Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create a FREE account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you sign in.
Create an Account Login to Account

Swagbucks problem


  • Please log in to reply

#1
Vintage Charms

Vintage Charms

    Member

  • Member
  • PipPip
  • 75 posts
My computer has been slow the past few weeks. I decided to get rid of swagbucks because I tried to change my home page and it would not let me. I went to control panel/programs and features and removed it from there. I looked in my Program Files in C: drive and there was still a folder. I deleted that.
I donít really know what else it affects but I have been having some weird issues with my PC. Pages wonít load or load really slow. Things that need to be uploaded, take forever or donít do it at all. Pages load half-a**ed without the graphics. Some sites are worse than others but it is pretty much across the board. I have used CCCleaner, SuperAntispyware MANY times and it keeps pulling up more items. I delete and run it and there are more. I assume the problems are from the Swagbucks. I don't routinely download software. I have AVG.
I donít know the ins and outs about computers so if you use anything other than simple terms I will be lost. Sorry.

OTL logfile created on: 10/29/2013 3:11:28 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hewlett\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 8.14 Gb Available Physical Memory | 67.91% Memory free
23.98 Gb Paging File | 19.61 Gb Available in Paging File | 81.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.03 Gb Total Space | 753.63 Gb Free Space | 82.09% Space Free | Partition Type: NTFS
Drive D: | 13.39 Gb Total Space | 2.39 Gb Free Space | 17.86% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 598.16 Gb Free Space | 64.21% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 1862.86 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Drive O: | 931.28 Gb Total Space | 756.11 Gb Free Space | 81.19% Space Free | Partition Type: FAT32
Drive P: | 1863.01 Gb Total Space | 1052.81 Gb Free Space | 56.51% Space Free | Partition Type: NTFS

Computer Name: HEWLETT-PC | User Name: Hewlett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/29 15:11:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
PRC - [2013/09/23 01:17:34 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2013/08/27 21:03:20 | 000,249,048 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\identities.exe
PRC - [2013/08/27 21:03:20 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/01/24 13:44:22 | 000,072,704 | ---- | M] (Autodata Limited) -- C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 17:03:26 | 000,376,832 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe
PRC - [2010/03/05 17:02:02 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/06/04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSVC01A.EXE
PRC - [2001/12/13 01:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSS01A.EXE


========== Modules (No Company Name) ==========

MOD - [2013/10/08 21:24:18 | 004,466,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\b470f87b479584c9295b90641f175038\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll
MOD - [2013/10/08 21:24:15 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\17d646cd7bd3ef0e59a40de2328f4c86\Iris.Mapi.MessageStore.ni.dll
MOD - [2013/10/08 21:24:14 | 003,826,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\70bda4f97e9c4b4088c6cb939b98a9bb\BusinessLayer.ni.dll
MOD - [2013/10/08 21:24:10 | 001,040,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\487add060ca97a14bded964674ad63f7\Microsoft.Interop.Mapi.Impl.ni.dll
MOD - [2013/10/08 21:24:09 | 001,526,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMRes\c90f34b6018997c85226582d5c724a42\BCMRes.ni.dll
MOD - [2013/10/08 19:21:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/09/12 13:51:46 | 002,359,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\e56effd35e3da2a02874664ec7e1a365\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll
MOD - [2013/09/12 13:51:40 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/08/14 23:38:57 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\582023a23a1b9904483301ecdc20c018\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll
MOD - [2013/08/14 23:38:49 | 000,484,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\ffea4058c70243c5f4139eedb70a72ad\BCMCommon.ni.dll
MOD - [2013/08/14 22:25:41 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 22:25:28 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 22:25:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/12 10:19:15 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
MOD - [2013/07/12 10:18:54 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\8478684fb7a8875aba87db613abe95e9\Extensibility.ni.dll
MOD - [2013/07/12 10:18:39 | 002,267,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\1488c156635f7e35781ba386a27765ac\Microsoft.Office.Interop.Outlook.ni.dll
MOD - [2013/07/12 10:18:37 | 000,177,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\4070f36b1e502b80325621ecd1fd6467\Microsoft.Interop.Mapi.PropTags.ni.dll
MOD - [2013/07/12 10:18:36 | 000,963,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\office\362fac99ec7380f321c9e8fcb89faf6a\office.ni.dll
MOD - [2013/07/12 10:18:36 | 000,062,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\dc96be7f5242755ffaa72ade9707a689\Microsoft.Interop.eCRM.Ole.ni.dll
MOD - [2013/07/12 10:18:36 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\071856a2fade2421a4b3440ce7e5810c\stdole.ni.dll
MOD - [2013/07/12 10:18:35 | 000,152,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\b6d02b9cc9f934128f5ce0076c63a6e5\Microsoft.Interop.Mapi.Interfaces.ni.dll
MOD - [2013/07/12 09:02:26 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2010/11/04 21:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/03/05 16:59:44 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.dll
MOD - [2009/12/17 11:14:58 | 000,310,720 | ---- | M] () -- C:\Windows\assembly\GAC_32\BCMCommon\3.0.0.0__31bf3856ad364e35\BCMCommon.dll
MOD - [2009/12/11 04:55:07 | 000,591,976 | ---- | M] () -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008/01/11 21:50:32 | 000,529,512 | ---- | M] () -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\en-US\BCMRes.resources.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/08/09 20:02:12 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/07 21:22:19 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/09/08 02:51:16 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/01 22:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2013/10/08 20:30:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/08 19:37:58 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- O:\CrashPlanService.exe -- (CrashPlanService)
SRV - [2013/04/07 07:39:20 | 000,232,192 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/24 13:44:22 | 000,072,704 | ---- | M] (Autodata Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/12/11 04:42:55 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/12/11 04:42:26 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/09 20:02:14 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013/08/09 20:02:14 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/06/27 09:31:39 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/10 19:32:06 | 001,907,440 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/01/03 04:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/01/03 04:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/04 12:29:52 | 000,276,256 | ---- | M] (Digiarty Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/25 03:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/08 03:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/09/08 03:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/08 02:15:06 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/21 16:59:09 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/12/19 14:23:52 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/10/14 19:29:46 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/14 19:29:44 | 000,230,480 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/10/14 19:29:02 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/14 19:29:02 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:46:06 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/01 08:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 08:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 08:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/12 14:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/07 11:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/10/20 14:50:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/19 12:24:59] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/04/29 20:27:24 | 000,013,856 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\i-Menu\hugoio64.sys -- (hugoio64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{337113BC-D80B-4AE0-95FC-BD4F05655A21}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {5C2DD50B-2859-42A9-80C9-E76D555EA615}
IE - HKLM\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{337113BC-D80B-4AE0-95FC-BD4F05655A21}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3196716

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://slickdeals.net/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...F9-DB3A14AE98B3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...E10SR&pc=HPDTDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Hewlett\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Hewlett\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 20:12:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\discoversoan@orbiscom: C:\Program Files (x86)\Discover\SOAN [2012/01/13 10:17:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/05/06 00:56:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013/08/27 23:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 20:12:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Hewlett\AppData\Roaming\IDM\idmmzcc5

[2013/05/25 16:05:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Extensions
[2013/10/08 19:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Firefox\Profiles\smj03a5y.default-1379960535967\Extensions
[2013/10/08 18:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Firefox\Profiles\v471oqlq.default\extensions
[2013/10/07 22:38:47 | 000,003,746 | ---- | M] () -- C:\Users\Hewlett\AppData\Roaming\mozilla\firefox\profiles\smj03a5y.default-1379960535967\searchplugins\safeguard-secure-search.xml
[2013/09/16 12:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/08/19 21:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/25 15:13:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/24 15:32:16 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2006/09/26 14:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/06/06 00:17:49 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddagfbbgmdhmolnjoaghlapikdcahbbl\5.0.0.170\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/10/28 21:42:26 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Secure Online Account Numbers Helper) - {435EAA86-D32B-484F-869C-53745FCB1642} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Secure Online Account Numbers) - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Secure Online Account Numbers] C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 2020panel.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2leep.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: adperk.com ([my] http in Trusted sites)
O15 - HKCU\..Trusted Domains: adperk.com ([my] https in Trusted sites)
O15 - HKCU\..Trusted Domains: adperk.com ([riteaid] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amazon.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: apa.org ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aveeno.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bayportcu.org ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bayportcu.org ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bhg.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: binsearch.info ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bonton.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bordersrewardsperks.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: buysub.com ([w1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bzzagent.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bzzagent.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: cheetahmail.com ([reg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: coach.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: colgate.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: condenastdirect.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: coorslight.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: coupons.com ([bricks] http in Trusted sites)
O15 - HKCU\..Trusted Domains: coupons.com ([print] http in Trusted sites)
O15 - HKCU\..Trusted Domains: crafterschoice.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dailypress.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dealideal.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: debbiedoescoupons.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: discovercard.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dyyno.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: dyyno.com ([beta] https in Trusted sites)
O15 - HKCU\..Trusted Domains: eprize.com ([aarp.promo] http in Trusted sites)
O15 - HKCU\..Trusted Domains: equifax.com ([fact.econsumer] https in Trusted sites)
O15 - HKCU\..Trusted Domains: excite.com ([webmail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([apps] http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: familycircle.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: fatwallet.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fidelity.com ([login] https in Trusted sites)
O15 - HKCU\..Trusted Domains: finlandiapharmacyonline.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fitfeatures.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fnfismd.com ([carenet] https in Trusted sites)
O15 - HKCU\..Trusted Domains: foodnetwork.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gethalls.com ([popadrop] http in Trusted sites)
O15 - HKCU\..Trusted Domains: globalepanel.com ([surveys] http in Trusted sites)
O15 - HKCU\..Trusted Domains: go.com ([disney] http in Trusted sites)
O15 - HKCU\..Trusted Domains: go.com ([secure.disneymovierewards] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gongos.com ([survey2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gongos.com ([village] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([docs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: grouponbot.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: hallmarkoffers.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ingdirect.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: instructables.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ipsosinteractive.com ([surveys] http in Trusted sites)
O15 - HKCU\..Trusted Domains: itracks.com ([grus] https in Trusted sites)
O15 - HKCU\..Trusted Domains: jcpenney.com ([shop3] https in Trusted sites)
O15 - HKCU\..Trusted Domains: jcpenney.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: jcpenney.com ([www4] http in Trusted sites)
O15 - HKCU\..Trusted Domains: jcprewards.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kelloggs.com ([registration] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kodakgallery.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: kohls.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kraftbrands.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: liveauctioneers.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: lm.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lorealparisusa.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: lowes.com ([registration] http in Trusted sites)
O15 - HKCU\..Trusted Domains: magazineline.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: magazines.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mail-scjohnson.com ([reg] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mccormick.com ([consumertesting] http in Trusted sites)
O15 - HKCU\..Trusted Domains: medcohealth.com ([host1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([store] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mturk.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mylifetime.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mypoints.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: myspace.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: neolips.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: netsuite.com ([checkout] https in Trusted sites)
O15 - HKCU\..Trusted Domains: nzb.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: nzbmatrix.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: nzbmatrix.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: officedepot.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: opinionoutpost.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: opinionoutpost.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: parentspeak.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: patronsocialclub.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: pb.com ([ibdswebp11-ext] https in Trusted sites)
O15 - HKCU\..Trusted Domains: petcarerx.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pgestore.com ([community] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pgeverydaysolutions.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: pineconeresearch.com ([media] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pizzahut.com ([quikorder] https in Trusted sites)
O15 - HKCU\..Trusted Domains: qualboard.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: raisethebarcontest.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: recyclebank.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: redplumemail.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: reebok.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: riteaid.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: sears.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: sears.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sephora.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: siriusxm.com ([care] https in Trusted sites)
O15 - HKCU\..Trusted Domains: slickdeals.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: smdisp.net ([mscuillume] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ssisurveys.com ([dkr1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sslprotected.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: state.va.us ([wasdmz2.courts] http in Trusted sites)
O15 - HKCU\..Trusted Domains: suave.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: surveyrouter.com ([ups] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swagbucks.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: swagbucks.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tcm.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: testspin.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: thehdroom.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tomtracker.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: topnzbsites.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tums.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: twitter.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ulta.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: universalstudios.com ([signup] http in Trusted sites)
O15 - HKCU\..Trusted Domains: usps.com ([carrierpickup] https in Trusted sites)
O15 - HKCU\..Trusted Domains: vanguard.com ([personal] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([ebillpay] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([mediastore] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([myaccount] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: vivatowels.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: vocalpoint.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: walmart.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: wendysrealtime.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: womansday.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([edit] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([us.mc335.mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yankeecandle.com ([www] https in Trusted sites)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.c...eUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://homedecorator...X_WEB_Win32.cab (20-20 3D Viewer for WEB)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokeso...1452/MILive.cab (Invoke Solutions MILiveParticipantPadHelper Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Invoke Solutions Participant Control(MR))
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05CBDC94-EDE7-44A8-AE0D-41EA25F23289}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2B8D6F6-CFF4-4E54-9A58-84B2CF81C715}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/21 04:20:57 | 004,854,382 | ---- | M] ( ) - E:\AutoUnpack452.exe -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - O:\AUTORUN_.INF -- [ FAT32 ]
O32 - AutoRun File - [2010/07/02 17:30:52 | 000,000,000 | RH-D | M] - P:\autorun -- [ NTFS ]
O32 - AutoRun File - [2012/07/15 12:50:11 | 000,000,066 | ---- | M] () - P:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\autorun.exe
O33 - MountPoints2\L\Shell\phone\command - "" = L:\autorun.exe
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\DTLplus_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/29 15:11:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
[2013/10/28 18:40:16 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Desktop\Games
[2013/10/27 13:14:53 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2013/10/24 06:03:54 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\Hewlett\JRT.exe
[2013/10/23 08:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/10/20 21:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/20 21:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/20 02:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
[2013/10/19 04:34:15 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Desktop\RK_Quarantine
[2013/10/09 18:56:52 | 004,369,632 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup406.exe
[2013/10/07 23:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My RoboForm Data
[2013/10/07 22:38:46 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Roaming\Python-Eggs
[2013/10/07 22:38:42 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Roaming\BitLord
[2013/10/07 22:38:09 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Documents\BitLord
[2013/10/01 23:33:11 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Local\avgchrome
[2013/09/25 20:03:20 | 153,684,128 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Hewlett\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
[2013/09/25 19:38:49 | 030,669,224 | ---- | C] (Oracle Corporation) -- C:\Users\Hewlett\jre-7u40-windows-x64.exe
[2013/09/25 19:21:47 | 002,014,840 | ---- | C] (DriverBoost) -- C:\Program Files (x86)\DriverBoostPro_Setup.exe
[2013/08/29 00:31:00 | 013,813,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\mseinstall.exe
[2013/08/27 21:03:12 | 014,266,592 | ---- | C] (Siber Systems) -- C:\Program Files (x86)\AiRoboForm-cnetc.exe
[2013/08/07 19:42:19 | 004,100,432 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\dfsetup215.exe
[2013/07/10 17:50:40 | 010,104,832 | ---- | C] (© Phoenix Technologies Ltd. ) -- C:\Program Files (x86)\N4110A11.exe
[2013/06/27 09:31:14 | 016,974,720 | ---- | C] (NETGEAR Inc.) -- C:\Program Files (x86)\NETGEARGenie-install.exe
[2013/06/16 18:03:35 | 020,896,392 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Windows-KB890830-x64-V5.1.exe
[2013/06/16 18:01:57 | 013,475,464 | ---- | C] (Microsoft Corporation) -- C:\Users\Hewlett\mseinstall.exe
[2013/05/31 14:46:24 | 001,858,464 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files (x86)\couponprinter.exe
[2013/05/29 18:26:37 | 013,998,208 | ---- | C] (Abelssoft ) -- C:\Program Files (x86)\ysd.exe
[2013/05/26 15:11:28 | 032,891,536 | ---- | C] (Amazon.com) -- C:\Program Files (x86)\KindleForPC-installer.exe.tm8cly3.partial
[2013/05/06 00:54:06 | 003,685,760 | ---- | C] (Logitech Inc.) -- C:\Program Files (x86)\setpoint652_smart.exe
[2013/03/27 13:40:24 | 002,148,152 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Hewlett\AppData\Local\BcsKtYcHW.dll
[2012/07/15 15:31:16 | 000,212,224 | ---- | C] (Big Fish Games) -- C:\Program Files\bigfishgames_p149244068_s1_l1.exe
[2012/03/28 21:51:08 | 000,212,224 | ---- | C] (Big Fish Games) -- C:\Program Files\bigfishgames_p137518353_s1_l1.exe
[2012/03/24 15:31:20 | 000,485,576 | ---- | C] (Catalina Marketing Corp. ) -- C:\Program Files\CouponActivator.exe
[2012/03/21 15:55:20 | 165,923,488 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Program Files\12-2_vista_win7_64_dd_ccc.exe
[2011/11/17 05:28:37 | 005,855,312 | ---- | C] (Digiarty ) -- C:\Program Files (x86)\winx-bd-decrypter.exe
[2011/09/20 09:42:10 | 000,946,352 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files (x86)\SkypeSetup.exe
[2011/08/20 12:19:14 | 001,637,504 | ---- | C] (Hewlett-Packard Development Company, L.P. ) -- C:\Program Files (x86)\sp49903.exe
[2011/08/04 01:30:58 | 000,046,464 | ---- | C] (SUPERAdBlocker.com) -- C:\Program Files (x86)\SASTask.exe
[2011/08/01 00:36:23 | 011,721,512 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpywarePro.exe
[2011/04/05 11:58:05 | 009,104,256 | ---- | C] (Logitech Inc.) -- C:\Program Files (x86)\Setup - 64 bit.exe
[2011/02/07 11:28:20 | 006,275,960 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Silverlight.exe
[2011/01/25 06:09:23 | 012,832,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\windows-kb890830-x64-v3.15.exe
[2010/05/21 12:54:18 | 001,285,272 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files\couponprinter.exe
[2010/05/19 23:18:13 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\ProgramData\couponprinter.exe
[2010/01/07 22:15:56 | 005,115,840 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2009/12/23 14:53:39 | 114,591,160 | ---- | C] (CANON INC.) -- C:\Program Files\zb641vistaupd-en.exe
[2009/12/23 14:15:56 | 001,359,360 | ---- | C] (Irfan Skiljan) -- C:\Program Files\iview425_setup.exe
[2009/12/17 17:12:25 | 031,616,544 | ---- | C] (Logitech Inc.) -- C:\Program Files\Setup_64bit.exe
[2009/12/16 20:53:22 | 036,469,413 | ---- | C] (A.I.SOFT,INC.) -- C:\Program Files\7225-INST-WIN7-A.EXE
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/29 15:11:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
[2013/10/29 14:42:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA.job
[2013/10/29 14:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/29 11:28:55 | 014,262,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/29 11:28:55 | 004,788,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/29 11:28:55 | 000,006,664 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/28 22:06:51 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/28 22:06:51 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/28 21:58:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/28 21:57:52 | 1066,737,662 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/28 21:55:48 | 000,062,068 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/28 21:55:48 | 000,062,068 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/28 21:55:48 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/28 21:42:26 | 000,000,741 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/28 20:42:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core.job
[2013/10/28 18:45:22 | 000,009,296 | ---- | M] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013/10/28 01:24:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHewlett.job
[2013/10/28 00:00:06 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2013/10/24 12:38:32 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\Hewlett\JRT.exe
[2013/10/24 06:52:59 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/10/24 05:52:22 | 000,985,600 | ---- | M] () -- C:\Users\Hewlett\MicrosoftFixit50123.msi
[2013/10/23 08:03:58 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/10/23 07:37:58 | 000,022,016 | ---- | M] () -- C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/15 09:28:53 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013/10/09 18:57:18 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/09 18:57:10 | 004,369,632 | ---- | M] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup406.exe
[2013/10/08 19:10:30 | 000,579,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/08 18:47:54 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/24 05:52:18 | 000,985,600 | ---- | C] () -- C:\Users\Hewlett\MicrosoftFixit50123.msi
[2013/10/16 00:10:49 | 000,009,296 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013/09/16 12:35:39 | 003,787,776 | ---- | C] () -- C:\Program Files (x86)\RogueKillerX64.exe
[2013/05/11 09:23:32 | 000,098,304 | ---- | C] () -- C:\Users\Hewlett\fbchathistory.dat
[2013/05/04 11:19:07 | 000,502,592 | ---- | C] () -- C:\Program Files (x86)\AmazonCloudDriveSetup.exe
[2013/04/24 22:18:47 | 000,013,235 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2013/04/24 22:17:23 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/04/24 22:17:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/03/27 13:40:22 | 000,915,073 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\a.zip
[2013/02/27 21:15:40 | 000,798,720 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.dll
[2013/02/27 21:15:40 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.exe
[2013/02/27 21:15:40 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\FCNetLib.dll
[2013/02/27 21:15:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\SearchLib.dll
[2013/02/27 21:15:40 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\IPCamera.exe
[2013/02/27 21:15:40 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FCSDK.dll
[2013/01/29 15:57:11 | 000,000,474 | ---- | C] () -- C:\Program Files (x86)\rarreg.key
[2013/01/29 15:57:11 | 000,000,022 | ---- | C] () -- C:\Program Files (x86)\zipnew.dat
[2013/01/29 15:57:11 | 000,000,020 | ---- | C] () -- C:\Program Files (x86)\rarnew.dat
[2013/01/29 15:57:09 | 000,140,288 | ---- | C] () -- C:\Program Files (x86)\RarExt32.dll
[2013/01/29 15:57:09 | 000,097,792 | ---- | C] () -- C:\Program Files (x86)\Zip64.SFX
[2013/01/29 15:57:09 | 000,094,720 | ---- | C] () -- C:\Program Files (x86)\WinCon64.SFX
[2013/01/29 15:57:09 | 000,078,336 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX
[2013/01/29 15:57:08 | 001,163,264 | ---- | C] () -- C:\Program Files (x86)\WinRAR.exe
[2013/01/29 15:57:08 | 000,276,992 | ---- | C] () -- C:\Program Files (x86)\UnRAR.exe
[2013/01/29 15:57:08 | 000,266,224 | ---- | C] () -- C:\Program Files (x86)\WinRAR.chm
[2013/01/29 15:57:08 | 000,164,864 | ---- | C] () -- C:\Program Files (x86)\RarExt.dll
[2013/01/29 15:57:08 | 000,132,608 | ---- | C] () -- C:\Program Files (x86)\Uninstall.exe
[2013/01/29 15:57:08 | 000,072,704 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX
[2013/01/29 15:57:08 | 000,001,233 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst
[2013/01/29 15:57:08 | 000,000,700 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst
[2013/01/29 12:56:55 | 000,000,408 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/01/14 13:29:23 | 000,000,000 | ---- | C] () -- C:\Windows\Tomb.INI
[2012/12/26 04:05:45 | 000,241,040 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/11/26 15:35:09 | 000,000,408 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/11/26 15:35:09 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/11/26 15:30:48 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012/11/26 15:30:48 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/11/26 15:30:47 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/11/16 19:16:27 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/10 04:13:22 | 022,259,528 | ---- | C] () -- C:\Program Files (x86)\vlc-2.0.1-win32.exe
[2012/02/25 05:29:23 | 001,639,789 | ---- | C] () -- C:\Program Files (x86)\winrar-x64-411.exe
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/07/02 20:44:47 | 000,009,314 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML
[2011/02/04 10:18:49 | 013,358,984 | ---- | C] () -- C:\Program Files (x86)\SAS_919F32C6.COM
[2011/01/30 15:47:18 | 000,173,966 | ---- | C] () -- C:\Program Files (x86)\sfjsetup.exe
[2010/12/13 19:05:47 | 000,007,609 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\resmon.resmoncfg
[2010/12/06 18:27:18 | 000,002,176 | -H-- | C] () -- C:\Program Files\ZbThumbnail.info
[2010/10/15 17:30:34 | 000,001,057 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\vso_ts_preview.xml
[2010/06/24 18:11:27 | 002,236,416 | ---- | C] () -- C:\Program Files (x86)\ue293reg64.exe
[2010/01/21 17:37:47 | 000,022,016 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/05 14:11:32 | 000,717,374 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8138.1
[2010/01/05 14:11:30 | 001,767,146 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8138.0
[2010/01/05 14:10:05 | 000,703,221 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8137.1
[2010/01/05 14:10:04 | 001,747,941 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8137.0
[2009/12/16 20:50:55 | 000,591,586 | ---- | C] () -- C:\Program Files\Pack_Main0En250.exe
[2006/01/06 05:24:34 | 000,000,015 | -H-- | C] () -- C:\Users\Hewlett\AppData\Roaming\Hewlettlog.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 09:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 09:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/23 00:20:18 | 000,000,000 | -HSD | M] -- C:\Users\Hewlett\AppData\Roaming\.#
[2012/02/14 23:40:47 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AlawarEntertainment
[2010/09/05 18:41:05 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Amazon
[2012/07/13 23:41:51 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AVG
[2013/06/21 22:26:15 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AVG2013
[2013/05/29 18:13:38 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\BabSolution
[2013/05/29 18:10:15 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Babylon
[2012/03/26 14:47:31 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Big Fish Games
[2013/10/07 23:46:37 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\BitLord
[2013/09/27 19:28:36 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Boomzap
[2012/11/22 15:47:41 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Canon
[2012/02/02 19:31:14 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Casual Arts
[2012/02/01 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\casualArts
[2012/01/14 15:38:03 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Catalina Marketing Corp
[2013/03/27 13:40:19 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Catalina Ė Print Savings
[2011/09/09 17:30:19 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\com.amazon.music.uploader
[2013/05/02 02:53:58 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ControlCenter4
[2013/10/20 02:37:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\CrashPlan
[2011/12/27 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Digiarty
[2013/05/25 17:05:11 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\DMCache
[2013/09/25 15:26:27 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Elephant Games
[2013/09/23 20:02:40 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ERS Game Studios
[2013/05/26 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\EurekaLog
[2013/05/26 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\FDRLab
[2009/12/29 18:18:49 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Foxit
[2011/12/21 01:01:11 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Foxit Software
[2013/09/16 10:40:53 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\FreeBurner
[2012/03/06 06:44:37 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Gaijin Ent
[2011/07/20 00:04:28 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\go
[2013/10/28 19:14:45 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\GoodSync
[2013/05/25 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\IDM
[2013/09/16 10:40:33 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ImgBurn
[2010/05/19 21:13:23 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\IrfanView
[2010/10/12 08:42:29 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Keynote Systems
[2009/12/17 17:27:52 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Leadertech
[2012/08/22 23:07:07 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\mjusbsp
[2012/03/05 13:56:49 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Namco
[2012/10/28 03:00:31 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Netgear Live Parental Controls
[2013/05/03 07:13:29 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Nuance
[2011/07/27 22:46:35 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Oberon Media
[2011/07/27 22:48:08 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Pogo Games
[2013/10/07 22:38:46 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Python-Eggs
[2013/05/25 17:02:59 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\SearchProtect
[2010/10/11 23:49:15 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Serif
[2013/09/23 15:38:23 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\SpinTop Games
[2011/09/03 15:19:26 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\TechSmith
[2013/05/22 19:51:02 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\TuneUp Software
[2010/05/19 18:14:23 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Uniblue
[2013/09/25 18:36:27 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Vast Studios
[2012/01/29 14:24:08 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Vso
[2010/03/02 16:10:50 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\webex
[2009/12/24 22:32:00 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/02/16 00:00:56 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?r) -- C:\Windows\SysWow64\쓐ř
[2010/02/16 00:00:56 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?r) -- C:\Windows\SysWow64\쓐ř
[2010/01/10 18:46:32 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?Ŕ) -- C:\Windows\SysWow64\Ŕ
[2010/01/10 18:46:32 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?Ŕ) -- C:\Windows\SysWow64\Ŕ

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:E21987F7
@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:391535F9
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:F3A27FDE
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:1E17A249
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:EBCF5924
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:EFBD4447
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:9BAC4211
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:61F0C8FB
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:D31BE97C
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:2342AE46
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:4673E9EA
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:78E0DF72
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:9ACB70D7
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:4B6A9FDA
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:02DD996C
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:AA6C7C38
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:6B9828AE
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 143 bytes -> C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E8B61305
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:B38BEEEE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:072CBE6D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1A15E356
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:62AF94A0
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:C6D0ABC3
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:6B709AD7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:737160C1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:8E5EA40F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8F925134
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:4EFDF5FB
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:BE0654D6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:7A84B999
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5539129F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:409A775B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:36FFA2FB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0A74923C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6896CCCE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:55F44B88
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:22313216
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:14A1BBE3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0E684AC9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7A0EFE63
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:12258D63
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4EE95FE7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:E83EE313
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:6401C7FF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:1B7E2022
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:7972CF54
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C74D7A47
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:43301D1D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:E32966C0
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:331B76C7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:561B1D2B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:EC0A74A1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:551BED5F
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:F437A62A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5E9B629B

< End of report >
  • 0

Similar Topics: Swagbucks problem     x


#2
Vintage Charms

Vintage Charms

    Member

  • Member
  • PipPip
  • 75 posts
I know you guys are really busy, what with Halloween and everything. I deleted everything that had conduit and searchprotect but it didn't make a difference. I can't do anything with the registry on my own. I have MalwareByted it several times as well as SuperAntiSpyware. I'll be here when you get a chance. Thank you in advance.
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,052 posts
Hi I see you have run JRT could I see the last log for that please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3196716
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://slickdeals.net/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...F9-DB3A14AE98B3
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O15 - HKCU\..Trusted Domains: 2020panel.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2leep.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: adperk.com ([my] http in Trusted sites)
O15 - HKCU\..Trusted Domains: adperk.com ([my] https in Trusted sites)
O15 - HKCU\..Trusted Domains: adperk.com ([riteaid] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amazon.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: apa.org ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aveeno.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bayportcu.org ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bayportcu.org ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bhg.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: binsearch.info ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bonton.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bordersrewardsperks.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: buysub.com ([w1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bzzagent.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bzzagent.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: cheetahmail.com ([reg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: coach.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: colgate.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: condenastdirect.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: coorslight.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: coupons.com ([bricks] http in Trusted sites)
O15 - HKCU\..Trusted Domains: coupons.com ([print] http in Trusted sites)
O15 - HKCU\..Trusted Domains: crafterschoice.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dailypress.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dealideal.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: debbiedoescoupons.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: discovercard.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dyyno.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: dyyno.com ([beta] https in Trusted sites)
O15 - HKCU\..Trusted Domains: eprize.com ([aarp.promo] http in Trusted sites)
O15 - HKCU\..Trusted Domains: equifax.com ([fact.econsumer] https in Trusted sites)
O15 - HKCU\..Trusted Domains: excite.com ([webmail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([apps] http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: familycircle.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: fatwallet.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fidelity.com ([login] https in Trusted sites)
O15 - HKCU\..Trusted Domains: finlandiapharmacyonline.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fitfeatures.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fnfismd.com ([carenet] https in Trusted sites)
O15 - HKCU\..Trusted Domains: foodnetwork.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gethalls.com ([popadrop] http in Trusted sites)
O15 - HKCU\..Trusted Domains: globalepanel.com ([surveys] http in Trusted sites)
O15 - HKCU\..Trusted Domains: go.com ([disney] http in Trusted sites)
O15 - HKCU\..Trusted Domains: go.com ([secure.disneymovierewards] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gongos.com ([survey2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gongos.com ([village] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([docs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: grouponbot.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: hallmarkoffers.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ingdirect.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: instructables.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ipsosinteractive.com ([surveys] http in Trusted sites)
O15 - HKCU\..Trusted Domains: itracks.com ([grus] https in Trusted sites)
O15 - HKCU\..Trusted Domains: jcpenney.com ([shop3] https in Trusted sites)
O15 - HKCU\..Trusted Domains: jcpenney.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: jcpenney.com ([www4] http in Trusted sites)
O15 - HKCU\..Trusted Domains: jcprewards.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kelloggs.com ([registration] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kodakgallery.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: kohls.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kraftbrands.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: liveauctioneers.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: lm.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lorealparisusa.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: lowes.com ([registration] http in Trusted sites)
O15 - HKCU\..Trusted Domains: magazineline.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: magazines.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mail-scjohnson.com ([reg] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mccormick.com ([consumertesting] http in Trusted sites)
O15 - HKCU\..Trusted Domains: medcohealth.com ([host1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([store] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mturk.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mylifetime.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mypoints.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: myspace.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: neolips.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: netsuite.com ([checkout] https in Trusted sites)
O15 - HKCU\..Trusted Domains: nzb.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: nzbmatrix.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: nzbmatrix.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: officedepot.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: opinionoutpost.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: opinionoutpost.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: parentspeak.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: patronsocialclub.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: pb.com ([ibdswebp11-ext] https in Trusted sites)
O15 - HKCU\..Trusted Domains: petcarerx.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pgestore.com ([community] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pgeverydaysolutions.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: pineconeresearch.com ([media] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pizzahut.com ([quikorder] https in Trusted sites)
O15 - HKCU\..Trusted Domains: qualboard.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: raisethebarcontest.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: recyclebank.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: redplumemail.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: reebok.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: riteaid.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: sears.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: sears.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sephora.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: siriusxm.com ([care] https in Trusted sites)
O15 - HKCU\..Trusted Domains: slickdeals.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: smdisp.net ([mscuillume] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ssisurveys.com ([dkr1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sslprotected.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: state.va.us ([wasdmz2.courts] http in Trusted sites)
O15 - HKCU\..Trusted Domains: suave.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: surveyrouter.com ([ups] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swagbucks.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: swagbucks.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tcm.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: testspin.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: thehdroom.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tomtracker.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: topnzbsites.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tums.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: twitter.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ulta.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: universalstudios.com ([signup] http in Trusted sites)
O15 - HKCU\..Trusted Domains: usps.com ([carrierpickup] https in Trusted sites)
O15 - HKCU\..Trusted Domains: vanguard.com ([personal] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([ebillpay] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([mediastore] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([myaccount] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: vivatowels.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: vocalpoint.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: walmart.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: wendysrealtime.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: womansday.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([edit] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([us.mc335.mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yankeecandle.com ([www] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O32 - AutoRun File - [2011/09/21 04:20:57 | 004,854,382 | ---- | M] ( ) - E:\AutoUnpack452.exe -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - O:\AUTORUN_.INF -- [ FAT32 ]
O32 - AutoRun File - [2010/07/02 17:30:52 | 000,000,000 | RH-D | M] - P:\autorun -- [ NTFS ]
O32 - AutoRun File - [2012/07/15 12:50:11 | 000,000,066 | ---- | M] () - P:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\autorun.exe
O33 - MountPoints2\L\Shell\phone\command - "" = L:\autorun.exe
[2013/05/29 18:13:38 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\BabSolution
[2013/05/29 18:10:15 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Babylon
[2013/05/25 17:02:59 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\SearchProtect

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#4
Vintage Charms

Vintage Charms

    Member

  • Member
  • PipPip
  • 75 posts
I have no idea where it landed. Running again right now. Thank you.
  • 0

#5
Vintage Charms

Vintage Charms

    Member

  • Member
  • PipPip
  • 75 posts
~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\privitizevpninstalldates
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\app24x7help_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\app24x7help_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1402350
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2260173
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3196716
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\nsprotector.js"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\Hewlett\AppData\Roaming\big fish games"
Successfully deleted: [Folder] "C:\Users\Hewlett\appdata\local\big fish"
Successfully deleted: [Folder] "C:\Users\Hewlett\appdata\local\shopping sidekick plugin"
Successfully deleted: [Folder] "C:\Users\Hewlett\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Hewlett\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Hewlett\appdata\locallow\wiseconvert"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\bigfishcache"



~~~ FireFox

Successfully deleted: [File] C:\Users\Hewlett\AppData\Roaming\mozilla\firefox\profiles\smj03a5y.default-1379960535967\user.js



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/30/2013 at 14:51:18.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#6
Vintage Charms

Vintage Charms

    Member

  • Member
  • PipPip
  • 75 posts
I keep getting an error: /Device/Harddisk5/DR5 and it won't go any further in the OTL
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,052 posts
OK stop OTL and run a fresh all user scan please
  • 0

#8
Vintage Charms

Vintage Charms

    Member

  • Member
  • PipPip
  • 75 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2020panel.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2leep.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adperk.com\my\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adperk.com\my\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adperk.com\riteaid\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazon.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\apa.org\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aveeno.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bayportcu.org\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bayportcu.org\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bhg.com\secure\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\binsearch.info\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bonton.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bordersrewardsperks.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buysub.com\w1\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bzzagent.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bzzagent.com\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cheetahmail.com\reg\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coach.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\colgate.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\condenastdirect.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coorslight.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coupons.com\bricks\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coupons.com\print\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crafterschoice.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dailypress.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dealideal.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\debbiedoescoupons.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dell.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\discovercard.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dyyno.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dyyno.com\beta\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\eprize.com\aarp.promo\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\equifax.com\fact.econsumer\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\excite.com\webmail\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\facebook.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\facebook.com\apps\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\facebook.com\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\facebook.com\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\familycircle.com\secure\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fatwallet.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fidelity.com\login\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\finlandiapharmacyonline.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fitfeatures.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fnfismd.com\carenet\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\foodnetwork.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gethalls.com\popadrop\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\globalepanel.com\surveys\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\go.com\disney\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\go.com\secure.disneymovierewards\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gongos.com\survey2\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gongos.com\village\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\docs\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grouponbot.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hallmarkoffers.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ingdirect.com\secure\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\instructables.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ipsosinteractive.com\surveys\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\itracks.com\grus\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\jcpenney.com\shop3\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\jcpenney.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\jcpenney.com\www4\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\jcprewards.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kelloggs.com\registration\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kodakgallery.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kohls.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kraftbrands.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\liveauctioneers.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lm.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lorealparisusa.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lowes.com\registration\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\magazineline.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\magazines.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mail-scjohnson.com\reg\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mccormick.com\consumertesting\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\medcohealth.com\host1\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\office\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\store\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mturk.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mylifetime.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mypoints.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myspace.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\neolips.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\netsuite.com\checkout\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nzb.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nzbmatrix.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nzbmatrix.com\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\officedepot.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\opinionoutpost.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\opinionoutpost.com\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\parentspeak.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\patronsocialclub.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pb.com\ibdswebp11-ext\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\petcarerx.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pgestore.com\community\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pgeverydaysolutions.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pineconeresearch.com\media\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pizzahut.com\quikorder\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\qualboard.com\secure\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\raisethebarcontest.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\recyclebank.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redplumemail.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\reebok.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\riteaid.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sears.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sears.com\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sephora.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\siriusxm.com\care\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slickdeals.net\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\smdisp.net\mscuillume\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sonystyle.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ssisurveys.com\dkr1\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sslprotected.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\state.va.us\wasdmz2.courts\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\suave.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\surveyrouter.com\ups\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\swagbucks.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\swagbucks.com\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tcm.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\testspin.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\thehdroom.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tomtracker.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\topnzbsites.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tums.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\twitter.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ulta.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\universalstudios.com\signup\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\usps.com\carrierpickup\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vanguard.com\personal\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\verizonwireless.com\ebillpay\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\verizonwireless.com\mediastore\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\verizonwireless.com\myaccount\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\verizonwireless.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vivatowels.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vocalpoint.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\walmart.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wendysrealtime.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\womansday.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo.com\edit\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo.com\us.mc335.mail\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yankeecandle.com\www\ deleted successfully.
Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
C:\Windows\Downloaded Program Files\QTPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
E:\AutoUnpack452.exe moved successfully.
O:\AUTORUN_.INF moved successfully.
File not found.
P:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully.
File L:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
File L:\autorun.exe not found.
Folder C:\Users\Hewlett\AppData\Roaming\BabSolution\ not found.
Folder C:\Users\Hewlett\AppData\Roaming\Babylon\ not found.
Folder C:\Users\Hewlett\AppData\Roaming\SearchProtect\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Hewlett
->Temp folder emptied: 4960081 bytes
->Temporary Internet Files folder emptied: 73092703 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5201656 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 25237532 bytes

User: PAT

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 291142 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 119180 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 44570587 bytes

Total Files Cleaned = 146.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10302013_145430

Files\Folders moved on Reboot...
C:\Users\Hewlett\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunkCA3V1FUL.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunkCA5MG4QJ.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunkCACE10BN.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunkCACPRMHB.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunkCAG06JZK.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunkCAICRHDD.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunkCAK52F8H.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunkCAM68LK4.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunkCAPKDRVX.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunkCAPV7XIL.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunkCAQ25UDK.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunkCAWW5X1D.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunkCAZNWR7Y.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunk[10].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunk[11].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunk[1].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunk[2].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunk[3].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunk[4].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunk[5].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunk[6].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunk[7].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunk[8].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\chunk[9].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\d19cc099b0[2].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\prompt[1].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\var=ccauds[1].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPHGA2VZ\var=ccauds[2].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\al[1].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\al[2].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunkCA02H1NL.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunkCA0YO608.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunkCA166ER5.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunkCA3PEYW1.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunkCA5LMHF2.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunkCABHKDMO.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunkCAE78BMM.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunkCAGK5CYY.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunkCAI28IG7.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunkCAQEQQ84.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunkCAY53XKT.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunkCAYEXIU1.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunkCAYUC5YJ.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunk[10].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunk[11].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunk[1].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunk[2].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunk[3].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunk[4].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunk[5].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunk[6].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunk[7].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunk[8].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SM5GMQN8\chunk[9].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\al[1].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunkCA4V96QD.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunkCAAYVIOS.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunkCAEDN1LY.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunkCAKIHY3Z.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunkCAN2UA1H.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunkCAS4BQMQ.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunkCASG8PP1.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunkCATHUZAG.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunkCAV1P13X.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunkCAXDHJKQ.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunkCAY40VGV.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunkCAZ6N195.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunk[10].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunk[11].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunk[1].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunk[2].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunk[3].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunk[4].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunk[5].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunk[6].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunk[7].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunk[8].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\chunk[9].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\context[1].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INP4BNUH\prompt[1].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\al[1].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunkCA2I0WWF.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunkCA36YG6K.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunkCA87WTZ7.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunkCA9EPG26.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunkCABH8AU8.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunkCADSQ4Z0.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunkCAE21V9X.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunkCAEL206F.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunkCAI6885V.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunkCAMMYMEN.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunkCAQ2B31Q.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunkCAU6QXMW.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunkCAUMYO9K.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunkCAY3WMDU.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunkCAZEB6A5.js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunk[10].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunk[11].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunk[1].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunk[2].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunk[3].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunk[4].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunk[5].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunk[6].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunk[7].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunk[8].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\chunk[9].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\j[1].js moved successfully.
C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B2Z0SHB\page__gopid__2345332[1].htm moved successfully.
File\Folder C:\Windows\temp\hsperfdata_HEWLETT-PC$\2832 not found!
File\Folder C:\Windows\temp\jna882474158512243277.dll not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,052 posts
OK it appears to have run after all :)

If I could have a fresh OTL scan and an update on how the computer is behaving
  • 0

#10
Vintage Charms

Vintage Charms

    Member

  • Member
  • PipPip
  • 75 posts
It is running right now. My home pages are staying put. It seems faster. Yesterday I could not get Fatwallet.com to recognize my log in. It works. I guess time will tell. But I am sure it is fine. I will post the OTL at the conclusion of the scan. Thank you again.
  • 0

#11
Vintage Charms

Vintage Charms

    Member

  • Member
  • PipPip
  • 75 posts
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hewlett\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 8.95 Gb Available Physical Memory | 74.66% Memory free
23.98 Gb Paging File | 20.78 Gb Available in Paging File | 86.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.03 Gb Total Space | 756.50 Gb Free Space | 82.41% Space Free | Partition Type: NTFS
Drive D: | 13.39 Gb Total Space | 2.39 Gb Free Space | 17.86% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 598.17 Gb Free Space | 64.21% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 1859.47 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive M: | 7.20 Gb Total Space | 7.20 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive O: | 931.28 Gb Total Space | 748.04 Gb Free Space | 80.32% Space Free | Partition Type: FAT32
Drive P: | 1863.01 Gb Total Space | 1052.95 Gb Free Space | 56.52% Space Free | Partition Type: NTFS

Computer Name: HEWLETT-PC | User Name: Hewlett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/29 15:11:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
PRC - [2013/09/23 01:17:34 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2013/08/27 21:03:20 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/24 13:44:22 | 000,072,704 | ---- | M] (Autodata Limited) -- C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 17:03:26 | 000,376,832 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe
PRC - [2010/03/05 17:02:02 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/06/04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSVC01A.EXE
PRC - [2001/12/13 01:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSS01A.EXE


========== Modules (No Company Name) ==========

MOD - [2013/10/08 21:24:18 | 004,466,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\b470f87b479584c9295b90641f175038\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll
MOD - [2013/10/08 21:24:15 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\17d646cd7bd3ef0e59a40de2328f4c86\Iris.Mapi.MessageStore.ni.dll
MOD - [2013/10/08 21:24:14 | 003,826,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\70bda4f97e9c4b4088c6cb939b98a9bb\BusinessLayer.ni.dll
MOD - [2013/10/08 21:24:10 | 001,040,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\487add060ca97a14bded964674ad63f7\Microsoft.Interop.Mapi.Impl.ni.dll
MOD - [2013/10/08 21:24:09 | 001,526,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMRes\c90f34b6018997c85226582d5c724a42\BCMRes.ni.dll
MOD - [2013/10/08 19:21:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/09/12 13:51:46 | 002,359,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\e56effd35e3da2a02874664ec7e1a365\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll
MOD - [2013/09/12 13:51:40 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/08/14 23:38:57 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\582023a23a1b9904483301ecdc20c018\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll
MOD - [2013/08/14 23:38:49 | 000,484,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\ffea4058c70243c5f4139eedb70a72ad\BCMCommon.ni.dll
MOD - [2013/08/14 22:25:41 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 22:25:28 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 22:25:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/12 10:19:15 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
MOD - [2013/07/12 10:18:54 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\8478684fb7a8875aba87db613abe95e9\Extensibility.ni.dll
MOD - [2013/07/12 10:18:39 | 002,267,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\1488c156635f7e35781ba386a27765ac\Microsoft.Office.Interop.Outlook.ni.dll
MOD - [2013/07/12 10:18:37 | 000,177,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\4070f36b1e502b80325621ecd1fd6467\Microsoft.Interop.Mapi.PropTags.ni.dll
MOD - [2013/07/12 10:18:36 | 000,963,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\office\362fac99ec7380f321c9e8fcb89faf6a\office.ni.dll
MOD - [2013/07/12 10:18:36 | 000,062,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\dc96be7f5242755ffaa72ade9707a689\Microsoft.Interop.eCRM.Ole.ni.dll
MOD - [2013/07/12 10:18:36 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\071856a2fade2421a4b3440ce7e5810c\stdole.ni.dll
MOD - [2013/07/12 10:18:35 | 000,152,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\b6d02b9cc9f934128f5ce0076c63a6e5\Microsoft.Interop.Mapi.Interfaces.ni.dll
MOD - [2013/07/12 09:02:26 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2010/11/04 21:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/03/05 16:59:44 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.dll
MOD - [2009/12/17 11:14:58 | 000,310,720 | ---- | M] () -- C:\Windows\assembly\GAC_32\BCMCommon\3.0.0.0__31bf3856ad364e35\BCMCommon.dll
MOD - [2009/12/11 04:55:07 | 000,591,976 | ---- | M] () -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008/01/11 21:50:32 | 000,529,512 | ---- | M] () -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\en-US\BCMRes.resources.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/08/09 20:02:12 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/07 21:22:19 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/09/08 02:51:16 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/01 22:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2013/10/08 20:30:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/08 19:37:58 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Stopped] -- O:\CrashPlanService.exe -- (CrashPlanService)
SRV - [2013/04/07 07:39:20 | 000,232,192 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/24 13:44:22 | 000,072,704 | ---- | M] (Autodata Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/12/11 04:42:55 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/12/11 04:42:26 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/09 20:02:14 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013/08/09 20:02:14 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/06/27 09:31:39 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/10 19:32:06 | 001,907,440 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/01/03 04:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/01/03 04:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/04 12:29:52 | 000,276,256 | ---- | M] (Digiarty Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/25 03:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/08 03:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/09/08 03:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/08 02:15:06 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/21 16:59:09 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/12/19 14:23:52 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/10/14 19:29:46 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/14 19:29:44 | 000,230,480 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/10/14 19:29:02 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/14 19:29:02 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:46:06 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/01 08:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 08:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 08:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/12 14:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/07 11:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/10/20 14:50:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/19 12:24:59] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/04/29 20:27:24 | 000,013,856 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\i-Menu\hugoio64.sys -- (hugoio64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{337113BC-D80B-4AE0-95FC-BD4F05655A21}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {5C2DD50B-2859-42A9-80C9-E76D555EA615}
IE - HKLM\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{337113BC-D80B-4AE0-95FC-BD4F05655A21}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.ebay.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.slickdeals.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 14 6E A8 A3 D5 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...E10SR&pc=HPDTDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Hewlett\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Hewlett\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 20:12:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\discoversoan@orbiscom: C:\Program Files (x86)\Discover\SOAN [2012/01/13 10:17:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/05/06 00:56:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013/08/27 23:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 20:12:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Hewlett\AppData\Roaming\IDM\idmmzcc5

[2013/05/25 16:05:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Extensions
[2013/10/08 19:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Firefox\Profiles\smj03a5y.default-1379960535967\Extensions
[2013/10/08 18:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Firefox\Profiles\v471oqlq.default\extensions
[2013/10/07 22:38:47 | 000,003,746 | ---- | M] () -- C:\Users\Hewlett\AppData\Roaming\mozilla\firefox\profiles\smj03a5y.default-1379960535967\searchplugins\safeguard-secure-search.xml
[2013/09/16 12:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/08/19 21:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/25 15:13:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/24 15:32:16 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2006/09/26 14:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/06/06 00:17:49 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddagfbbgmdhmolnjoaghlapikdcahbbl\5.0.0.170\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/10/30 14:59:25 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Secure Online Account Numbers Helper) - {435EAA86-D32B-484F-869C-53745FCB1642} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Secure Online Account Numbers) - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Secure Online Account Numbers] C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.c...eUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://homedecorator...X_WEB_Win32.cab (20-20 3D Viewer for WEB)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokeso...1452/MILive.cab (Invoke Solutions MILiveParticipantPadHelper Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Invoke Solutions Participant Control(MR))
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05CBDC94-EDE7-44A8-AE0D-41EA25F23289}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2B8D6F6-CFF4-4E54-9A58-84B2CF81C715}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/02 17:30:52 | 000,000,000 | RH-D | M] - P:\autorun -- [ NTFS ]
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\DTLplus_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/30 14:54:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/30 14:53:27 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Documents\JRT for geeks
[2013/10/30 14:46:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/29 15:11:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
[2013/10/28 18:40:16 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Desktop\Games
[2013/10/27 13:14:53 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2013/10/24 06:03:54 | 001,033,335 | ---- | C] (Thisisu) -- C:\JRT.exe
[2013/10/23 08:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/10/20 21:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/20 21:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/20 21:42:01 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/20 02:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
[2013/10/19 04:34:15 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Desktop\RK_Quarantine
[2013/10/09 18:56:52 | 004,369,632 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup406.exe
[2013/10/08 19:00:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/10/08 19:00:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/10/08 19:00:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/08 19:00:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/08 19:00:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/10/08 19:00:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/10/08 19:00:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/10/08 19:00:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/10/08 19:00:18 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/08 19:00:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/08 19:00:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/10/08 19:00:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/10/08 19:00:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/08 19:00:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/08 19:00:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/10/08 18:45:49 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/08 18:45:48 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/08 18:45:47 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/08 18:45:47 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/08 18:45:47 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/08 18:45:47 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/08 18:45:46 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/08 18:45:46 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/08 18:45:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/08 18:45:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/08 18:45:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/08 18:45:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/08 18:45:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/08 18:45:43 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/08 18:45:41 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/08 18:45:41 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/08 18:45:41 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/08 18:45:41 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/08 18:45:41 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/08 18:45:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/08 18:45:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/08 18:45:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/08 18:45:40 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/08 18:45:40 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/08 18:45:40 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/08 18:45:39 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/08 18:45:30 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/08 18:45:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/08 18:45:30 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/08 18:45:30 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/07 23:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My RoboForm Data
[2013/10/07 22:38:42 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Roaming\BitLord
[2013/10/07 22:38:09 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Documents\BitLord
[2013/10/01 23:33:11 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Local\avgchrome
[2013/09/25 20:03:20 | 153,684,128 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Hewlett\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
[2013/09/25 19:38:49 | 030,669,224 | ---- | C] (Oracle Corporation) -- C:\Users\Hewlett\jre-7u40-windows-x64.exe
[2013/09/25 19:21:47 | 002,014,840 | ---- | C] (DriverBoost) -- C:\Program Files (x86)\DriverBoostPro_Setup.exe
[2013/08/29 00:31:00 | 013,813,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\mseinstall.exe
[2013/08/27 21:03:12 | 014,266,592 | ---- | C] (Siber Systems) -- C:\Program Files (x86)\AiRoboForm-cnetc.exe
[2013/08/07 19:42:19 | 004,100,432 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\dfsetup215.exe
[2013/07/10 17:50:40 | 010,104,832 | ---- | C] (© Phoenix Technologies Ltd. ) -- C:\Program Files (x86)\N4110A11.exe
[2013/06/27 09:31:14 | 016,974,720 | ---- | C] (NETGEAR Inc.) -- C:\Program Files (x86)\NETGEARGenie-install.exe
[2013/06/16 18:03:35 | 020,896,392 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Windows-KB890830-x64-V5.1.exe
[2013/06/16 18:01:57 | 013,475,464 | ---- | C] (Microsoft Corporation) -- C:\Users\Hewlett\mseinstall.exe
[2013/05/31 14:46:24 | 001,858,464 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files (x86)\couponprinter.exe
[2013/05/29 18:26:37 | 013,998,208 | ---- | C] (Abelssoft ) -- C:\Program Files (x86)\ysd.exe
[2013/05/26 15:11:28 | 032,891,536 | ---- | C] (Amazon.com) -- C:\Program Files (x86)\KindleForPC-installer.exe.tm8cly3.partial
[2013/05/06 00:54:06 | 003,685,760 | ---- | C] (Logitech Inc.) -- C:\Program Files (x86)\setpoint652_smart.exe
[2013/03/27 13:40:24 | 002,148,152 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Hewlett\AppData\Local\BcsKtYcHW.dll
[2012/03/24 15:31:20 | 000,485,576 | ---- | C] (Catalina Marketing Corp. ) -- C:\Program Files\CouponActivator.exe
[2012/03/21 15:55:20 | 165,923,488 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Program Files\12-2_vista_win7_64_dd_ccc.exe
[2011/11/17 05:28:37 | 005,855,312 | ---- | C] (Digiarty ) -- C:\Program Files (x86)\winx-bd-decrypter.exe
[2011/09/20 09:42:10 | 000,946,352 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files (x86)\SkypeSetup.exe
[2011/08/20 12:19:14 | 001,637,504 | ---- | C] (Hewlett-Packard Development Company, L.P. ) -- C:\Program Files (x86)\sp49903.exe
[2011/08/04 01:30:58 | 000,046,464 | ---- | C] (SUPERAdBlocker.com) -- C:\Program Files (x86)\SASTask.exe
[2011/08/01 00:36:23 | 011,721,512 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpywarePro.exe
[2011/04/05 11:58:05 | 009,104,256 | ---- | C] (Logitech Inc.) -- C:\Program Files (x86)\Setup - 64 bit.exe
[2011/02/07 11:28:20 | 006,275,960 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Silverlight.exe
[2011/01/25 06:09:23 | 012,832,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\windows-kb890830-x64-v3.15.exe
[2010/05/21 12:54:18 | 001,285,272 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files\couponprinter.exe
[2010/05/19 23:18:13 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\ProgramData\couponprinter.exe
[2010/01/07 22:15:56 | 005,115,840 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2009/12/23 14:53:39 | 114,591,160 | ---- | C] (CANON INC.) -- C:\Program Files\zb641vistaupd-en.exe
[2009/12/23 14:15:56 | 001,359,360 | ---- | C] (Irfan Skiljan) -- C:\Program Files\iview425_setup.exe
[2009/12/17 17:12:25 | 031,616,544 | ---- | C] (Logitech Inc.) -- C:\Program Files\Setup_64bit.exe
[2009/12/16 20:53:22 | 036,469,413 | ---- | C] (A.I.SOFT,INC.) -- C:\Program Files\7225-INST-WIN7-A.EXE
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/30 15:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/30 15:28:16 | 014,400,234 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/30 15:28:16 | 004,836,704 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/30 15:28:16 | 000,006,664 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/30 15:16:17 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/30 15:16:17 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/30 15:08:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/30 15:08:01 | 1066,737,662 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/30 15:06:02 | 000,062,068 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/30 15:06:02 | 000,062,068 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/30 15:06:02 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/30 14:59:25 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/10/30 14:42:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA.job
[2013/10/29 20:42:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core.job
[2013/10/29 20:34:08 | 000,001,126 | ---- | M] () -- C:\Users\Hewlett\Desktop\Vast Studios - Shortcut.lnk
[2013/10/29 15:11:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
[2013/10/28 18:45:22 | 000,009,296 | ---- | M] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013/10/28 01:24:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHewlett.job
[2013/10/28 00:00:06 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2013/10/24 12:38:32 | 001,033,335 | ---- | M] (Thisisu) -- C:\JRT.exe
[2013/10/24 06:52:59 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/10/24 05:52:22 | 000,985,600 | ---- | M] () -- C:\Users\Hewlett\MicrosoftFixit50123.msi
[2013/10/23 08:03:58 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/10/23 07:37:58 | 000,022,016 | ---- | M] () -- C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/20 21:41:57 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/20 21:41:56 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/20 21:41:56 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/20 21:41:56 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/15 09:28:53 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013/10/09 18:57:18 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/09 18:57:10 | 004,369,632 | ---- | M] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup406.exe
[2013/10/08 20:30:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/08 20:30:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/08 19:10:30 | 000,579,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/08 18:47:54 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/29 20:34:08 | 000,001,126 | ---- | C] () -- C:\Users\Hewlett\Desktop\Vast Studios - Shortcut.lnk
[2013/10/24 05:52:18 | 000,985,600 | ---- | C] () -- C:\Users\Hewlett\MicrosoftFixit50123.msi
[2013/10/16 00:10:49 | 000,009,296 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013/09/16 12:35:39 | 003,787,776 | ---- | C] () -- C:\Program Files (x86)\RogueKillerX64.exe
[2013/05/11 09:23:32 | 000,098,304 | ---- | C] () -- C:\Users\Hewlett\fbchathistory.dat
[2013/05/04 11:19:07 | 000,502,592 | ---- | C] () -- C:\Program Files (x86)\AmazonCloudDriveSetup.exe
[2013/04/24 22:18:47 | 000,013,235 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2013/04/24 22:17:23 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/04/24 22:17:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/03/27 13:40:22 | 000,915,073 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\a.zip
[2013/02/27 21:15:40 | 000,798,720 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.dll
[2013/02/27 21:15:40 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.exe
[2013/02/27 21:15:40 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\FCNetLib.dll
[2013/02/27 21:15:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\SearchLib.dll
[2013/02/27 21:15:40 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\IPCamera.exe
[2013/02/27 21:15:40 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FCSDK.dll
[2013/01/29 15:57:11 | 000,000,474 | ---- | C] () -- C:\Program Files (x86)\rarreg.key
[2013/01/29 15:57:11 | 000,000,022 | ---- | C] () -- C:\Program Files (x86)\zipnew.dat
[2013/01/29 15:57:11 | 000,000,020 | ---- | C] () -- C:\Program Files (x86)\rarnew.dat
[2013/01/29 15:57:09 | 000,140,288 | ---- | C] () -- C:\Program Files (x86)\RarExt32.dll
[2013/01/29 15:57:09 | 000,097,792 | ---- | C] () -- C:\Program Files (x86)\Zip64.SFX
[2013/01/29 15:57:09 | 000,094,720 | ---- | C] () -- C:\Program Files (x86)\WinCon64.SFX
[2013/01/29 15:57:09 | 000,078,336 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX
[2013/01/29 15:57:08 | 001,163,264 | ---- | C] () -- C:\Program Files (x86)\WinRAR.exe
[2013/01/29 15:57:08 | 000,276,992 | ---- | C] () -- C:\Program Files (x86)\UnRAR.exe
[2013/01/29 15:57:08 | 000,266,224 | ---- | C] () -- C:\Program Files (x86)\WinRAR.chm
[2013/01/29 15:57:08 | 000,164,864 | ---- | C] () -- C:\Program Files (x86)\RarExt.dll
[2013/01/29 15:57:08 | 000,132,608 | ---- | C] () -- C:\Program Files (x86)\Uninstall.exe
[2013/01/29 15:57:08 | 000,072,704 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX
[2013/01/29 15:57:08 | 000,001,233 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst
[2013/01/29 15:57:08 | 000,000,700 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst
[2013/01/29 12:56:55 | 000,000,408 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/01/14 13:29:23 | 000,000,000 | ---- | C] () -- C:\Windows\Tomb.INI
[2012/12/26 04:05:45 | 000,241,040 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/11/26 15:35:09 | 000,000,408 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/11/26 15:35:09 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/11/26 15:30:48 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012/11/26 15:30:48 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/11/26 15:30:47 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/11/16 19:16:27 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/10 04:13:22 | 022,259,528 | ---- | C] () -- C:\Program Files (x86)\vlc-2.0.1-win32.exe
[2012/02/25 05:29:23 | 001,639,789 | ---- | C] () -- C:\Program Files (x86)\winrar-x64-411.exe
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/07/02 20:44:47 | 000,009,314 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML
[2011/02/04 10:18:49 | 013,358,984 | ---- | C] () -- C:\Program Files (x86)\SAS_919F32C6.COM
[2011/01/30 15:47:18 | 000,173,966 | ---- | C] () -- C:\Program Files (x86)\sfjsetup.exe
[2010/12/13 19:05:47 | 000,007,609 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\resmon.resmoncfg
[2010/12/06 18:27:18 | 000,002,176 | -H-- | C] () -- C:\Program Files\ZbThumbnail.info
[2010/10/15 17:30:34 | 000,001,057 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\vso_ts_preview.xml
[2010/06/24 18:11:27 | 002,236,416 | ---- | C] () -- C:\Program Files (x86)\ue293reg64.exe
[2010/01/21 17:37:47 | 000,022,016 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/05 14:11:32 | 000,717,374 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8138.1
[2010/01/05 14:11:30 | 001,767,146 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8138.0
[2010/01/05 14:10:05 | 000,703,221 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8137.1
[2010/01/05 14:10:04 | 001,747,941 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8137.0
[2009/12/16 20:50:55 | 000,591,586 | ---- | C] () -- C:\Program Files\Pack_Main0En250.exe
[2006/01/06 05:24:34 | 000,000,015 | -H-- | C] () -- C:\Users\Hewlett\AppData\Roaming\Hewlettlog.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 09:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 09:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Files - Unicode (All) ==========
[2010/02/16 00:00:56 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?r) -- C:\Windows\SysWow64\쓐ř
[2010/02/16 00:00:56 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?r) -- C:\Windows\SysWow64\쓐ř
[2010/01/10 18:46:32 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?Ŕ) -- C:\Windows\SysWow64\Ŕ
[2010/01/10 18:46:32 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?Ŕ) -- C:\Windows\SysWow64\Ŕ

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:E21987F7
@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:391535F9
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:F3A27FDE
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:1E17A249
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:EBCF5924
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:EFBD4447
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:9BAC4211
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:61F0C8FB
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:D31BE97C
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:2342AE46
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:4673E9EA
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:78E0DF72
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:9ACB70D7
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:4B6A9FDA
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:02DD996C
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:AA6C7C38
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:6B9828AE
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 143 bytes -> C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E8B61305
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:B38BEEEE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:072CBE6D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1A15E356
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:62AF94A0
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:C6D0ABC3
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:6B709AD7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:737160C1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:8E5EA40F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8F925134
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:4EFDF5FB
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:BE0654D6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:7A84B999
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5539129F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:409A775B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:36FFA2FB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0A74923C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6896CCCE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:55F44B88
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:22313216
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:14A1BBE3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0E684AC9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7A0EFE63
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:12258D63
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4EE95FE7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:E83EE313
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:6401C7FF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:1B7E2022
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:7972CF54
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C74D7A47
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:43301D1D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:E32966C0
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:331B76C7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:561B1D2B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:EC0A74A1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:551BED5F
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:F437A62A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5E9B629B

< End of report >
  • 0

#12
Vintage Charms

Vintage Charms

    Member

  • Member
  • PipPip
  • 75 posts
Sites are blazing fast again. Nothing squirelly going on. Running Malwarebytes just for the heck of it. Loosk good so far. I don't get that creepy feeling someone is following me anymore.
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,052 posts
Nice, if you could post the MBAM log on completion I will see if it gets the two I missed :)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.slickdeals.net/
[2013/10/07 22:38:47 | 000,003,746 | ---- | M] () -- C:\Users\Hewlett\AppData\Roaming\mozilla\firefox\profiles\smj03a5y.default-1379960535967\searchplugins\safeguard-secure-search.xml


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#14
Vintage Charms

Vintage Charms

    Member

  • Member
  • PipPip
  • 75 posts
OK, it has been 45 minutes on MalwareBytes so I am going out on a limb and thank you for all of your expertise. You are a scholar and a gentleman. Let me know if I can ever do anything for you. I really appreciate it. If I am wrong...I'll be back.
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 63,052 posts
Let me know when it is done as I need to tidy up the rubbish I have left behind :)
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured