Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud aftermath; services not starting, can't run DDS or GMER properly


  • This topic is locked This topic is locked
7 replies to this topic

#1 phnw

phnw

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 05 February 2012 - 02:54 PM

Reference: http://www.bleepingcomputer.com/forums/topic34773.html - I suppose I initially started the topic in the wrong place. Apologies.

I am running Windows 7 64-bit.

My issue: Earlier this week, Spybot Search and destroy found smitfraud-c.generic on my computer. TDSSKiller found Rootkit.Boot.Pihar.B. Both were removed by the programs and are no longer being identified and seem to be gone.

I had been running Mcafee, which failed to identify them. I'm still using Mcafee until I can find a suitable replacement, however now, the firewall won't stay activated. When I try to start the service, I get a msg that says: error 1075: the dependency service does not exist or has been marked for deletion.

The problem now: I downloaded DDS (from your link here:http://www.bleepingcomputer.com/download/anti-virus/dds) but when I click on it, absolutely nothing happens.

Also: I downloaded GMER, and the majority of the checkboxes on the side are greyed out and can not be checked.

Should I run these in safe mode to provide the docs you need?

Any help greatly appreciated.
Jill

Edited by phnw, 05 February 2012 - 02:55 PM.


BC AdBot (Login to Remove)

 


#2 phnw

phnw
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 05 February 2012 - 03:20 PM

Apologies for the double post; I was able to get the DDS logs after a reboot. Attached.

GMER boxes are still grayed out, even in safe mode.

Defogger has been installed and applied as well.

Attached Files

  • Attached File  dds.txt   24.81KB   3 downloads

Edited by phnw, 05 February 2012 - 03:27 PM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:34 PM

Posted 06 February 2012 - 07:33 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 phnw

phnw
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 06 February 2012 - 11:33 AM

Hello, here are the files you requested. Thank you-

OTL Extras logfile created on: 2/6/2012 11:21:45 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jill End Room\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.96 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 44.80% Memory free
11.92 Gb Paging File | 6.82 Gb Available in Paging File | 57.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.46 Gb Total Space | 734.34 Gb Free Space | 79.95% Space Free | Partition Type: NTFS
Drive D: | 12.96 Gb Total Space | 1.59 Gb Free Space | 12.29% Space Free | Partition Type: NTFS

Computer Name: JILLENDROOM-HP | User Name: Jill End Room | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\PROGRA~2\COFFEE~1\coffee.exe" "%1" (CoffeeCup Software)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\PROGRA~2\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\PROGRA~2\COFFEE~1\coffee.exe" "%1" (CoffeeCup Software)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\PROGRA~2\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{057871D9-D9CD-15CF-50DC-9192C9B3D00E}" = ATI Problem Report Wizard
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07ECF9FC-BB47-4325-8345-7BFEC708DDD7}" = Digital Cable Advisor
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{3184267F-B0D9-0657-D705-0C700B481A18}" = ccc-utility64
"{3A477F94-D551-17B2-26A5-7AD895F6C8BA}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E9DF4F3-CAFA-4BD6-8FC1-2F604824649A}" = Ceton InfiniTV (x64)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}" = ATI Stream SDK v2 Developer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E59637F-DA32-E400-92F6-3E84DB1DFB8D}" = CCC Help Portuguese
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{13FED2DC-8185-351F-72B2-C1CAB3A8860B}" = CCC Help Turkish
"{1826A2E3-22EE-ACC6-BB3A-80EEFF23167A}" = CCC Help Danish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A66A9AD-7BC1-8E9C-25EE-A5C2B07FA59E}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{28CD5009-54CA-ED14-6A17-47803585FF5F}" = Catalyst Control Center Localization All
"{28D1AF2F-9574-DABC-BA08-72F3356960D2}" = CCC Help Polish
"{2A41AD80-C9C8-3CD0-2BEA-05731A9483DF}" = ccc-core-static
"{2C9CA30C-E2B7-0D3A-291D-4808973E6F8C}" = CCC Help Italian
"{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}" = HP MediaSmart/TouchSmart Netflix
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F4C493B-28D8-5054-13E9-91F05903887B}" = CCC Help Dutch
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38069E07-617C-8074-4F67-BAFFFBB7E7FA}" = CCC Help Spanish
"{3D4C2961-3353-4C56-B0B8-82AC1923695F}" = Catalyst Control Center - Branding
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
"{49DA021B-1C01-36D0-ABDF-3B9BED567EED}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDC0530-445B-47F2-36A0-758DE8903B44}" = CCC Help German
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5208F7DB-9DAA-E5CA-EEC3-1B004D66A8EB}" = CCC Help Chinese Standard
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{58F095F8-3F66-528A-0BF6-DF1A7B304EC0}" = CCC Help Korean
"{5E38ABC5-71C2-04D8-62F0-C44B53E7DED8}" = Catalyst Control Center Graphics Previews Vista
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6E30650C-81B1-9AD2-812E-DBAA19763B8B}" = HydraVision
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{912CED74-88D3-4C5B-ACB0-13231864975E}" = PressReader
"{913E7600-FA3A-B125-1EA6-391D59C258F6}" = CCC Help Czech
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{959DFE5E-B55F-4A0A-9E71-2970C98C3164}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AEDD629-A40E-5EB1-2E70-E84DDE915C16}" = CCC Help Norwegian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}" = HP Support Assistant
"{B31D9B68-A844-191A-C652-4EA715A8CD92}" = CCC Help French
"{B3435D6A-B061-D8E5-C9AD-2D63C823C50C}" = CCC Help Swedish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE05B1E6-3C47-32DC-113B-7DB85FD6BE75}" = CCC Help Hungarian
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6FD5FE2-3635-0C15-6D3C-95FCAA51A3CE}" = CCC Help Greek
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9742D19-38EE-B2BE-5902-44130C4008FA}" = CCC Help Japanese
"{DBF625A1-9F84-1533-E08E-D1EBBE5001DD}" = Catalyst Control Center Graphics Previews Common
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE6E96CA-AD23-BBD7-4304-B6D4EA0F1933}" = CCC Help Thai
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E141B1E0-BA8A-750F-4106-FC6AAB8950E0}" = CCC Help English
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F912EF57-65C8-48E8-911F-7FCAF8ADD62E}" = Encore 802.11n Wireless Adapter ENUWI-N3
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"ACDSee" = ACDSee
"Adobe AIR" = Adobe AIR
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AIM_7" = AIM 7
"Belarc Advisor" = Belarc Advisor 8.2
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"FileZilla Client" = FileZilla Client 3.3.5.1
"HandBrake" = HandBrake 0.9.5
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"MailWasher Pro_is1" = MailWasher Pro
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"Mozilla Thunderbird (3.1.14)" = Mozilla Thunderbird (3.1.14)
"MSC" = McAfee Total Protection
"My HP Game Console" = HP Game Console
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OnLive" = OnLive
"PDF Complete" = PDF Complete Special Edition
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spotify" = Spotify
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/20/2011 11:31:37 PM | Computer Name = JillEndRoom-HP | Source = MsiInstaller | ID = 11706
Description =

Error - 12/20/2011 11:31:57 PM | Computer Name = JillEndRoom-HP | Source = MsiInstaller | ID = 11706
Description =

Error - 12/20/2011 11:32:53 PM | Computer Name = JillEndRoom-HP | Source = MsiInstaller | ID = 11706
Description =

Error - 12/25/2011 10:41:36 PM | Computer Name = JillEndRoom-HP | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 8.0.1.4341 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1a1c Start
Time: 01ccc331ca1fa2f6 Termination Time: 1591 Application Path: C:\Program Files
(x86)\Mozilla Firefox\firefox.exe Report Id: 1c183237-2f6b-11e1-80b0-6c626dd30caa


Error - 12/31/2011 10:17:27 PM | Computer Name = JillEndRoom-HP | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 8.0.1.4341 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 390 Start
Time: 01ccc377e2c4effa Termination Time: 1419 Application Path: C:\Program Files
(x86)\Mozilla Firefox\firefox.exe Report Id: ba22be2a-341e-11e1-80b0-6c626dd30caa


Error - 1/1/2012 12:20:49 PM | Computer Name = JillEndRoom-HP | Source = Application Hang | ID = 1002
Description = The program MSetup.exe version 2.19.0.11 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1738 Start
Time: 01ccc89ee0fa2c80 Termination Time: 15 Application Path: C:\Users\JILLEN~1\AppData\Local\Temp\Logitech\SetPoint_1\MSetup.exe

Report
Id:

Error - 1/1/2012 4:12:08 PM | Computer Name = JillEndRoom-HP | Source = MsiInstaller | ID = 11706
Description =

Error - 1/3/2012 12:15:17 PM | Computer Name = JillEndRoom-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 1/6/2012 12:35:13 PM | Computer Name = JillEndRoom-HP | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 8.0.1.4341 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1658 Start
Time: 01cccc91067c1bcd Termination Time: 16 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 654551ee-3884-11e1-9e22-6c626dd30caa

Error - 1/22/2012 10:49:22 PM | Computer Name = JillEndRoom-HP | Source = VSS | ID = 8194
Description =

[ Hewlett-Packard Events ]
Error - 4/3/2011 3:55:44 PM | Computer Name = JillEndRoom-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041103035531.xml
File not created by asset agent

[ Media Center Events ]
Error - 2/5/2012 5:15:23 AM | Computer Name = JillEndRoom-HP | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) Ceton InfiniTV PCIe (00-80-4b-73)
Tuner 3 (00-00-22-00-00-80-4b-73)

Error - 2/5/2012 5:21:52 AM | Computer Name = JillEndRoom-HP | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) Ceton InfiniTV PCIe (00-80-4b-73)
Tuner 4 (00-00-22-00-00-80-4b-73)

Error - 2/5/2012 5:22:19 AM | Computer Name = JillEndRoom-HP | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) Ceton InfiniTV PCIe (00-80-4b-73)
Tuner 4 (00-00-22-00-00-80-4b-73)

Error - 2/6/2012 4:52:32 AM | Computer Name = JillEndRoom-HP | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) Ceton InfiniTV PCIe (00-80-4b-73)
Tuner 1 (00-00-22-00-00-80-4b-73)

Error - 2/6/2012 4:52:59 AM | Computer Name = JillEndRoom-HP | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) Ceton InfiniTV PCIe (00-80-4b-73)
Tuner 1 (00-00-22-00-00-80-4b-73)

Error - 2/6/2012 5:00:27 AM | Computer Name = JillEndRoom-HP | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) Ceton InfiniTV PCIe (00-80-4b-73)
Tuner 2 (00-00-22-00-00-80-4b-73)

Error - 2/6/2012 5:00:55 AM | Computer Name = JillEndRoom-HP | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) Ceton InfiniTV PCIe (00-80-4b-73)
Tuner 2 (00-00-22-00-00-80-4b-73)

Error - 2/6/2012 5:07:54 AM | Computer Name = JillEndRoom-HP | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) Ceton InfiniTV PCIe (00-80-4b-73)
Tuner 3 (00-00-22-00-00-80-4b-73)

Error - 2/6/2012 5:08:21 AM | Computer Name = JillEndRoom-HP | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) Ceton InfiniTV PCIe (00-80-4b-73)
Tuner 3 (00-00-22-00-00-80-4b-73)

Error - 2/6/2012 5:14:50 AM | Computer Name = JillEndRoom-HP | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) Ceton InfiniTV PCIe (00-80-4b-73)
Tuner 4 (00-00-22-00-00-80-4b-73)

[ System Events ]
Error - 7/13/2011 2:07:41 PM | Computer Name = JillEndRoom-HP | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 7/16/2011 11:23:12 AM | Computer Name = JillEndRoom-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 7/18/2011 1:36:52 PM | Computer Name = JillEndRoom-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:30:44 PM on ?7/?18/?2011 was unexpected.

Error - 7/20/2011 9:48:04 PM | Computer Name = JillEndRoom-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:46:09 PM on ?7/?20/?2011 was unexpected.

Error - 7/27/2011 10:21:23 PM | Computer Name = JillEndRoom-HP | Source = DCOM | ID = 10010
Description =

Error - 8/4/2011 6:07:10 PM | Computer Name = JillEndRoom-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:05:22 PM on ?8/?4/?2011 was unexpected.

Error - 8/7/2011 10:59:34 AM | Computer Name = JillEndRoom-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 8/16/2011 10:51:12 PM | Computer Name = JillEndRoom-HP | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.102
with the system having network hardware address 00-1F-C6-05-05-42. Network operations
on this system may be disrupted as a result.

Error - 8/29/2011 6:08:29 PM | Computer Name = JillEndRoom-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 10/6/2011 6:20:59 PM | Computer Name = JillEndRoom-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.


< End of report >


OTL logfile created on: 2/6/2012 11:21:45 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jill End Room\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.96 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 44.80% Memory free
11.92 Gb Paging File | 6.82 Gb Available in Paging File | 57.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.46 Gb Total Space | 734.34 Gb Free Space | 79.95% Space Free | Partition Type: NTFS
Drive D: | 12.96 Gb Total Space | 1.59 Gb Free Space | 12.29% Space Free | Partition Type: NTFS

Computer Name: JILLENDROOM-HP | User Name: Jill End Room | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/06 11:15:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jill End Room\Desktop\OTL.exe
PRC - [2012/02/05 21:30:40 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\JILLEN~1\AppData\Local\Temp\Adobelm_Cleanup.0001
PRC - [2012/02/03 00:04:01 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/17 18:16:24 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2011/10/14 22:57:26 | 000,089,088 | ---- | M] (Ceton Corporation) -- C:\Program Files\Ceton Corp\Ceton InfiniTV\TAHSP.exe
PRC - [2011/04/19 11:46:33 | 005,661,696 | ---- | M] (Firetrust Ltd) -- C:\Program Files (x86)\FireTrust\MailWasher Pro\MailWasher.exe
PRC - [2011/01/07 18:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/01/05 12:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/11/21 09:54:34 | 007,621,120 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
PRC - [2010/10/22 17:21:52 | 001,121,304 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/08/20 20:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/07/01 09:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\Jill End Room\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2010/03/03 23:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 23:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/20 12:13:44 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Encore\Common\RaRegistry.exe
PRC - [2009/09/30 23:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 23:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2005/03/22 03:29:36 | 019,533,824 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Photoshop CS2\Photoshop.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/05 21:30:41 | 000,697,884 | ---- | M] () -- C:\Users\JILLEN~1\AppData\Local\Temp\Adobelm_Cleanup.0001.dir.0007\~df394b.tmp
MOD - [2012/02/05 21:30:40 | 000,697,884 | ---- | M] () -- C:\Users\JILLEN~1\AppData\Local\Temp\Adobelm_Cleanup.0001.dir.0006\~df394b.tmp
MOD - [2012/02/05 21:30:40 | 000,575,488 | ---- | M] () -- C:\Users\JILLEN~1\AppData\Local\Temp\Adobelm_Cleanup.0001.dir.0006\~de2fd8.tmp
MOD - [2012/02/03 00:04:01 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/01/09 03:01:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/12/25 13:19:32 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/14 14:05:06 | 000,036,864 | ---- | M] () -- C:\Users\Jill End Room\AppData\Roaming\Mozilla\Firefox\Profiles\aizpnd0b.default\extensions\twitternotifier@naan.net\platform\echofonsign.dll
MOD - [2011/10/12 02:32:55 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/12 02:26:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 02:26:40 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 02:26:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/12 02:26:27 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 02:26:24 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 02:26:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 02:26:20 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/01/07 18:48:38 | 000,235,624 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/01/05 12:06:43 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2010/01/02 09:42:28 | 000,018,207 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\mingwm10.dll
MOD - [2005/01/12 16:22:30 | 000,608,768 | ---- | M] () -- C:\Program Files (x86)\FireTrust\MailWasher Pro\MailAnalysis.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/06 17:16:02 | 000,208,536 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/12/06 17:15:46 | 000,199,272 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/11/18 16:36:42 | 000,161,168 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/10/18 17:01:08 | 000,502,032 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/10/14 22:58:40 | 000,069,392 | ---- | M] (Ceton Corporation) [Auto | Running] -- C:\Program Files\Ceton Corp\Ceton InfiniTV\InfiniTVSvc.exe -- (InfiniTVSvc)
SRV:64bit: - [2011/10/14 22:57:26 | 000,089,088 | ---- | M] (Ceton Corporation) [Auto | Running] -- C:\Program Files\Ceton Corp\Ceton InfiniTV\TAHSP.exe -- (InfiniTVTAHSP)
SRV:64bit: - [2011/09/27 14:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/11/23 12:21:52 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2011/12/08 18:11:18 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/01/07 18:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/22 17:21:52 | 001,121,304 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/08/20 20:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/07/01 09:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\Jill End Room\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/06/18 20:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/13 20:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 23:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/10/20 12:13:44 | 000,212,256 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Encore\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2009/10/20 12:13:44 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Encore\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009/09/30 23:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 23:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/15 12:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/10/15 12:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/10/15 12:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/10/15 12:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/10/15 12:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/10/15 12:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/10/15 12:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/10/15 12:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/10/06 17:14:08 | 000,040,720 | ---- | M] (Ceton Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ceton_mocur.sys -- (ceton_mocur)
DRV:64bit: - [2011/09/02 01:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/24 13:18:12 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/04/11 14:29:20 | 000,071,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\McPvDrv.sys -- (McPvDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/23 12:53:44 | 007,886,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/23 11:46:42 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 18:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/09/03 01:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 20:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2010/03/03 21:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/15 11:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2011/12/02 00:33:14 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:2.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {21cfaec0-dbb3-11dc-95ff-0800200c9a66}:1.1.2.4
FF - prefs.js..extensions.enabledItems: ytvdw@pgport.com:1.1.9
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jill End Room\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jill End Room\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/01/23 11:08:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/01/31 11:47:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/03 00:04:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/30 17:29:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.14\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/09/10 09:23:12 | 000,000,000 | ---D | M]

[2011/05/08 15:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jill End Room\AppData\Roaming\mozilla\Extensions
[2011/03/19 19:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jill End Room\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/08 15:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jill End Room\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2012/02/05 11:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jill End Room\AppData\Roaming\mozilla\Firefox\Profiles\aizpnd0b.default\extensions
[2012/02/05 11:53:58 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Jill End Room\AppData\Roaming\mozilla\Firefox\Profiles\aizpnd0b.default\extensions\twitternotifier@naan.net
[2011/05/08 15:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jill End Room\AppData\Roaming\mozilla\SeaMonkey\Profiles\bsimhjdw.default\extensions
[2011/07/05 18:53:08 | 000,000,957 | ---- | M] () -- C:\Users\Jill End Room\AppData\Roaming\Mozilla\Firefox\Profiles\aizpnd0b.default\searchplugins\dictionarycom.xml
[2011/07/05 18:53:08 | 000,001,747 | ---- | M] () -- C:\Users\Jill End Room\AppData\Roaming\Mozilla\Firefox\Profiles\aizpnd0b.default\searchplugins\google-blogs.xml
[2011/07/05 18:53:08 | 000,001,749 | ---- | M] () -- C:\Users\Jill End Room\AppData\Roaming\Mozilla\Firefox\Profiles\aizpnd0b.default\searchplugins\google-books.xml
[2011/07/05 18:53:08 | 000,001,759 | ---- | M] () -- C:\Users\Jill End Room\AppData\Roaming\Mozilla\Firefox\Profiles\aizpnd0b.default\searchplugins\google-directory.xml
[2011/07/05 18:53:08 | 000,001,666 | ---- | M] () -- C:\Users\Jill End Room\AppData\Roaming\Mozilla\Firefox\Profiles\aizpnd0b.default\searchplugins\google-finance.xml
[2011/07/05 18:53:08 | 000,001,755 | ---- | M] () -- C:\Users\Jill End Room\AppData\Roaming\Mozilla\Firefox\Profiles\aizpnd0b.default\searchplugins\google-groups.xml
[2011/07/05 18:53:08 | 000,001,716 | ---- | M] () -- C:\Users\Jill End Room\AppData\Roaming\Mozilla\Firefox\Profiles\aizpnd0b.default\searchplugins\google-images.xml
[2011/07/05 18:53:08 | 000,001,705 | ---- | M] () -- C:\Users\Jill End Room\AppData\Roaming\Mozilla\Firefox\Profiles\aizpnd0b.default\searchplugins\google-maps.xml
[2011/07/05 18:53:08 | 000,001,730 | ---- | M] () -- C:\Users\Jill End Room\AppData\Roaming\Mozilla\Firefox\Profiles\aizpnd0b.default\searchplugins\google-news.xml
[2011/07/05 18:53:08 | 000,001,666 | ---- | M] () -- C:\Users\Jill End Room\AppData\Roaming\Mozilla\Firefox\Profiles\aizpnd0b.default\searchplugins\google-products.xml
[2011/07/05 18:53:08 | 000,001,713 | ---- | M] () -- C:\Users\Jill End Room\AppData\Roaming\Mozilla\Firefox\Profiles\aizpnd0b.default\searchplugins\google-scholar.xml
[2011/07/05 18:53:08 | 000,001,663 | ---- | M] () -- C:\Users\Jill End Room\AppData\Roaming\Mozilla\Firefox\Profiles\aizpnd0b.default\searchplugins\google-trends.xml
[2011/07/05 18:53:08 | 000,001,733 | ---- | M] () -- C:\Users\Jill End Room\AppData\Roaming\Mozilla\Firefox\Profiles\aizpnd0b.default\searchplugins\google-video.xml
[2011/07/05 18:53:08 | 000,000,709 | ---- | M] () -- C:\Users\Jill End Room\AppData\Roaming\Mozilla\Firefox\Profiles\aizpnd0b.default\searchplugins\imdb.xml
[2011/07/05 18:53:08 | 000,001,473 | ---- | M] () -- C:\Users\Jill End Room\AppData\Roaming\Mozilla\Firefox\Profiles\aizpnd0b.default\searchplugins\longman-english-dictionary.xml
[2011/07/05 18:53:08 | 000,000,914 | ---- | M] () -- C:\Users\Jill End Room\AppData\Roaming\Mozilla\Firefox\Profiles\aizpnd0b.default\searchplugins\thesauruscom.xml
[2011/07/05 18:53:08 | 000,000,980 | ---- | M] () -- C:\Users\Jill End Room\AppData\Roaming\Mozilla\Firefox\Profiles\aizpnd0b.default\searchplugins\youtube.xml
[2011/12/03 13:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/24 13:44:50 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/01/23 11:08:15 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/01/31 11:47:31 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
() (No name found) -- C:\USERS\JILL END ROOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AIZPND0B.DEFAULT\EXTENSIONS\QUICKDRAG@MOZILLA.KTECHCOMPUTING.COM.XPI
[2012/02/03 00:04:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/08 19:29:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/07 16:15:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/24 20:49:00 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/01/07 16:15:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jill End Room\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jill End Room\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Jill End Room\AppData\Local\Google\Chrome\Application\16.0.912.77\gears.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jill End Room\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jill End Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Jill End Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: SiteAdvisor = C:\Users\Jill End Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\
CHR - Extension: Skype Extension = C:\Users\Jill End Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.0.0.6907_0\
CHR - Extension: Gmail = C:\Users\Jill End Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120123110806.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120123110806.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [McPvTray_exe] C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B2C411D-7312-426E-9D03-818A6B6E25BC}: DhcpNameServer = 167.206.251.130 167.206.251.129 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96803927-403C-4992-B31E-B2F189A757A5}: DhcpNameServer = 167.206.251.130 167.206.251.129
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3fb53ad1-5269-11e0-a272-6c626dd30caa}\Shell - "" = AutoRun
O33 - MountPoints2\{3fb53ad1-5269-11e0-a272-6c626dd30caa}\Shell\AutoRun\command - "" = J:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B1A5AC1-C585-5A41-DD66-C1E9CBAE3162} - Microsoft Windows Media Player 12.0
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2012/02/06 11:15:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jill End Room\Desktop\OTL.exe
[2012/02/05 14:49:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jill End Room\Desktop\dds.scr
[2012/02/05 14:11:32 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jill End Room\Desktop\HijackThis.exe
[2012/02/05 13:37:11 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012/02/05 13:37:11 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012/02/05 13:37:11 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012/02/05 13:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012/02/05 13:36:59 | 000,000,000 | ---D | C] -- C:\Users\Jill End Room\AppData\Roaming\TuneUp Software
[2012/02/05 13:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012/02/05 13:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/02/05 13:36:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/02/05 13:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/05 11:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012/02/05 11:58:56 | 009,104,960 | ---- | C] (McAfee Inc.) -- C:\Users\Jill End Room\Desktop\stinger.exe
[2012/02/05 11:57:58 | 000,000,000 | ---D | C] -- C:\Users\Jill End Room\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/05 11:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/05 11:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/05 11:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/03 18:23:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/03 17:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/02/03 17:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/02/03 10:54:27 | 000,000,000 | ---D | C] -- C:\Users\Jill End Room\Desktop\wordpress
[2012/02/01 12:54:04 | 000,000,000 | ---D | C] -- C:\Users\Jill End Room\Desktop\PH NETWORK
[2012/02/01 09:31:04 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jill End Room\Desktop\TDSSKiller.exe
[2012/01/31 02:04:30 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/31 02:04:30 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/31 02:04:29 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/31 02:04:29 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/31 02:04:29 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/31 02:04:29 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/30 12:53:58 | 000,000,000 | ---D | C] -- C:\Users\Jill End Room\Desktop\TUMBLR SUBMISSION SCREENS
[2012/01/30 11:36:16 | 000,000,000 | ---D | C] -- C:\Users\Jill End Room\AppData\Local\CyberLink
[2012/01/30 11:36:12 | 000,000,000 | ---D | C] -- C:\Users\Jill End Room\AppData\Local\PowerCinema
[2012/01/23 11:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfeeMOBK
[2012/01/23 11:09:43 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Online Backup
[2012/01/23 11:09:42 | 000,066,040 | ---- | C] (Mozy, Inc.) -- C:\Windows\SysNative\drivers\MOBK.sys
[2012/01/23 11:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Online Backup
[2012/01/23 11:09:12 | 000,071,800 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\McPvDrv.sys
[2012/01/23 11:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/01/23 11:09:10 | 000,000,000 | R-SD | C] -- C:\Users\Jill End Room\Documents\McAfee Vaults
[2012/01/23 11:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2012/01/23 11:08:06 | 000,010,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2012/01/23 11:08:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2012/01/23 11:08:03 | 000,481,768 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
[2012/01/23 11:08:03 | 000,284,648 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2012/01/23 11:08:03 | 000,229,528 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2012/01/23 11:08:03 | 000,100,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2012/01/23 11:08:03 | 000,075,808 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys
[2012/01/23 11:08:03 | 000,065,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
[2012/01/23 11:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012/01/23 11:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/01/23 11:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2012/01/22 21:49:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/01/22 21:49:07 | 000,000,000 | ---D | C] -- C:\Users\Jill End Room\AppData\Local\McAfee Anti-Theft
[2012/01/22 21:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2012/01/22 21:37:18 | 000,161,168 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2012/01/22 21:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/01/14 13:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012/01/14 13:13:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2012/01/14 13:13:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012/01/14 13:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/01/11 10:57:12 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 10:57:12 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 10:57:11 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/11 10:57:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/11 10:57:11 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 10:57:11 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 10:57:10 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 10:57:09 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 10:57:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/06 11:15:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jill End Room\Desktop\OTL.exe
[2012/02/06 10:55:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2212324616-788831020-68712354-1000UA.job
[2012/02/05 19:44:23 | 048,936,802 | ---- | M] () -- C:\Users\Jill End Room\Desktop\03 satellite.zip
[2012/02/05 17:55:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2212324616-788831020-68712354-1000Core.job
[2012/02/05 15:21:22 | 000,020,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/05 15:21:22 | 000,020,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/05 15:17:32 | 000,731,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/05 15:17:32 | 000,627,508 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/05 15:17:32 | 000,107,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/05 15:12:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/05 15:12:40 | 504,688,639 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/05 14:49:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jill End Room\Desktop\dds.scr
[2012/02/05 14:45:47 | 000,302,592 | ---- | M] () -- C:\Users\Jill End Room\Desktop\gmer.exe
[2012/02/05 14:41:29 | 000,000,000 | ---- | M] () -- C:\Users\Jill End Room\defogger_reenable
[2012/02/05 14:41:09 | 000,050,477 | ---- | M] () -- C:\Users\Jill End Room\Desktop\Defogger.exe
[2012/02/05 14:38:05 | 000,438,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/05 14:11:32 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jill End Room\Desktop\HijackThis.exe
[2012/02/05 13:37:09 | 000,002,207 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/02/05 13:37:09 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/02/05 13:35:10 | 000,001,280 | ---- | M] () -- C:\Users\Jill End Room\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/05 13:35:10 | 000,001,256 | ---- | M] () -- C:\Users\Jill End Room\Desktop\Spybot - Search & Destroy.lnk
[2012/02/05 12:03:54 | 000,001,959 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/05 11:59:16 | 000,000,047 | RH-- | M] () -- C:\Users\Jill End Room\Desktop\stinger.opt
[2012/02/05 11:59:01 | 009,104,960 | ---- | M] (McAfee Inc.) -- C:\Users\Jill End Room\Desktop\stinger.exe
[2012/02/04 20:57:45 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/02/03 18:58:15 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/03 18:21:06 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jill End Room\Desktop\TDSSKiller.exe
[2012/02/03 00:04:03 | 000,002,042 | ---- | M] () -- C:\Users\Jill End Room\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/30 11:50:55 | 006,491,861 | ---- | M] () -- C:\Users\Jill End Room\Desktop\newlogos2.psd
[2012/01/17 15:11:33 | 000,744,312 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/16 16:45:09 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJILLENDROOM-HP$.job
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/05 19:44:18 | 048,936,802 | ---- | C] () -- C:\Users\Jill End Room\Desktop\03 satellite.zip
[2012/02/05 14:41:29 | 000,000,000 | ---- | C] () -- C:\Users\Jill End Room\defogger_reenable
[2012/02/05 14:41:09 | 000,050,477 | ---- | C] () -- C:\Users\Jill End Room\Desktop\Defogger.exe
[2012/02/05 13:37:09 | 000,002,207 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/02/05 13:37:09 | 000,002,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/02/05 13:37:09 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/02/05 13:35:10 | 000,001,280 | ---- | C] () -- C:\Users\Jill End Room\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/05 13:35:10 | 000,001,256 | ---- | C] () -- C:\Users\Jill End Room\Desktop\Spybot - Search & Destroy.lnk
[2012/02/05 11:59:16 | 000,000,047 | RH-- | C] () -- C:\Users\Jill End Room\Desktop\stinger.opt
[2012/02/05 11:57:46 | 000,001,959 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/14 13:13:21 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/01/06 18:52:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/20 19:40:28 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\ldf252.dll
[2011/12/20 19:35:59 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/24 16:43:20 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/07/24 16:43:20 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BXD2140.DAT
[2011/03/24 13:45:35 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/03/20 14:29:19 | 000,744,312 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/19 18:30:31 | 000,007,592 | ---- | C] () -- C:\Users\Jill End Room\AppData\Local\Resmon.ResmonCfg
[2011/03/19 14:27:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/19 14:03:58 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/03/11 03:10:34 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/11 02:13:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 13:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/03/11 03:05:22 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/03/11 03:06:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/03/11 03:05:22 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2011/03/11 03:04:33 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/03/11 03:06:00 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/03/11 03:04:33 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011/03/11 03:06:00 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/03/11 03:04:33 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/03/11 03:06:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/03/11 03:05:22 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/03/11 03:04:33 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2011/03/11 03:05:22 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/03/11 03:06:00 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/03/11 03:06:00 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:6108D5DF

< End of report >

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:34 PM

Posted 06 February 2012 - 11:51 AM

Hi phnw,

gmer only runs on 32bit machines, it is simply incompatible with your OS and it is normal that all those boxes are greyed out. What services aren't starting?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 phnw

phnw
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 06 February 2012 - 11:54 AM

The issue is with Mcafee - the Firewall will not stay activated. It automatically shuts itself off. When I try to start the service, I get a msg that says: error 1075: the dependency service does not exist or has been marked for deletion. The people at the Mcafee forums told me this was likely because my machine was still infected.

Edited by phnw, 06 February 2012 - 11:54 AM.


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:34 PM

Posted 06 February 2012 - 04:02 PM

Hi,

please try running FSS:
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Have you tried uninstalling and reinstalling the McAfee product?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:34 PM

Posted 16 February 2012 - 07:17 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users