Windows 7 · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows Vista and Windows 7

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP