I don’t really know what else it affects but I have been having some weird issues with my PC. Pages won’t load or load really slow. Things that need to be uploaded, take forever or don’t do it at all. Pages load half-a**ed without the graphics. Some sites are worse than others but it is pretty much across the board. I have used CCCleaner, SuperAntispyware MANY times and it keeps pulling up more items. I delete and run it and there are more. I assume the problems are from the Swagbucks. I don't routinely download software. I have AVG.
I don’t know the ins and outs about computers so if you use anything other than simple terms I will be lost. Sorry.
OTL logfile created on: 10/29/2013 3:11:28 PM - Run 3
OTL by OldTimer - Version Folder = C:\Users\Hewlett\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
11.99 Gb Total Physical Memory | 8.14 Gb Available Physical Memory | 67.91% Memory free
23.98 Gb Paging File | 19.61 Gb Available in Paging File | 81.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.03 Gb Total Space | 753.63 Gb Free Space | 82.09% Space Free | Partition Type: NTFS
Drive D: | 13.39 Gb Total Space | 2.39 Gb Free Space | 17.86% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 598.16 Gb Free Space | 64.21% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 1862.86 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Drive O: | 931.28 Gb Total Space | 756.11 Gb Free Space | 81.19% Space Free | Partition Type: FAT32
Drive P: | 1863.01 Gb Total Space | 1052.81 Gb Free Space | 56.51% Space Free | Partition Type: NTFS
Computer Name: HEWLETT-PC | User Name: Hewlett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/10/29 15:11:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
PRC - [2013/09/23 01:17:34 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2013/08/27 21:03:20 | 000,249,048 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\identities.exe
PRC - [2013/08/27 21:03:20 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/01/24 13:44:22 | 000,072,704 | ---- | M] (Autodata Limited) -- C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 17:03:26 | 000,376,832 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe
PRC - [2010/03/05 17:02:02 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/06/04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSVC01A.EXE
PRC - [2001/12/13 01:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSS01A.EXE
========== Modules (No Company Name) ==========
MOD - [2013/10/08 21:24:18 | 004,466,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\b470f87b479584c9295b90641f175038\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll
MOD - [2013/10/08 21:24:15 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\17d646cd7bd3ef0e59a40de2328f4c86\Iris.Mapi.MessageStore.ni.dll
MOD - [2013/10/08 21:24:14 | 003,826,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\70bda4f97e9c4b4088c6cb939b98a9bb\BusinessLayer.ni.dll
MOD - [2013/10/08 21:24:10 | 001,040,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\487add060ca97a14bded964674ad63f7\Microsoft.Interop.Mapi.Impl.ni.dll
MOD - [2013/10/08 21:24:09 | 001,526,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMRes\c90f34b6018997c85226582d5c724a42\BCMRes.ni.dll
MOD - [2013/10/08 19:21:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/09/12 13:51:46 | 002,359,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\e56effd35e3da2a02874664ec7e1a365\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll
MOD - [2013/09/12 13:51:40 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/08/14 23:38:57 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\582023a23a1b9904483301ecdc20c018\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll
MOD - [2013/08/14 23:38:49 | 000,484,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\ffea4058c70243c5f4139eedb70a72ad\BCMCommon.ni.dll
MOD - [2013/08/14 22:25:41 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 22:25:28 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 22:25:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/12 10:19:15 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
MOD - [2013/07/12 10:18:54 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\8478684fb7a8875aba87db613abe95e9\Extensibility.ni.dll
MOD - [2013/07/12 10:18:39 | 002,267,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\1488c156635f7e35781ba386a27765ac\Microsoft.Office.Interop.Outlook.ni.dll
MOD - [2013/07/12 10:18:37 | 000,177,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\4070f36b1e502b80325621ecd1fd6467\Microsoft.Interop.Mapi.PropTags.ni.dll
MOD - [2013/07/12 10:18:36 | 000,963,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\office\362fac99ec7380f321c9e8fcb89faf6a\office.ni.dll
MOD - [2013/07/12 10:18:36 | 000,062,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\dc96be7f5242755ffaa72ade9707a689\Microsoft.Interop.eCRM.Ole.ni.dll
MOD - [2013/07/12 10:18:36 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\071856a2fade2421a4b3440ce7e5810c\stdole.ni.dll
MOD - [2013/07/12 10:18:35 | 000,152,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\b6d02b9cc9f934128f5ce0076c63a6e5\Microsoft.Interop.Mapi.Interfaces.ni.dll
MOD - [2013/07/12 09:02:26 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2010/11/04 21:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\\CustomMarshalers.dll
MOD - [2010/03/05 16:59:44 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.dll
MOD - [2009/12/17 11:14:58 | 000,310,720 | ---- | M] () -- C:\Windows\assembly\GAC_32\BCMCommon\\BCMCommon.dll
MOD - [2009/12/11 04:55:07 | 000,591,976 | ---- | M] () -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\\Microsoft.Interop.Mapi.Impl.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008/01/11 21:50:32 | 000,529,512 | ---- | M] () -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\en-US\BCMRes.resources.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/08/09 20:02:12 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/07 21:22:19 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/09/08 02:51:16 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/01 22:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2013/10/08 20:30:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/08 19:37:58 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- O:\CrashPlanService.exe -- (CrashPlanService)
SRV - [2013/04/07 07:39:20 | 000,232,192 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/24 13:44:22 | 000,072,704 | ---- | M] (Autodata Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/12/11 04:42:55 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/12/11 04:42:26 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/09 20:02:14 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013/08/09 20:02:14 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/06/27 09:31:39 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/10 19:32:06 | 001,907,440 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/01/03 04:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/01/03 04:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/04 12:29:52 | 000,276,256 | ---- | M] (Digiarty Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/25 03:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/08 03:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/09/08 03:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/08 02:15:06 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/21 16:59:09 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/12/19 14:23:52 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/10/14 19:29:46 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/14 19:29:44 | 000,230,480 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/10/14 19:29:02 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/14 19:29:02 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:46:06 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/01 08:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 08:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 08:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/12 14:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/07 11:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/10/20 14:50:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/19 12:24:59] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/04/29 20:27:24 | 000,013,856 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\i-Menu\hugoio64.sys -- (hugoio64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{337113BC-D80B-4AE0-95FC-BD4F05655A21}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {5C2DD50B-2859-42A9-80C9-E76D555EA615}
IE - HKLM\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{337113BC-D80B-4AE0-95FC-BD4F05655A21}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3196716
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://slickdeals.net/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...F9-DB3A14AE98B3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...E10SR&pc=HPDTDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Hewlett\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Hewlett\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 20:12:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\discoversoan@orbiscom: C:\Program Files (x86)\Discover\SOAN [2012/01/13 10:17:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/05/06 00:56:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013/08/27 23:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 20:12:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Hewlett\AppData\Roaming\IDM\idmmzcc5
[2013/05/25 16:05:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Extensions
[2013/10/08 19:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Firefox\Profiles\smj03a5y.default-1379960535967\Extensions
[2013/10/08 18:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Firefox\Profiles\v471oqlq.default\extensions
[2013/10/07 22:38:47 | 000,003,746 | ---- | M] () -- C:\Users\Hewlett\AppData\Roaming\mozilla\firefox\profiles\smj03a5y.default-1379960535967\searchplugins\safeguard-secure-search.xml
[2013/09/16 12:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/08/19 21:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/25 15:13:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/24 15:32:16 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2006/09/26 14:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/06/06 00:17:49 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddagfbbgmdhmolnjoaghlapikdcahbbl\\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013/10/28 21:42:26 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Secure Online Account Numbers Helper) - {435EAA86-D32B-484F-869C-53745FCB1642} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll File not found
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Secure Online Account Numbers) - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Secure Online Account Numbers] C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 2020panel.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2leep.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: adperk.com ([my] http in Trusted sites)
O15 - HKCU\..Trusted Domains: adperk.com ([my] https in Trusted sites)
O15 - HKCU\..Trusted Domains: adperk.com ([riteaid] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amazon.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: apa.org ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aveeno.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bayportcu.org ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bayportcu.org ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bhg.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: binsearch.info ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bonton.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bordersrewardsperks.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: buysub.com ([w1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bzzagent.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bzzagent.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: cheetahmail.com ([reg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: coach.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: colgate.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: condenastdirect.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: coorslight.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: coupons.com ([bricks] http in Trusted sites)
O15 - HKCU\..Trusted Domains: coupons.com ([print] http in Trusted sites)
O15 - HKCU\..Trusted Domains: crafterschoice.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dailypress.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dealideal.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: debbiedoescoupons.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: discovercard.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dyyno.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: dyyno.com ([beta] https in Trusted sites)
O15 - HKCU\..Trusted Domains: eprize.com ([aarp.promo] http in Trusted sites)
O15 - HKCU\..Trusted Domains: equifax.com ([fact.econsumer] https in Trusted sites)
O15 - HKCU\..Trusted Domains: excite.com ([webmail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([apps] http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: familycircle.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: fatwallet.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fidelity.com ([login] https in Trusted sites)
O15 - HKCU\..Trusted Domains: finlandiapharmacyonline.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fitfeatures.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fnfismd.com ([carenet] https in Trusted sites)
O15 - HKCU\..Trusted Domains: foodnetwork.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gethalls.com ([popadrop] http in Trusted sites)
O15 - HKCU\..Trusted Domains: globalepanel.com ([surveys] http in Trusted sites)
O15 - HKCU\..Trusted Domains: go.com ([disney] http in Trusted sites)
O15 - HKCU\..Trusted Domains: go.com ([secure.disneymovierewards] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gongos.com ([survey2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gongos.com ([village] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([docs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: grouponbot.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: hallmarkoffers.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ingdirect.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: instructables.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ipsosinteractive.com ([surveys] http in Trusted sites)
O15 - HKCU\..Trusted Domains: itracks.com ([grus] https in Trusted sites)
O15 - HKCU\..Trusted Domains: jcpenney.com ([shop3] https in Trusted sites)
O15 - HKCU\..Trusted Domains: jcpenney.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: jcpenney.com ([www4] http in Trusted sites)
O15 - HKCU\..Trusted Domains: jcprewards.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kelloggs.com ([registration] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kodakgallery.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: kohls.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kraftbrands.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: liveauctioneers.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: lm.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lorealparisusa.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: lowes.com ([registration] http in Trusted sites)
O15 - HKCU\..Trusted Domains: magazineline.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: magazines.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mail-scjohnson.com ([reg] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mccormick.com ([consumertesting] http in Trusted sites)
O15 - HKCU\..Trusted Domains: medcohealth.com ([host1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([store] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mturk.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mylifetime.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mypoints.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: myspace.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: neolips.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: netsuite.com ([checkout] https in Trusted sites)
O15 - HKCU\..Trusted Domains: nzb.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: nzbmatrix.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: nzbmatrix.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: officedepot.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: opinionoutpost.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: opinionoutpost.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: parentspeak.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: patronsocialclub.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: pb.com ([ibdswebp11-ext] https in Trusted sites)
O15 - HKCU\..Trusted Domains: petcarerx.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pgestore.com ([community] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pgeverydaysolutions.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: pineconeresearch.com ([media] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pizzahut.com ([quikorder] https in Trusted sites)
O15 - HKCU\..Trusted Domains: qualboard.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: raisethebarcontest.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: recyclebank.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: redplumemail.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: reebok.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: riteaid.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: sears.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: sears.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sephora.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: siriusxm.com ([care] https in Trusted sites)
O15 - HKCU\..Trusted Domains: slickdeals.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: smdisp.net ([mscuillume] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ssisurveys.com ([dkr1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sslprotected.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: state.va.us ([wasdmz2.courts] http in Trusted sites)
O15 - HKCU\..Trusted Domains: suave.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: surveyrouter.com ([ups] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swagbucks.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: swagbucks.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tcm.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: testspin.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: thehdroom.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tomtracker.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: topnzbsites.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tums.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: twitter.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ulta.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: universalstudios.com ([signup] http in Trusted sites)
O15 - HKCU\..Trusted Domains: usps.com ([carrierpickup] https in Trusted sites)
O15 - HKCU\..Trusted Domains: vanguard.com ([personal] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([ebillpay] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([mediastore] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([myaccount] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: vivatowels.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: vocalpoint.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: walmart.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: wendysrealtime.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: womansday.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([edit] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([us.mc335.mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yankeecandle.com ([www] https in Trusted sites)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.c...eUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://homedecorator...X_WEB_Win32.cab (20-20 3D Viewer for WEB)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokeso...1452/MILive.cab (Invoke Solutions MILiveParticipantPadHelper Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Invoke Solutions Participant Control(MR))
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05CBDC94-EDE7-44A8-AE0D-41EA25F23289}: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2B8D6F6-CFF4-4E54-9A58-84B2CF81C715}: DhcpNameServer =
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/21 04:20:57 | 004,854,382 | ---- | M] ( ) - E:\AutoUnpack452.exe -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - O:\AUTORUN_.INF -- [ FAT32 ]
O32 - AutoRun File - [2010/07/02 17:30:52 | 000,000,000 | RH-D | M] - P:\autorun -- [ NTFS ]
O32 - AutoRun File - [2012/07/15 12:50:11 | 000,000,066 | ---- | M] () - P:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\autorun.exe
O33 - MountPoints2\L\Shell\phone\command - "" = L:\autorun.exe
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\DTLplus_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/29 15:11:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
[2013/10/28 18:40:16 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Desktop\Games
[2013/10/27 13:14:53 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2013/10/24 06:03:54 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\Hewlett\JRT.exe
[2013/10/23 08:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/10/20 21:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/20 21:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/20 02:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
[2013/10/19 04:34:15 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Desktop\RK_Quarantine
[2013/10/09 18:56:52 | 004,369,632 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup406.exe
[2013/10/07 23:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My RoboForm Data
[2013/10/07 22:38:46 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Roaming\Python-Eggs
[2013/10/07 22:38:42 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Roaming\BitLord
[2013/10/07 22:38:09 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Documents\BitLord
[2013/10/01 23:33:11 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Local\avgchrome
[2013/09/25 20:03:20 | 153,684,128 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Hewlett\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
[2013/09/25 19:38:49 | 030,669,224 | ---- | C] (Oracle Corporation) -- C:\Users\Hewlett\jre-7u40-windows-x64.exe
[2013/09/25 19:21:47 | 002,014,840 | ---- | C] (DriverBoost) -- C:\Program Files (x86)\DriverBoostPro_Setup.exe
[2013/08/29 00:31:00 | 013,813,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\mseinstall.exe
[2013/08/27 21:03:12 | 014,266,592 | ---- | C] (Siber Systems) -- C:\Program Files (x86)\AiRoboForm-cnetc.exe
[2013/08/07 19:42:19 | 004,100,432 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\dfsetup215.exe
[2013/07/10 17:50:40 | 010,104,832 | ---- | C] (© Phoenix Technologies Ltd. ) -- C:\Program Files (x86)\N4110A11.exe
[2013/06/27 09:31:14 | 016,974,720 | ---- | C] (NETGEAR Inc.) -- C:\Program Files (x86)\NETGEARGenie-install.exe
[2013/06/16 18:03:35 | 020,896,392 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Windows-KB890830-x64-V5.1.exe
[2013/06/16 18:01:57 | 013,475,464 | ---- | C] (Microsoft Corporation) -- C:\Users\Hewlett\mseinstall.exe
[2013/05/31 14:46:24 | 001,858,464 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files (x86)\couponprinter.exe
[2013/05/29 18:26:37 | 013,998,208 | ---- | C] (Abelssoft ) -- C:\Program Files (x86)\ysd.exe
[2013/05/26 15:11:28 | 032,891,536 | ---- | C] (Amazon.com) -- C:\Program Files (x86)\KindleForPC-installer.exe.tm8cly3.partial
[2013/05/06 00:54:06 | 003,685,760 | ---- | C] (Logitech Inc.) -- C:\Program Files (x86)\setpoint652_smart.exe
[2013/03/27 13:40:24 | 002,148,152 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Hewlett\AppData\Local\BcsKtYcHW.dll
[2012/07/15 15:31:16 | 000,212,224 | ---- | C] (Big Fish Games) -- C:\Program Files\bigfishgames_p149244068_s1_l1.exe
[2012/03/28 21:51:08 | 000,212,224 | ---- | C] (Big Fish Games) -- C:\Program Files\bigfishgames_p137518353_s1_l1.exe
[2012/03/24 15:31:20 | 000,485,576 | ---- | C] (Catalina Marketing Corp. ) -- C:\Program Files\CouponActivator.exe
[2012/03/21 15:55:20 | 165,923,488 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Program Files\12-2_vista_win7_64_dd_ccc.exe
[2011/11/17 05:28:37 | 005,855,312 | ---- | C] (Digiarty ) -- C:\Program Files (x86)\winx-bd-decrypter.exe
[2011/09/20 09:42:10 | 000,946,352 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files (x86)\SkypeSetup.exe
[2011/08/20 12:19:14 | 001,637,504 | ---- | C] (Hewlett-Packard Development Company, L.P. ) -- C:\Program Files (x86)\sp49903.exe
[2011/08/04 01:30:58 | 000,046,464 | ---- | C] (SUPERAdBlocker.com) -- C:\Program Files (x86)\SASTask.exe
[2011/08/01 00:36:23 | 011,721,512 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpywarePro.exe
[2011/04/05 11:58:05 | 009,104,256 | ---- | C] (Logitech Inc.) -- C:\Program Files (x86)\Setup - 64 bit.exe
[2011/02/07 11:28:20 | 006,275,960 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Silverlight.exe
[2011/01/25 06:09:23 | 012,832,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\windows-kb890830-x64-v3.15.exe
[2010/05/21 12:54:18 | 001,285,272 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files\couponprinter.exe
[2010/05/19 23:18:13 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\ProgramData\couponprinter.exe
[2010/01/07 22:15:56 | 005,115,840 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2009/12/23 14:53:39 | 114,591,160 | ---- | C] (CANON INC.) -- C:\Program Files\zb641vistaupd-en.exe
[2009/12/23 14:15:56 | 001,359,360 | ---- | C] (Irfan Skiljan) -- C:\Program Files\iview425_setup.exe
[2009/12/17 17:12:25 | 031,616,544 | ---- | C] (Logitech Inc.) -- C:\Program Files\Setup_64bit.exe
[2009/12/16 20:53:22 | 036,469,413 | ---- | C] (A.I.SOFT,INC.) -- C:\Program Files\7225-INST-WIN7-A.EXE
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/10/29 15:11:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
[2013/10/29 14:42:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA.job
[2013/10/29 14:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/29 11:28:55 | 014,262,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/29 11:28:55 | 004,788,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/29 11:28:55 | 000,006,664 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/28 22:06:51 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/28 22:06:51 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/28 21:58:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/28 21:57:52 | 1066,737,662 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/28 21:55:48 | 000,062,068 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/28 21:55:48 | 000,062,068 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/28 21:55:48 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/28 21:42:26 | 000,000,741 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/28 20:42:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core.job
[2013/10/28 18:45:22 | 000,009,296 | ---- | M] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013/10/28 01:24:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHewlett.job
[2013/10/28 00:00:06 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2013/10/24 12:38:32 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\Hewlett\JRT.exe
[2013/10/24 06:52:59 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/10/24 05:52:22 | 000,985,600 | ---- | M] () -- C:\Users\Hewlett\MicrosoftFixit50123.msi
[2013/10/23 08:03:58 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/10/23 07:37:58 | 000,022,016 | ---- | M] () -- C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/15 09:28:53 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013/10/09 18:57:18 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/09 18:57:10 | 004,369,632 | ---- | M] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup406.exe
[2013/10/08 19:10:30 | 000,579,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/08 18:47:54 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/10/24 05:52:18 | 000,985,600 | ---- | C] () -- C:\Users\Hewlett\MicrosoftFixit50123.msi
[2013/10/16 00:10:49 | 000,009,296 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013/09/16 12:35:39 | 003,787,776 | ---- | C] () -- C:\Program Files (x86)\RogueKillerX64.exe
[2013/05/11 09:23:32 | 000,098,304 | ---- | C] () -- C:\Users\Hewlett\fbchathistory.dat
[2013/05/04 11:19:07 | 000,502,592 | ---- | C] () -- C:\Program Files (x86)\AmazonCloudDriveSetup.exe
[2013/04/24 22:18:47 | 000,013,235 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2013/04/24 22:17:23 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/04/24 22:17:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/03/27 13:40:22 | 000,915,073 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\a.zip
[2013/02/27 21:15:40 | 000,798,720 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.dll
[2013/02/27 21:15:40 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.exe
[2013/02/27 21:15:40 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\FCNetLib.dll
[2013/02/27 21:15:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\SearchLib.dll
[2013/02/27 21:15:40 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\IPCamera.exe
[2013/02/27 21:15:40 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FCSDK.dll
[2013/01/29 15:57:11 | 000,000,474 | ---- | C] () -- C:\Program Files (x86)\rarreg.key
[2013/01/29 15:57:11 | 000,000,022 | ---- | C] () -- C:\Program Files (x86)\zipnew.dat
[2013/01/29 15:57:11 | 000,000,020 | ---- | C] () -- C:\Program Files (x86)\rarnew.dat
[2013/01/29 15:57:09 | 000,140,288 | ---- | C] () -- C:\Program Files (x86)\RarExt32.dll
[2013/01/29 15:57:09 | 000,097,792 | ---- | C] () -- C:\Program Files (x86)\Zip64.SFX
[2013/01/29 15:57:09 | 000,094,720 | ---- | C] () -- C:\Program Files (x86)\WinCon64.SFX
[2013/01/29 15:57:09 | 000,078,336 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX
[2013/01/29 15:57:08 | 001,163,264 | ---- | C] () -- C:\Program Files (x86)\WinRAR.exe
[2013/01/29 15:57:08 | 000,276,992 | ---- | C] () -- C:\Program Files (x86)\UnRAR.exe
[2013/01/29 15:57:08 | 000,266,224 | ---- | C] () -- C:\Program Files (x86)\WinRAR.chm
[2013/01/29 15:57:08 | 000,164,864 | ---- | C] () -- C:\Program Files (x86)\RarExt.dll
[2013/01/29 15:57:08 | 000,132,608 | ---- | C] () -- C:\Program Files (x86)\Uninstall.exe
[2013/01/29 15:57:08 | 000,072,704 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX
[2013/01/29 15:57:08 | 000,001,233 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst
[2013/01/29 15:57:08 | 000,000,700 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst
[2013/01/29 12:56:55 | 000,000,408 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/01/14 13:29:23 | 000,000,000 | ---- | C] () -- C:\Windows\Tomb.INI
[2012/12/26 04:05:45 | 000,241,040 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/11/26 15:35:09 | 000,000,408 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/11/26 15:35:09 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/11/26 15:30:48 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012/11/26 15:30:48 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/11/26 15:30:47 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/11/16 19:16:27 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/10 04:13:22 | 022,259,528 | ---- | C] () -- C:\Program Files (x86)\vlc-2.0.1-win32.exe
[2012/02/25 05:29:23 | 001,639,789 | ---- | C] () -- C:\Program Files (x86)\winrar-x64-411.exe
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/07/02 20:44:47 | 000,009,314 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML
[2011/02/04 10:18:49 | 013,358,984 | ---- | C] () -- C:\Program Files (x86)\SAS_919F32C6.COM
[2011/01/30 15:47:18 | 000,173,966 | ---- | C] () -- C:\Program Files (x86)\sfjsetup.exe
[2010/12/13 19:05:47 | 000,007,609 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\resmon.resmoncfg
[2010/12/06 18:27:18 | 000,002,176 | -H-- | C] () -- C:\Program Files\ZbThumbnail.info
[2010/10/15 17:30:34 | 000,001,057 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\vso_ts_preview.xml
[2010/06/24 18:11:27 | 002,236,416 | ---- | C] () -- C:\Program Files (x86)\ue293reg64.exe
[2010/01/21 17:37:47 | 000,022,016 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/05 14:11:32 | 000,717,374 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8138.1
[2010/01/05 14:11:30 | 001,767,146 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8138.0
[2010/01/05 14:10:05 | 000,703,221 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8137.1
[2010/01/05 14:10:04 | 001,747,941 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8137.0
[2009/12/16 20:50:55 | 000,591,586 | ---- | C] () -- C:\Program Files\Pack_Main0En250.exe
[2006/01/06 05:24:34 | 000,000,015 | -H-- | C] () -- C:\Users\Hewlett\AppData\Roaming\Hewlettlog.dat
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 09:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 09:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/06/23 00:20:18 | 000,000,000 | -HSD | M] -- C:\Users\Hewlett\AppData\Roaming\.#
[2012/02/14 23:40:47 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AlawarEntertainment
[2010/09/05 18:41:05 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Amazon
[2012/07/13 23:41:51 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AVG
[2013/06/21 22:26:15 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AVG2013
[2013/05/29 18:13:38 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\BabSolution
[2013/05/29 18:10:15 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Babylon
[2012/03/26 14:47:31 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Big Fish Games
[2013/10/07 23:46:37 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\BitLord
[2013/09/27 19:28:36 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Boomzap
[2012/11/22 15:47:41 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Canon
[2012/02/02 19:31:14 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Casual Arts
[2012/02/01 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\casualArts
[2012/01/14 15:38:03 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Catalina Marketing Corp
[2013/03/27 13:40:19 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Catalina – Print Savings
[2011/09/09 17:30:19 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\com.amazon.music.uploader
[2013/05/02 02:53:58 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ControlCenter4
[2013/10/20 02:37:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\CrashPlan
[2011/12/27 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Digiarty
[2013/05/25 17:05:11 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\DMCache
[2013/09/25 15:26:27 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Elephant Games
[2013/09/23 20:02:40 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ERS Game Studios
[2013/05/26 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\EurekaLog
[2013/05/26 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\FDRLab
[2009/12/29 18:18:49 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Foxit
[2011/12/21 01:01:11 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Foxit Software
[2013/09/16 10:40:53 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\FreeBurner
[2012/03/06 06:44:37 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Gaijin Ent
[2011/07/20 00:04:28 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\go
[2013/10/28 19:14:45 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\GoodSync
[2013/05/25 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\IDM
[2013/09/16 10:40:33 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ImgBurn
[2010/05/19 21:13:23 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\IrfanView
[2010/10/12 08:42:29 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Keynote Systems
[2009/12/17 17:27:52 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Leadertech
[2012/08/22 23:07:07 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\mjusbsp
[2012/03/05 13:56:49 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Namco
[2012/10/28 03:00:31 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Netgear Live Parental Controls
[2013/05/03 07:13:29 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Nuance
[2011/07/27 22:46:35 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Oberon Media
[2011/07/27 22:48:08 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Pogo Games
[2013/10/07 22:38:46 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Python-Eggs
[2013/05/25 17:02:59 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\SearchProtect
[2010/10/11 23:49:15 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Serif
[2013/09/23 15:38:23 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\SpinTop Games
[2011/09/03 15:19:26 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\TechSmith
[2013/05/22 19:51:02 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\TuneUp Software
[2010/05/19 18:14:23 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Uniblue
[2013/09/25 18:36:27 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Vast Studios
[2012/01/29 14:24:08 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Vso
[2010/03/02 16:10:50 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\webex
[2009/12/24 22:32:00 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\WinBatch
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2010/02/16 00:00:56 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?r) -- C:\Windows\SysWow64\쓐ř
[2010/02/16 00:00:56 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?r) -- C:\Windows\SysWow64\쓐ř
[2010/01/10 18:46:32 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?Ù) -- C:\Windows\SysWow64\Ù
[2010/01/10 18:46:32 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?Ù) -- C:\Windows\SysWow64\Ù
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:E21987F7
@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:391535F9
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:F3A27FDE
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:1E17A249
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:EBCF5924
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:EFBD4447
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:9BAC4211
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:61F0C8FB
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:D31BE97C
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:2342AE46
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:4673E9EA
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:78E0DF72
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:9ACB70D7
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:4B6A9FDA
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:02DD996C
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:AA6C7C38
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:6B9828AE
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 143 bytes -> C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E8B61305
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:B38BEEEE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:072CBE6D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1A15E356
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:62AF94A0
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:C6D0ABC3
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:6B709AD7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:737160C1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:8E5EA40F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8F925134
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:4EFDF5FB
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:BE0654D6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:7A84B999
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5539129F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:409A775B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:36FFA2FB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0A74923C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6896CCCE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:55F44B88
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:22313216
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:14A1BBE3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0E684AC9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7A0EFE63
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:12258D63
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4EE95FE7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:E83EE313
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:6401C7FF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:1B7E2022
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:7972CF54
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C74D7A47
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:43301D1D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:E32966C0
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:331B76C7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:561B1D2B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:EC0A74A1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:551BED5F
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:F437A62A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5E9B629B
< End of report >