Swagbucks problem
Started by
Vintage Charms
, Oct 29 2013 01:25 PM
Posted 30 October 2013 - 02:53 PM
Posted 30 October 2013 - 02:54 PM
Whoops, I miss your post. I will post the MBAM once completed and now run OTL. brb
Posted 30 October 2013 - 03:14 PM
OTL logfile created on: 10/30/2013 5:06:15 PM - Run 5
OTL by OldTimer - Version Folder = C:\Users\Hewlett\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
11.99 Gb Total Physical Memory | 9.66 Gb Available Physical Memory | 80.54% Memory free
23.98 Gb Paging File | 21.50 Gb Available in Paging File | 89.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.03 Gb Total Space | 756.13 Gb Free Space | 82.37% Space Free | Partition Type: NTFS
Drive D: | 13.39 Gb Total Space | 2.39 Gb Free Space | 17.86% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 598.17 Gb Free Space | 64.21% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 1859.47 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive O: | 931.28 Gb Total Space | 748.04 Gb Free Space | 80.32% Space Free | Partition Type: FAT32
Drive P: | 1863.01 Gb Total Space | 1052.95 Gb Free Space | 56.52% Space Free | Partition Type: NTFS
Computer Name: HEWLETT-PC | User Name: Hewlett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/10/29 15:11:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
PRC - [2013/09/23 01:17:34 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2013/08/27 21:03:20 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/24 13:44:22 | 000,072,704 | ---- | M] (Autodata Limited) -- C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 17:03:26 | 000,376,832 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe
PRC - [2010/03/05 17:02:02 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/06/04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSVC01A.EXE
PRC - [2001/12/13 01:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSS01A.EXE
========== Modules (No Company Name) ==========
MOD - [2013/10/08 21:24:18 | 004,466,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\b470f87b479584c9295b90641f175038\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll
MOD - [2013/10/08 21:24:15 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\17d646cd7bd3ef0e59a40de2328f4c86\Iris.Mapi.MessageStore.ni.dll
MOD - [2013/10/08 21:24:14 | 003,826,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\70bda4f97e9c4b4088c6cb939b98a9bb\BusinessLayer.ni.dll
MOD - [2013/10/08 21:24:10 | 001,040,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\487add060ca97a14bded964674ad63f7\Microsoft.Interop.Mapi.Impl.ni.dll
MOD - [2013/10/08 21:24:09 | 001,526,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMRes\c90f34b6018997c85226582d5c724a42\BCMRes.ni.dll
MOD - [2013/10/08 19:21:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/09/12 13:51:46 | 002,359,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\e56effd35e3da2a02874664ec7e1a365\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll
MOD - [2013/09/12 13:51:40 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/08/14 23:38:57 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\582023a23a1b9904483301ecdc20c018\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll
MOD - [2013/08/14 23:38:49 | 000,484,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\ffea4058c70243c5f4139eedb70a72ad\BCMCommon.ni.dll
MOD - [2013/08/14 22:25:41 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 22:25:28 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 22:25:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/12 10:19:15 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
MOD - [2013/07/12 10:18:54 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\8478684fb7a8875aba87db613abe95e9\Extensibility.ni.dll
MOD - [2013/07/12 10:18:39 | 002,267,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\1488c156635f7e35781ba386a27765ac\Microsoft.Office.Interop.Outlook.ni.dll
MOD - [2013/07/12 10:18:37 | 000,177,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\4070f36b1e502b80325621ecd1fd6467\Microsoft.Interop.Mapi.PropTags.ni.dll
MOD - [2013/07/12 10:18:36 | 000,963,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\office\362fac99ec7380f321c9e8fcb89faf6a\office.ni.dll
MOD - [2013/07/12 10:18:36 | 000,062,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\dc96be7f5242755ffaa72ade9707a689\Microsoft.Interop.eCRM.Ole.ni.dll
MOD - [2013/07/12 10:18:36 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\071856a2fade2421a4b3440ce7e5810c\stdole.ni.dll
MOD - [2013/07/12 10:18:35 | 000,152,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\b6d02b9cc9f934128f5ce0076c63a6e5\Microsoft.Interop.Mapi.Interfaces.ni.dll
MOD - [2013/07/12 09:02:26 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2010/11/04 21:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\\CustomMarshalers.dll
MOD - [2010/03/05 16:59:44 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.dll
MOD - [2009/12/17 11:14:58 | 000,310,720 | ---- | M] () -- C:\Windows\assembly\GAC_32\BCMCommon\\BCMCommon.dll
MOD - [2009/12/11 04:55:07 | 000,591,976 | ---- | M] () -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\\Microsoft.Interop.Mapi.Impl.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008/01/11 21:50:32 | 000,529,512 | ---- | M] () -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\en-US\BCMRes.resources.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/08/09 20:02:12 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/07 21:22:19 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/09/08 02:51:16 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/01 22:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2013/10/08 20:30:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/08 19:37:58 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Stopped] -- O:\CrashPlanService.exe -- (CrashPlanService)
SRV - [2013/04/07 07:39:20 | 000,232,192 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/24 13:44:22 | 000,072,704 | ---- | M] (Autodata Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/12/11 04:42:55 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/12/11 04:42:26 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/09 20:02:14 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013/08/09 20:02:14 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/06/27 09:31:39 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/10 19:32:06 | 001,907,440 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/01/03 04:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/01/03 04:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/04 12:29:52 | 000,276,256 | ---- | M] (Digiarty Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/25 03:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/08 03:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/09/08 03:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/08 02:15:06 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/21 16:59:09 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/12/19 14:23:52 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/10/14 19:29:46 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/14 19:29:44 | 000,230,480 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/10/14 19:29:02 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/14 19:29:02 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:46:06 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/01 08:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 08:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 08:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/12 14:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/07 11:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/10/20 14:50:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/19 12:24:59] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/04/29 20:27:24 | 000,013,856 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\i-Menu\hugoio64.sys -- (hugoio64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{337113BC-D80B-4AE0-95FC-BD4F05655A21}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {5C2DD50B-2859-42A9-80C9-E76D555EA615}
IE - HKLM\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{337113BC-D80B-4AE0-95FC-BD4F05655A21}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.ebay.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 14 6E A8 A3 D5 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...E10SR&pc=HPDTDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Hewlett\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Hewlett\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 20:12:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\discoversoan@orbiscom: C:\Program Files (x86)\Discover\SOAN [2012/01/13 10:17:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/05/06 00:56:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013/08/27 23:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 20:12:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Hewlett\AppData\Roaming\IDM\idmmzcc5
[2013/05/25 16:05:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Extensions
[2013/10/08 19:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Firefox\Profiles\smj03a5y.default-1379960535967\Extensions
[2013/10/08 18:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Firefox\Profiles\v471oqlq.default\extensions
[2013/09/16 12:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/08/19 21:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/25 15:13:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/24 15:32:16 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2006/09/26 14:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/06/06 00:17:49 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddagfbbgmdhmolnjoaghlapikdcahbbl\\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013/10/30 14:59:25 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Secure Online Account Numbers Helper) - {435EAA86-D32B-484F-869C-53745FCB1642} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll File not found
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Secure Online Account Numbers) - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Secure Online Account Numbers] C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.c...eUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://homedecorator...X_WEB_Win32.cab (20-20 3D Viewer for WEB)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokeso...1452/MILive.cab (Invoke Solutions MILiveParticipantPadHelper Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Invoke Solutions Participant Control(MR))
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05CBDC94-EDE7-44A8-AE0D-41EA25F23289}: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2B8D6F6-CFF4-4E54-9A58-84B2CF81C715}: DhcpNameServer =
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/02 17:30:52 | 000,000,000 | RH-D | M] - P:\autorun -- [ NTFS ]
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\DTLplus_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/30 14:54:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/30 14:53:27 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Documents\JRT for geeks
[2013/10/30 14:46:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/29 15:11:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
[2013/10/28 18:40:16 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Desktop\Games
[2013/10/27 13:14:53 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2013/10/24 06:03:54 | 001,033,335 | ---- | C] (Thisisu) -- C:\JRT.exe
[2013/10/23 08:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/10/20 21:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/20 21:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/20 02:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
[2013/10/19 04:34:15 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Desktop\RK_Quarantine
[2013/10/09 18:56:52 | 004,369,632 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup406.exe
[2013/10/07 23:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My RoboForm Data
[2013/10/07 22:38:42 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Roaming\BitLord
[2013/10/07 22:38:09 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Documents\BitLord
[2013/10/01 23:33:11 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Local\avgchrome
[2013/09/25 20:03:20 | 153,684,128 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Hewlett\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
[2013/09/25 19:38:49 | 030,669,224 | ---- | C] (Oracle Corporation) -- C:\Users\Hewlett\jre-7u40-windows-x64.exe
[2013/09/25 19:21:47 | 002,014,840 | ---- | C] (DriverBoost) -- C:\Program Files (x86)\DriverBoostPro_Setup.exe
[2013/08/29 00:31:00 | 013,813,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\mseinstall.exe
[2013/08/27 21:03:12 | 014,266,592 | ---- | C] (Siber Systems) -- C:\Program Files (x86)\AiRoboForm-cnetc.exe
[2013/08/07 19:42:19 | 004,100,432 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\dfsetup215.exe
[2013/07/10 17:50:40 | 010,104,832 | ---- | C] (© Phoenix Technologies Ltd. ) -- C:\Program Files (x86)\N4110A11.exe
[2013/06/27 09:31:14 | 016,974,720 | ---- | C] (NETGEAR Inc.) -- C:\Program Files (x86)\NETGEARGenie-install.exe
[2013/06/16 18:03:35 | 020,896,392 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Windows-KB890830-x64-V5.1.exe
[2013/06/16 18:01:57 | 013,475,464 | ---- | C] (Microsoft Corporation) -- C:\Users\Hewlett\mseinstall.exe
[2013/05/31 14:46:24 | 001,858,464 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files (x86)\couponprinter.exe
[2013/05/29 18:26:37 | 013,998,208 | ---- | C] (Abelssoft ) -- C:\Program Files (x86)\ysd.exe
[2013/05/26 15:11:28 | 032,891,536 | ---- | C] (Amazon.com) -- C:\Program Files (x86)\KindleForPC-installer.exe.tm8cly3.partial
[2013/05/06 00:54:06 | 003,685,760 | ---- | C] (Logitech Inc.) -- C:\Program Files (x86)\setpoint652_smart.exe
[2013/03/27 13:40:24 | 002,148,152 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Hewlett\AppData\Local\BcsKtYcHW.dll
[2012/03/24 15:31:20 | 000,485,576 | ---- | C] (Catalina Marketing Corp. ) -- C:\Program Files\CouponActivator.exe
[2012/03/21 15:55:20 | 165,923,488 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Program Files\12-2_vista_win7_64_dd_ccc.exe
[2011/11/17 05:28:37 | 005,855,312 | ---- | C] (Digiarty ) -- C:\Program Files (x86)\winx-bd-decrypter.exe
[2011/09/20 09:42:10 | 000,946,352 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files (x86)\SkypeSetup.exe
[2011/08/20 12:19:14 | 001,637,504 | ---- | C] (Hewlett-Packard Development Company, L.P. ) -- C:\Program Files (x86)\sp49903.exe
[2011/08/04 01:30:58 | 000,046,464 | ---- | C] (SUPERAdBlocker.com) -- C:\Program Files (x86)\SASTask.exe
[2011/08/01 00:36:23 | 011,721,512 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpywarePro.exe
[2011/04/05 11:58:05 | 009,104,256 | ---- | C] (Logitech Inc.) -- C:\Program Files (x86)\Setup - 64 bit.exe
[2011/02/07 11:28:20 | 006,275,960 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Silverlight.exe
[2011/01/25 06:09:23 | 012,832,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\windows-kb890830-x64-v3.15.exe
[2010/05/21 12:54:18 | 001,285,272 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files\couponprinter.exe
[2010/05/19 23:18:13 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\ProgramData\couponprinter.exe
[2010/01/07 22:15:56 | 005,115,840 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2009/12/23 14:53:39 | 114,591,160 | ---- | C] (CANON INC.) -- C:\Program Files\zb641vistaupd-en.exe
[2009/12/23 14:15:56 | 001,359,360 | ---- | C] (Irfan Skiljan) -- C:\Program Files\iview425_setup.exe
[2009/12/17 17:12:25 | 031,616,544 | ---- | C] (Logitech Inc.) -- C:\Program Files\Setup_64bit.exe
[2009/12/16 20:53:22 | 036,469,413 | ---- | C] (A.I.SOFT,INC.) -- C:\Program Files\7225-INST-WIN7-A.EXE
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/10/30 17:09:03 | 014,412,784 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/30 17:09:03 | 004,841,058 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/30 17:09:03 | 000,006,664 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/30 17:02:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/30 17:02:17 | 1066,737,662 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/30 17:00:12 | 000,062,068 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/30 17:00:12 | 000,062,068 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/30 17:00:12 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/30 16:29:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/30 15:16:17 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/30 15:16:17 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/30 14:59:25 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/10/30 14:42:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA.job
[2013/10/29 20:42:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core.job
[2013/10/29 20:34:08 | 000,001,126 | ---- | M] () -- C:\Users\Hewlett\Desktop\Vast Studios - Shortcut.lnk
[2013/10/29 15:11:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
[2013/10/28 18:45:22 | 000,009,296 | ---- | M] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013/10/28 01:24:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHewlett.job
[2013/10/28 00:00:06 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2013/10/24 12:38:32 | 001,033,335 | ---- | M] (Thisisu) -- C:\JRT.exe
[2013/10/24 06:52:59 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/10/24 05:52:22 | 000,985,600 | ---- | M] () -- C:\Users\Hewlett\MicrosoftFixit50123.msi
[2013/10/23 08:03:58 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/10/23 07:37:58 | 000,022,016 | ---- | M] () -- C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/15 09:28:53 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013/10/09 18:57:18 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/09 18:57:10 | 004,369,632 | ---- | M] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup406.exe
[2013/10/08 19:10:30 | 000,579,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/08 18:47:54 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/10/29 20:34:08 | 000,001,126 | ---- | C] () -- C:\Users\Hewlett\Desktop\Vast Studios - Shortcut.lnk
[2013/10/24 05:52:18 | 000,985,600 | ---- | C] () -- C:\Users\Hewlett\MicrosoftFixit50123.msi
[2013/10/16 00:10:49 | 000,009,296 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013/09/16 12:35:39 | 003,787,776 | ---- | C] () -- C:\Program Files (x86)\RogueKillerX64.exe
[2013/05/11 09:23:32 | 000,098,304 | ---- | C] () -- C:\Users\Hewlett\fbchathistory.dat
[2013/05/04 11:19:07 | 000,502,592 | ---- | C] () -- C:\Program Files (x86)\AmazonCloudDriveSetup.exe
[2013/04/24 22:18:47 | 000,013,235 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2013/04/24 22:17:23 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/04/24 22:17:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/03/27 13:40:22 | 000,915,073 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\a.zip
[2013/02/27 21:15:40 | 000,798,720 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.dll
[2013/02/27 21:15:40 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.exe
[2013/02/27 21:15:40 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\FCNetLib.dll
[2013/02/27 21:15:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\SearchLib.dll
[2013/02/27 21:15:40 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\IPCamera.exe
[2013/02/27 21:15:40 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FCSDK.dll
[2013/01/29 15:57:11 | 000,000,474 | ---- | C] () -- C:\Program Files (x86)\rarreg.key
[2013/01/29 15:57:11 | 000,000,022 | ---- | C] () -- C:\Program Files (x86)\zipnew.dat
[2013/01/29 15:57:11 | 000,000,020 | ---- | C] () -- C:\Program Files (x86)\rarnew.dat
[2013/01/29 15:57:09 | 000,140,288 | ---- | C] () -- C:\Program Files (x86)\RarExt32.dll
[2013/01/29 15:57:09 | 000,097,792 | ---- | C] () -- C:\Program Files (x86)\Zip64.SFX
[2013/01/29 15:57:09 | 000,094,720 | ---- | C] () -- C:\Program Files (x86)\WinCon64.SFX
[2013/01/29 15:57:09 | 000,078,336 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX
[2013/01/29 15:57:08 | 001,163,264 | ---- | C] () -- C:\Program Files (x86)\WinRAR.exe
[2013/01/29 15:57:08 | 000,276,992 | ---- | C] () -- C:\Program Files (x86)\UnRAR.exe
[2013/01/29 15:57:08 | 000,266,224 | ---- | C] () -- C:\Program Files (x86)\WinRAR.chm
[2013/01/29 15:57:08 | 000,164,864 | ---- | C] () -- C:\Program Files (x86)\RarExt.dll
[2013/01/29 15:57:08 | 000,132,608 | ---- | C] () -- C:\Program Files (x86)\Uninstall.exe
[2013/01/29 15:57:08 | 000,072,704 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX
[2013/01/29 15:57:08 | 000,001,233 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst
[2013/01/29 15:57:08 | 000,000,700 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst
[2013/01/29 12:56:55 | 000,000,408 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/01/14 13:29:23 | 000,000,000 | ---- | C] () -- C:\Windows\Tomb.INI
[2012/12/26 04:05:45 | 000,241,040 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/11/26 15:35:09 | 000,000,408 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/11/26 15:35:09 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/11/26 15:30:48 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012/11/26 15:30:48 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/11/26 15:30:47 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/11/16 19:16:27 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/10 04:13:22 | 022,259,528 | ---- | C] () -- C:\Program Files (x86)\vlc-2.0.1-win32.exe
[2012/02/25 05:29:23 | 001,639,789 | ---- | C] () -- C:\Program Files (x86)\winrar-x64-411.exe
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/07/02 20:44:47 | 000,009,314 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML
[2011/02/04 10:18:49 | 013,358,984 | ---- | C] () -- C:\Program Files (x86)\SAS_919F32C6.COM
[2011/01/30 15:47:18 | 000,173,966 | ---- | C] () -- C:\Program Files (x86)\sfjsetup.exe
[2010/12/13 19:05:47 | 000,007,609 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\resmon.resmoncfg
[2010/12/06 18:27:18 | 000,002,176 | -H-- | C] () -- C:\Program Files\ZbThumbnail.info
[2010/10/15 17:30:34 | 000,001,057 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\vso_ts_preview.xml
[2010/06/24 18:11:27 | 002,236,416 | ---- | C] () -- C:\Program Files (x86)\ue293reg64.exe
[2010/01/21 17:37:47 | 000,022,016 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/05 14:11:32 | 000,717,374 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8138.1
[2010/01/05 14:11:30 | 001,767,146 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8138.0
[2010/01/05 14:10:05 | 000,703,221 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8137.1
[2010/01/05 14:10:04 | 001,747,941 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8137.0
[2009/12/16 20:50:55 | 000,591,586 | ---- | C] () -- C:\Program Files\Pack_Main0En250.exe
[2006/01/06 05:24:34 | 000,000,015 | -H-- | C] () -- C:\Users\Hewlett\AppData\Roaming\Hewlettlog.dat
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 09:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 09:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/06/23 00:20:18 | 000,000,000 | -HSD | M] -- C:\Users\Hewlett\AppData\Roaming\.#
[2010/09/05 18:41:05 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Amazon
[2012/07/13 23:41:51 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AVG
[2013/06/21 22:26:15 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AVG2013
[2013/10/07 23:46:37 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\BitLord
[2013/09/27 19:28:36 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Boomzap
[2012/11/22 15:47:41 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Canon
[2012/02/02 19:31:14 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Casual Arts
[2012/02/01 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\casualArts
[2012/01/14 15:38:03 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Catalina Marketing Corp
[2013/03/27 13:40:19 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Catalina – Print Savings
[2011/09/09 17:30:19 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\com.amazon.music.uploader
[2013/05/02 02:53:58 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ControlCenter4
[2013/10/20 02:37:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\CrashPlan
[2011/12/27 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Digiarty
[2013/05/25 17:05:11 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\DMCache
[2013/05/26 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\EurekaLog
[2013/05/26 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\FDRLab
[2009/12/29 18:18:49 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Foxit
[2011/12/21 01:01:11 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Foxit Software
[2013/09/16 10:40:53 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\FreeBurner
[2011/07/20 00:04:28 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\go
[2013/10/28 19:14:45 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\GoodSync
[2013/05/25 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\IDM
[2013/09/16 10:40:33 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ImgBurn
[2009/12/17 17:27:52 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Leadertech
[2012/08/22 23:07:07 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\mjusbsp
[2012/03/05 13:56:49 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Namco
[2012/10/28 03:00:31 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Netgear Live Parental Controls
[2013/05/03 07:13:29 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Nuance
[2010/10/11 23:49:15 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Serif
[2011/09/03 15:19:26 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\TechSmith
[2010/05/19 18:14:23 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Uniblue
[2013/09/25 18:36:27 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Vast Studios
[2012/01/29 14:24:08 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Vso
[2010/03/02 16:10:50 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\webex
[2009/12/24 22:32:00 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\WinBatch
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2010/02/16 00:00:56 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?r) -- C:\Windows\SysWow64\쓐ř
[2010/02/16 00:00:56 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?r) -- C:\Windows\SysWow64\쓐ř
[2010/01/10 18:46:32 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?Ů) -- C:\Windows\SysWow64\Ů
[2010/01/10 18:46:32 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?Ů) -- C:\Windows\SysWow64\Ů
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:E21987F7
@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:391535F9
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:F3A27FDE
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:1E17A249
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:EBCF5924
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:EFBD4447
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:9BAC4211
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:61F0C8FB
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:D31BE97C
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:2342AE46
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:4673E9EA
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:78E0DF72
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:9ACB70D7
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:4B6A9FDA
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:02DD996C
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:AA6C7C38
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:6B9828AE
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 143 bytes -> C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E8B61305
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:B38BEEEE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:072CBE6D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1A15E356
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:62AF94A0
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:C6D0ABC3
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:6B709AD7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:737160C1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:8E5EA40F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8F925134
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:4EFDF5FB
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:BE0654D6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:7A84B999
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5539129F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:409A775B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:36FFA2FB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0A74923C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6896CCCE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:55F44B88
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:22313216
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:14A1BBE3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0E684AC9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7A0EFE63
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:12258D63
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4EE95FE7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:E83EE313
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:6401C7FF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:1B7E2022
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:7972CF54
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C74D7A47
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:43301D1D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:E32966C0
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:331B76C7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:561B1D2B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:EC0A74A1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:551BED5F
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:F437A62A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5E9B629B
< End of report >
OTL by OldTimer - Version Folder = C:\Users\Hewlett\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
11.99 Gb Total Physical Memory | 9.66 Gb Available Physical Memory | 80.54% Memory free
23.98 Gb Paging File | 21.50 Gb Available in Paging File | 89.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.03 Gb Total Space | 756.13 Gb Free Space | 82.37% Space Free | Partition Type: NTFS
Drive D: | 13.39 Gb Total Space | 2.39 Gb Free Space | 17.86% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 598.17 Gb Free Space | 64.21% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 1859.47 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive O: | 931.28 Gb Total Space | 748.04 Gb Free Space | 80.32% Space Free | Partition Type: FAT32
Drive P: | 1863.01 Gb Total Space | 1052.95 Gb Free Space | 56.52% Space Free | Partition Type: NTFS
Computer Name: HEWLETT-PC | User Name: Hewlett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/10/29 15:11:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
PRC - [2013/09/23 01:17:34 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2013/08/27 21:03:20 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/24 13:44:22 | 000,072,704 | ---- | M] (Autodata Limited) -- C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 17:03:26 | 000,376,832 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe
PRC - [2010/03/05 17:02:02 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/06/04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSVC01A.EXE
PRC - [2001/12/13 01:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSS01A.EXE
========== Modules (No Company Name) ==========
MOD - [2013/10/08 21:24:18 | 004,466,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\b470f87b479584c9295b90641f175038\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll
MOD - [2013/10/08 21:24:15 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\17d646cd7bd3ef0e59a40de2328f4c86\Iris.Mapi.MessageStore.ni.dll
MOD - [2013/10/08 21:24:14 | 003,826,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\70bda4f97e9c4b4088c6cb939b98a9bb\BusinessLayer.ni.dll
MOD - [2013/10/08 21:24:10 | 001,040,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\487add060ca97a14bded964674ad63f7\Microsoft.Interop.Mapi.Impl.ni.dll
MOD - [2013/10/08 21:24:09 | 001,526,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMRes\c90f34b6018997c85226582d5c724a42\BCMRes.ni.dll
MOD - [2013/10/08 19:21:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/09/12 13:51:46 | 002,359,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\e56effd35e3da2a02874664ec7e1a365\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll
MOD - [2013/09/12 13:51:40 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/08/14 23:38:57 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\582023a23a1b9904483301ecdc20c018\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll
MOD - [2013/08/14 23:38:49 | 000,484,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\ffea4058c70243c5f4139eedb70a72ad\BCMCommon.ni.dll
MOD - [2013/08/14 22:25:41 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 22:25:28 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 22:25:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/12 10:19:15 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
MOD - [2013/07/12 10:18:54 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\8478684fb7a8875aba87db613abe95e9\Extensibility.ni.dll
MOD - [2013/07/12 10:18:39 | 002,267,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\1488c156635f7e35781ba386a27765ac\Microsoft.Office.Interop.Outlook.ni.dll
MOD - [2013/07/12 10:18:37 | 000,177,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\4070f36b1e502b80325621ecd1fd6467\Microsoft.Interop.Mapi.PropTags.ni.dll
MOD - [2013/07/12 10:18:36 | 000,963,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\office\362fac99ec7380f321c9e8fcb89faf6a\office.ni.dll
MOD - [2013/07/12 10:18:36 | 000,062,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\dc96be7f5242755ffaa72ade9707a689\Microsoft.Interop.eCRM.Ole.ni.dll
MOD - [2013/07/12 10:18:36 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\071856a2fade2421a4b3440ce7e5810c\stdole.ni.dll
MOD - [2013/07/12 10:18:35 | 000,152,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\b6d02b9cc9f934128f5ce0076c63a6e5\Microsoft.Interop.Mapi.Interfaces.ni.dll
MOD - [2013/07/12 09:02:26 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2010/11/04 21:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\\CustomMarshalers.dll
MOD - [2010/03/05 16:59:44 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.dll
MOD - [2009/12/17 11:14:58 | 000,310,720 | ---- | M] () -- C:\Windows\assembly\GAC_32\BCMCommon\\BCMCommon.dll
MOD - [2009/12/11 04:55:07 | 000,591,976 | ---- | M] () -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\\Microsoft.Interop.Mapi.Impl.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008/01/11 21:50:32 | 000,529,512 | ---- | M] () -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\en-US\BCMRes.resources.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/08/09 20:02:12 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/07 21:22:19 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/09/08 02:51:16 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/01 22:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2013/10/08 20:30:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/08 19:37:58 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Stopped] -- O:\CrashPlanService.exe -- (CrashPlanService)
SRV - [2013/04/07 07:39:20 | 000,232,192 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/24 13:44:22 | 000,072,704 | ---- | M] (Autodata Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/12/11 04:42:55 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/12/11 04:42:26 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/09 20:02:14 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013/08/09 20:02:14 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/06/27 09:31:39 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/10 19:32:06 | 001,907,440 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/01/03 04:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/01/03 04:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/04 12:29:52 | 000,276,256 | ---- | M] (Digiarty Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/25 03:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/08 03:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/09/08 03:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/08 02:15:06 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/21 16:59:09 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/12/19 14:23:52 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/10/14 19:29:46 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/14 19:29:44 | 000,230,480 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/10/14 19:29:02 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/14 19:29:02 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:46:06 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/01 08:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 08:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 08:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/12 14:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/07 11:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/10/20 14:50:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/19 12:24:59] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/04/29 20:27:24 | 000,013,856 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\i-Menu\hugoio64.sys -- (hugoio64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{337113BC-D80B-4AE0-95FC-BD4F05655A21}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {5C2DD50B-2859-42A9-80C9-E76D555EA615}
IE - HKLM\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{337113BC-D80B-4AE0-95FC-BD4F05655A21}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.ebay.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 14 6E A8 A3 D5 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...E10SR&pc=HPDTDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Hewlett\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Hewlett\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 20:12:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\discoversoan@orbiscom: C:\Program Files (x86)\Discover\SOAN [2012/01/13 10:17:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/05/06 00:56:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013/08/27 23:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 20:12:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Hewlett\AppData\Roaming\IDM\idmmzcc5
[2013/05/25 16:05:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Extensions
[2013/10/08 19:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Firefox\Profiles\smj03a5y.default-1379960535967\Extensions
[2013/10/08 18:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Firefox\Profiles\v471oqlq.default\extensions
[2013/09/16 12:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/08/19 21:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/25 15:13:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/24 15:32:16 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2006/09/26 14:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/06/06 00:17:49 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddagfbbgmdhmolnjoaghlapikdcahbbl\\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013/10/30 14:59:25 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Secure Online Account Numbers Helper) - {435EAA86-D32B-484F-869C-53745FCB1642} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll File not found
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Secure Online Account Numbers) - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Secure Online Account Numbers] C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.c...eUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://homedecorator...X_WEB_Win32.cab (20-20 3D Viewer for WEB)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokeso...1452/MILive.cab (Invoke Solutions MILiveParticipantPadHelper Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Invoke Solutions Participant Control(MR))
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05CBDC94-EDE7-44A8-AE0D-41EA25F23289}: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2B8D6F6-CFF4-4E54-9A58-84B2CF81C715}: DhcpNameServer =
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/02 17:30:52 | 000,000,000 | RH-D | M] - P:\autorun -- [ NTFS ]
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\DTLplus_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/30 14:54:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/30 14:53:27 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Documents\JRT for geeks
[2013/10/30 14:46:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/29 15:11:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
[2013/10/28 18:40:16 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Desktop\Games
[2013/10/27 13:14:53 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2013/10/24 06:03:54 | 001,033,335 | ---- | C] (Thisisu) -- C:\JRT.exe
[2013/10/23 08:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/10/20 21:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/20 21:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/20 02:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
[2013/10/19 04:34:15 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Desktop\RK_Quarantine
[2013/10/09 18:56:52 | 004,369,632 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup406.exe
[2013/10/07 23:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My RoboForm Data
[2013/10/07 22:38:42 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Roaming\BitLord
[2013/10/07 22:38:09 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Documents\BitLord
[2013/10/01 23:33:11 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Local\avgchrome
[2013/09/25 20:03:20 | 153,684,128 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Hewlett\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
[2013/09/25 19:38:49 | 030,669,224 | ---- | C] (Oracle Corporation) -- C:\Users\Hewlett\jre-7u40-windows-x64.exe
[2013/09/25 19:21:47 | 002,014,840 | ---- | C] (DriverBoost) -- C:\Program Files (x86)\DriverBoostPro_Setup.exe
[2013/08/29 00:31:00 | 013,813,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\mseinstall.exe
[2013/08/27 21:03:12 | 014,266,592 | ---- | C] (Siber Systems) -- C:\Program Files (x86)\AiRoboForm-cnetc.exe
[2013/08/07 19:42:19 | 004,100,432 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\dfsetup215.exe
[2013/07/10 17:50:40 | 010,104,832 | ---- | C] (© Phoenix Technologies Ltd. ) -- C:\Program Files (x86)\N4110A11.exe
[2013/06/27 09:31:14 | 016,974,720 | ---- | C] (NETGEAR Inc.) -- C:\Program Files (x86)\NETGEARGenie-install.exe
[2013/06/16 18:03:35 | 020,896,392 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Windows-KB890830-x64-V5.1.exe
[2013/06/16 18:01:57 | 013,475,464 | ---- | C] (Microsoft Corporation) -- C:\Users\Hewlett\mseinstall.exe
[2013/05/31 14:46:24 | 001,858,464 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files (x86)\couponprinter.exe
[2013/05/29 18:26:37 | 013,998,208 | ---- | C] (Abelssoft ) -- C:\Program Files (x86)\ysd.exe
[2013/05/26 15:11:28 | 032,891,536 | ---- | C] (Amazon.com) -- C:\Program Files (x86)\KindleForPC-installer.exe.tm8cly3.partial
[2013/05/06 00:54:06 | 003,685,760 | ---- | C] (Logitech Inc.) -- C:\Program Files (x86)\setpoint652_smart.exe
[2013/03/27 13:40:24 | 002,148,152 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Hewlett\AppData\Local\BcsKtYcHW.dll
[2012/03/24 15:31:20 | 000,485,576 | ---- | C] (Catalina Marketing Corp. ) -- C:\Program Files\CouponActivator.exe
[2012/03/21 15:55:20 | 165,923,488 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Program Files\12-2_vista_win7_64_dd_ccc.exe
[2011/11/17 05:28:37 | 005,855,312 | ---- | C] (Digiarty ) -- C:\Program Files (x86)\winx-bd-decrypter.exe
[2011/09/20 09:42:10 | 000,946,352 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files (x86)\SkypeSetup.exe
[2011/08/20 12:19:14 | 001,637,504 | ---- | C] (Hewlett-Packard Development Company, L.P. ) -- C:\Program Files (x86)\sp49903.exe
[2011/08/04 01:30:58 | 000,046,464 | ---- | C] (SUPERAdBlocker.com) -- C:\Program Files (x86)\SASTask.exe
[2011/08/01 00:36:23 | 011,721,512 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpywarePro.exe
[2011/04/05 11:58:05 | 009,104,256 | ---- | C] (Logitech Inc.) -- C:\Program Files (x86)\Setup - 64 bit.exe
[2011/02/07 11:28:20 | 006,275,960 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Silverlight.exe
[2011/01/25 06:09:23 | 012,832,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\windows-kb890830-x64-v3.15.exe
[2010/05/21 12:54:18 | 001,285,272 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files\couponprinter.exe
[2010/05/19 23:18:13 | 001,068,544 | ---- | C] (Coupons.com Incorporated) -- C:\ProgramData\couponprinter.exe
[2010/01/07 22:15:56 | 005,115,840 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2009/12/23 14:53:39 | 114,591,160 | ---- | C] (CANON INC.) -- C:\Program Files\zb641vistaupd-en.exe
[2009/12/23 14:15:56 | 001,359,360 | ---- | C] (Irfan Skiljan) -- C:\Program Files\iview425_setup.exe
[2009/12/17 17:12:25 | 031,616,544 | ---- | C] (Logitech Inc.) -- C:\Program Files\Setup_64bit.exe
[2009/12/16 20:53:22 | 036,469,413 | ---- | C] (A.I.SOFT,INC.) -- C:\Program Files\7225-INST-WIN7-A.EXE
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/10/30 17:09:03 | 014,412,784 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/30 17:09:03 | 004,841,058 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/30 17:09:03 | 000,006,664 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/30 17:02:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/30 17:02:17 | 1066,737,662 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/30 17:00:12 | 000,062,068 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/30 17:00:12 | 000,062,068 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/30 17:00:12 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/30 16:29:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/30 15:16:17 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/30 15:16:17 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/30 14:59:25 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/10/30 14:42:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA.job
[2013/10/29 20:42:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core.job
[2013/10/29 20:34:08 | 000,001,126 | ---- | M] () -- C:\Users\Hewlett\Desktop\Vast Studios - Shortcut.lnk
[2013/10/29 15:11:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
[2013/10/28 18:45:22 | 000,009,296 | ---- | M] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013/10/28 01:24:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHewlett.job
[2013/10/28 00:00:06 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2013/10/24 12:38:32 | 001,033,335 | ---- | M] (Thisisu) -- C:\JRT.exe
[2013/10/24 06:52:59 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/10/24 05:52:22 | 000,985,600 | ---- | M] () -- C:\Users\Hewlett\MicrosoftFixit50123.msi
[2013/10/23 08:03:58 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/10/23 07:37:58 | 000,022,016 | ---- | M] () -- C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/15 09:28:53 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013/10/09 18:57:18 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/09 18:57:10 | 004,369,632 | ---- | M] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup406.exe
[2013/10/08 19:10:30 | 000,579,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/08 18:47:54 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/10/29 20:34:08 | 000,001,126 | ---- | C] () -- C:\Users\Hewlett\Desktop\Vast Studios - Shortcut.lnk
[2013/10/24 05:52:18 | 000,985,600 | ---- | C] () -- C:\Users\Hewlett\MicrosoftFixit50123.msi
[2013/10/16 00:10:49 | 000,009,296 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013/09/16 12:35:39 | 003,787,776 | ---- | C] () -- C:\Program Files (x86)\RogueKillerX64.exe
[2013/05/11 09:23:32 | 000,098,304 | ---- | C] () -- C:\Users\Hewlett\fbchathistory.dat
[2013/05/04 11:19:07 | 000,502,592 | ---- | C] () -- C:\Program Files (x86)\AmazonCloudDriveSetup.exe
[2013/04/24 22:18:47 | 000,013,235 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2013/04/24 22:17:23 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/04/24 22:17:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/03/27 13:40:22 | 000,915,073 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\a.zip
[2013/02/27 21:15:40 | 000,798,720 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.dll
[2013/02/27 21:15:40 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.exe
[2013/02/27 21:15:40 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\FCNetLib.dll
[2013/02/27 21:15:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\SearchLib.dll
[2013/02/27 21:15:40 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\IPCamera.exe
[2013/02/27 21:15:40 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FCSDK.dll
[2013/01/29 15:57:11 | 000,000,474 | ---- | C] () -- C:\Program Files (x86)\rarreg.key
[2013/01/29 15:57:11 | 000,000,022 | ---- | C] () -- C:\Program Files (x86)\zipnew.dat
[2013/01/29 15:57:11 | 000,000,020 | ---- | C] () -- C:\Program Files (x86)\rarnew.dat
[2013/01/29 15:57:09 | 000,140,288 | ---- | C] () -- C:\Program Files (x86)\RarExt32.dll
[2013/01/29 15:57:09 | 000,097,792 | ---- | C] () -- C:\Program Files (x86)\Zip64.SFX
[2013/01/29 15:57:09 | 000,094,720 | ---- | C] () -- C:\Program Files (x86)\WinCon64.SFX
[2013/01/29 15:57:09 | 000,078,336 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX
[2013/01/29 15:57:08 | 001,163,264 | ---- | C] () -- C:\Program Files (x86)\WinRAR.exe
[2013/01/29 15:57:08 | 000,276,992 | ---- | C] () -- C:\Program Files (x86)\UnRAR.exe
[2013/01/29 15:57:08 | 000,266,224 | ---- | C] () -- C:\Program Files (x86)\WinRAR.chm
[2013/01/29 15:57:08 | 000,164,864 | ---- | C] () -- C:\Program Files (x86)\RarExt.dll
[2013/01/29 15:57:08 | 000,132,608 | ---- | C] () -- C:\Program Files (x86)\Uninstall.exe
[2013/01/29 15:57:08 | 000,072,704 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX
[2013/01/29 15:57:08 | 000,001,233 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst
[2013/01/29 15:57:08 | 000,000,700 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst
[2013/01/29 12:56:55 | 000,000,408 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/01/14 13:29:23 | 000,000,000 | ---- | C] () -- C:\Windows\Tomb.INI
[2012/12/26 04:05:45 | 000,241,040 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/11/26 15:35:09 | 000,000,408 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/11/26 15:35:09 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/11/26 15:30:48 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012/11/26 15:30:48 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/11/26 15:30:47 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/11/16 19:16:27 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/10 04:13:22 | 022,259,528 | ---- | C] () -- C:\Program Files (x86)\vlc-2.0.1-win32.exe
[2012/02/25 05:29:23 | 001,639,789 | ---- | C] () -- C:\Program Files (x86)\winrar-x64-411.exe
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/07/02 20:44:47 | 000,009,314 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML
[2011/02/04 10:18:49 | 013,358,984 | ---- | C] () -- C:\Program Files (x86)\SAS_919F32C6.COM
[2011/01/30 15:47:18 | 000,173,966 | ---- | C] () -- C:\Program Files (x86)\sfjsetup.exe
[2010/12/13 19:05:47 | 000,007,609 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\resmon.resmoncfg
[2010/12/06 18:27:18 | 000,002,176 | -H-- | C] () -- C:\Program Files\ZbThumbnail.info
[2010/10/15 17:30:34 | 000,001,057 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\vso_ts_preview.xml
[2010/06/24 18:11:27 | 002,236,416 | ---- | C] () -- C:\Program Files (x86)\ue293reg64.exe
[2010/01/21 17:37:47 | 000,022,016 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/05 14:11:32 | 000,717,374 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8138.1
[2010/01/05 14:11:30 | 001,767,146 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8138.0
[2010/01/05 14:10:05 | 000,703,221 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8137.1
[2010/01/05 14:10:04 | 001,747,941 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8137.0
[2009/12/16 20:50:55 | 000,591,586 | ---- | C] () -- C:\Program Files\Pack_Main0En250.exe
[2006/01/06 05:24:34 | 000,000,015 | -H-- | C] () -- C:\Users\Hewlett\AppData\Roaming\Hewlettlog.dat
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 09:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 09:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/06/23 00:20:18 | 000,000,000 | -HSD | M] -- C:\Users\Hewlett\AppData\Roaming\.#
[2010/09/05 18:41:05 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Amazon
[2012/07/13 23:41:51 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AVG
[2013/06/21 22:26:15 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AVG2013
[2013/10/07 23:46:37 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\BitLord
[2013/09/27 19:28:36 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Boomzap
[2012/11/22 15:47:41 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Canon
[2012/02/02 19:31:14 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Casual Arts
[2012/02/01 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\casualArts
[2012/01/14 15:38:03 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Catalina Marketing Corp
[2013/03/27 13:40:19 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Catalina – Print Savings
[2011/09/09 17:30:19 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\com.amazon.music.uploader
[2013/05/02 02:53:58 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ControlCenter4
[2013/10/20 02:37:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\CrashPlan
[2011/12/27 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Digiarty
[2013/05/25 17:05:11 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\DMCache
[2013/05/26 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\EurekaLog
[2013/05/26 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\FDRLab
[2009/12/29 18:18:49 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Foxit
[2011/12/21 01:01:11 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Foxit Software
[2013/09/16 10:40:53 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\FreeBurner
[2011/07/20 00:04:28 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\go
[2013/10/28 19:14:45 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\GoodSync
[2013/05/25 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\IDM
[2013/09/16 10:40:33 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ImgBurn
[2009/12/17 17:27:52 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Leadertech
[2012/08/22 23:07:07 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\mjusbsp
[2012/03/05 13:56:49 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Namco
[2012/10/28 03:00:31 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Netgear Live Parental Controls
[2013/05/03 07:13:29 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Nuance
[2010/10/11 23:49:15 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Serif
[2011/09/03 15:19:26 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\TechSmith
[2010/05/19 18:14:23 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Uniblue
[2013/09/25 18:36:27 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Vast Studios
[2012/01/29 14:24:08 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Vso
[2010/03/02 16:10:50 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\webex
[2009/12/24 22:32:00 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\WinBatch
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2010/02/16 00:00:56 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?r) -- C:\Windows\SysWow64\쓐ř
[2010/02/16 00:00:56 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?r) -- C:\Windows\SysWow64\쓐ř
[2010/01/10 18:46:32 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?Ů) -- C:\Windows\SysWow64\Ů
[2010/01/10 18:46:32 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?Ů) -- C:\Windows\SysWow64\Ů
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:E21987F7
@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:391535F9
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:F3A27FDE
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:1E17A249
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:EBCF5924
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:EFBD4447
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:9BAC4211
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:61F0C8FB
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:D31BE97C
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:2342AE46
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:4673E9EA
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:78E0DF72
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:9ACB70D7
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:4B6A9FDA
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:02DD996C
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:AA6C7C38
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:6B9828AE
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 143 bytes -> C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E8B61305
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:B38BEEEE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:072CBE6D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1A15E356
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:62AF94A0
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:C6D0ABC3
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:6B709AD7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:737160C1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:8E5EA40F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8F925134
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:4EFDF5FB
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:BE0654D6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:7A84B999
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5539129F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:409A775B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:36FFA2FB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0A74923C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6896CCCE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:55F44B88
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:22313216
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:14A1BBE3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0E684AC9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7A0EFE63
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:12258D63
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4EE95FE7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:E83EE313
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:6401C7FF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:1B7E2022
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:7972CF54
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C74D7A47
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:43301D1D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:E32966C0
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:331B76C7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:561B1D2B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:EC0A74A1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:551BED5F
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:F437A62A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5E9B629B
< End of report >
Posted 30 October 2013 - 04:25 PM
In that case methinks I will send you on your merry way
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Delete JRT from the desktop
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
Clear Restore Points
Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Delete JRT from the desktop
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
Clear Restore Points
Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe
Posted 30 October 2013 - 04:45 PM
OKay, thank you again. Will do all you wrote. I don't know what is tied to Java, but I thought it was necessary. Will find out. Not to be too flippant, but I am unsure whether I trust Homeland Security, but will do as you say. Goodbye.
Posted 31 October 2013 - 08:02 AM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Posted 31 October 2013 - 08:40 AM
When I could not load the USPS.com site I had a strange feeling. Now I went to my home page and there it was...SWAGBUCKS! Oh no...once I came to, I decided to go back to geeks to go! When you get the chance, can you give me an idea of what I should do first. Can I follow the directions from yesterday? Thank you for all of your help.
Posted 31 October 2013 - 09:48 AM
Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
The report will be saved in the C:\AdwCleaner folder.
Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', Have it check for updates before scanning.
SAVE Malwarebytes' Anti-Malware to your desktop.
* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Copy the text in the code box:
Run OTL (Vista or Win 7 => right click and Run As Administrator)
Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
Select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them.
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
The report will be saved in the C:\AdwCleaner folder.
Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
- Pause your anti-virus. Close all browsers.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', Have it check for updates before scanning.
SAVE Malwarebytes' Anti-Malware to your desktop.
* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Copy the text in the code box:
DRIVES nnetsvcs %SYSTEMDRIVE%\*.exe %systemroot%\assembly\GAC_32\*.ini %systemroot%\assembly\GAC_64\*.ini msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*.exe %APPDATA%\*. /md5start rsvpsp.dll pnrpnsp.dll nwprovau.dll nlaapi.dll napinsp.dll mswsock.dll winrnr.dll wshelper.dll services.exe atapi.sys explorer.exe winlogon.exe Userinit.exe svchost.exe csrss.exe PrintIsolationHost.exe consrv.dll user32.dll /md5stop dir C:\ /S /A:L /C C:\Windows\assembly\tmp\U\*.* /s %systemroot%\*. /mp /s hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %ProgramFiles%\WINDOWS NT\*.* /s %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT
Run OTL (Vista or Win 7 => right click and Run As Administrator)
Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
Select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them.
Posted 31 October 2013 - 11:07 AM
# AdwCleaner v3.010 - Report created 31/10/2013 at 12:50:53
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Hewlett - HEWLETT-PC
# Running from : C:\Users\Hewlett\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\Uniblue\DriverScanner
[!] Folder Deleted : C:\ProgramData\couponprinter.exe
[!] Folder Deleted : C:\Program Files (x86)\couponprinter.exe
[!] Folder Deleted : C:\Program Files\couponprinter.exe
Folder Deleted : C:\Users\Hewlett\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Hewlett\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Hewlett\AppData\Roaming\BitLord
Folder Deleted : C:\Users\Hewlett\AppData\Roaming\Uniblue\DriverScanner
Folder Deleted : C:\Users\Hewlett\Documents\BitLord
File Deleted : C:\Program Files (x86)\Uninstall.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Hewlett\AppData\Roaming\Mozilla\Firefox\Profiles\v471oqlq.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Hewlett\AppData\Roaming\Mozilla\Firefox\Profiles\v471oqlq.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKCU\Software\53ed68ae03dbd42
Key Deleted : HKLM\SOFTWARE\53ed68ae03dbd42
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16514
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v24.0 (en-US)
[ File : C:\Users\Hewlett\AppData\Roaming\Mozilla\Firefox\Profiles\smj03a5y.default-1379960535967\prefs.js ]
[ File : C:\Users\Hewlett\AppData\Roaming\Mozilla\Firefox\Profiles\v471oqlq.default\prefs.js ]
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "888cd1a300000000000022268247143f");
Line Deleted : user_pref("extensions.delta.instlDay", "15854");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "");
Line Deleted : user_pref("extensions.delta.vrsni", "");
Line Deleted : user_pref("extensions.delta.vrsnTs", "");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tt=gc_");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2260173&octid=CT2260173&SearchSource=61&CUI=UN11919186843093330&UM=2&UP=SP45FC4630-4D79-4BEB-A0D9-6FD0D6F35A40");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2260173&octid=CT2260173&SearchSource=61&CUI=UN11919186843093330&UM=2&UP=SP45FC4630-4D79-4BEB-A0D9-6FD0D6F35A40");
-\\ Google Chrome v
[ File : C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : icon_url
AdwCleaner[R0].txt - [7362 octets] - [31/10/2013 12:39:02]
AdwCleaner[S0].txt - [7014 octets] - [31/10/2013 12:50:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7074 octets] ##########
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Hewlett - HEWLETT-PC
# Running from : C:\Users\Hewlett\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\Uniblue\DriverScanner
[!] Folder Deleted : C:\ProgramData\couponprinter.exe
[!] Folder Deleted : C:\Program Files (x86)\couponprinter.exe
[!] Folder Deleted : C:\Program Files\couponprinter.exe
Folder Deleted : C:\Users\Hewlett\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Hewlett\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Hewlett\AppData\Roaming\BitLord
Folder Deleted : C:\Users\Hewlett\AppData\Roaming\Uniblue\DriverScanner
Folder Deleted : C:\Users\Hewlett\Documents\BitLord
File Deleted : C:\Program Files (x86)\Uninstall.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Hewlett\AppData\Roaming\Mozilla\Firefox\Profiles\v471oqlq.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Hewlett\AppData\Roaming\Mozilla\Firefox\Profiles\v471oqlq.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKCU\Software\53ed68ae03dbd42
Key Deleted : HKLM\SOFTWARE\53ed68ae03dbd42
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16514
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v24.0 (en-US)
[ File : C:\Users\Hewlett\AppData\Roaming\Mozilla\Firefox\Profiles\smj03a5y.default-1379960535967\prefs.js ]
[ File : C:\Users\Hewlett\AppData\Roaming\Mozilla\Firefox\Profiles\v471oqlq.default\prefs.js ]
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "888cd1a300000000000022268247143f");
Line Deleted : user_pref("extensions.delta.instlDay", "15854");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "");
Line Deleted : user_pref("extensions.delta.vrsni", "");
Line Deleted : user_pref("extensions.delta.vrsnTs", "");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tt=gc_");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2260173&octid=CT2260173&SearchSource=61&CUI=UN11919186843093330&UM=2&UP=SP45FC4630-4D79-4BEB-A0D9-6FD0D6F35A40");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2260173&octid=CT2260173&SearchSource=61&CUI=UN11919186843093330&UM=2&UP=SP45FC4630-4D79-4BEB-A0D9-6FD0D6F35A40");
-\\ Google Chrome v
[ File : C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : icon_url
AdwCleaner[R0].txt - [7362 octets] - [31/10/2013 12:39:02]
AdwCleaner[S0].txt - [7014 octets] - [31/10/2013 12:50:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7074 octets] ##########
Posted 31 October 2013 - 11:19 AM
unkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Hewlett on Thu 10/31/2013 at 13:07:58.58
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
Scan was completed on Thu 10/31/2013 at 13:16:22.08
End of JRT log
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Hewlett on Thu 10/31/2013 at 13:07:58.58
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
Scan was completed on Thu 10/31/2013 at 13:16:22.08
End of JRT log
Posted 31 October 2013 - 11:26 AM
Database version: v2013.10.31.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hewlett :: HEWLETT-PC [administrator]
Protection: Disabled
10/31/2013 1:19:44 PM
mbam-log-2013-10-31 (13-19-44).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214475
Time elapsed: 5 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Database version: v2013.10.31.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hewlett :: HEWLETT-PC [administrator]
Protection: Disabled
10/31/2013 1:19:44 PM
mbam-log-2013-10-31 (13-19-44).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214475
Time elapsed: 5 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Posted 31 October 2013 - 11:31 AM
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2013
Ran by Hewlett at 2013-10-31 13:27:53
Running from C:\Users\Hewlett\Desktop
Boot Mode: Normal
==================== Security Center ========================
AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (x32)
2007 Microsoft Office system (x32 Version: 12.0.6612.1000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.13 (x64 edition) (Version:
Adobe AIR (x32 Version:
Adobe Connect 9 Add-in (HKCU Version: 11,2,251,0)
Adobe Digital Editions (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Adobe Shockwave Player 11.6 (x32 Version:
Alt.Binz 0.39.4 (x32 Version: 0.39.4)
Amazon Cloud Drive (HKCU Version: 2.0.2013.841)
Amazon MP3 Downloader 1.0.15 (x32 Version: 1.0.15)
AMD Accelerated Video Transcoding (Version:
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71116.1554)
ArcSoft MediaImpression 2 (x32 Version:
ArcSoft Panorama Maker 4 (x32 Version:
ArcSoft PhotoStudio Darkroom 2 (x32 Version:
ArcSoft Scan-n-Stitch Deluxe (x32 Version:
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3426)
AVG 2013 (Version: 2013.0.3426)
Big City Adventure: London Classic (x32)
Big City Adventure: New York City (x32)
Big City Adventure: Paris (x32)
Big Fish: Game Manager (x32 Version:
Bluetooth by hp (Version:
Brother MFL-Pro Suite MFC-7220 (x32 Version:
Brother MFL-Pro Suite MFC-J430W (x32 Version:
BufferChm (x32 Version: 130.0.331.000)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1)
C4700 (x32 Version: 130.0.373.000)
CameraHelperMsi (x32 Version: 13.31.1038.0)
Canon Easy-WebPrint EX (x32)
Canon MP Navigator EX 3.0 (x32)
Canon MP250 series MP Drivers
Canon MP250 series User Registration (x32)
Canon Utilities Easy-PhotoPrint EX (x32)
Canon Utilities My Printer (x32)
Canon Utilities Solution Menu (x32)
Catalina Savings Printer (x32 Version: 1.0.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center InstallProxy (x32 Version: 2009.0520.1631.27815)
Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190)
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190)
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190)
CCC Help Czech (x32 Version: 2012.1116.1514.27190)
CCC Help Danish (x32 Version: 2012.1116.1514.27190)
CCC Help Dutch (x32 Version: 2012.1116.1514.27190)
CCC Help English (x32 Version: 2012.1116.1514.27190)
CCC Help Finnish (x32 Version: 2012.1116.1514.27190)
CCC Help French (x32 Version: 2012.1116.1514.27190)
CCC Help German (x32 Version: 2012.1116.1514.27190)
CCC Help Greek (x32 Version: 2012.1116.1514.27190)
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190)
CCC Help Italian (x32 Version: 2012.1116.1514.27190)
CCC Help Japanese (x32 Version: 2012.1116.1514.27190)
CCC Help Korean (x32 Version: 2012.1116.1514.27190)
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190)
CCC Help Polish (x32 Version: 2012.1116.1514.27190)
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190)
CCC Help Russian (x32 Version: 2012.1116.1514.27190)
CCC Help Spanish (x32 Version: 2012.1116.1514.27190)
CCC Help Swedish (x32 Version: 2012.1116.1514.27190)
CCC Help Thai (x32 Version: 2012.1116.1514.27190)
CCC Help Turkish (x32 Version: 2012.1116.1514.27190)
ccc-utility64 (Version: 2012.1116.1515.27190)
CCleaner (Version: 4.06)
Christmas Wonderland (x32)
Coupon Printer for Windows (x32 Version:
CrashPlan (Version: 3.5.3)
CutePDF Writer 2.8
Defraggler (Version: 2.15)
Dell System Detect (HKCU Version:
Destinations (x32 Version:
DeviceDiscovery (x32 Version: 130.0.372.000)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)
Dolby Digital Live Pack (x32 Version: 3.00)
DVDFab (25/12/2012) Qt (x32)
eReg (x32 Version:
ERUNT 1.1j (x32)
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0)
FileHippo.com Update Checker (x32)
Foxit Creator (x32 Version: 3,0,2,0506)
Foxit PDF Editor (x32)
GPBaseService2 (x32 Version: 130.0.371.000)
Hardware Diagnostic Tools (Version: 6.0.5434.08)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Advisor (x32 Version: 3.2.8946.3086)
HP Customer Experience Enhancements (x32 Version:
HP Customer Participation Program 13.0 (Version: 13.0)
HP Easy Backup (x32 Version:
HP Imaging Device Functions 13.0 (Version: 13.0)
HP MediaSmart Demo (x32 Version: 1.00.0000)
HP MediaSmart DVD (x32 Version: 3.0.3420)
HP MediaSmart Movie Themes (x32 Version: 3.0.3102)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3601)
HP MediaSmart SmartMenu (Version:
HP Odometer (x32 Version: 2.10.0000)
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Remote Solution (x32 Version:
HP Setup (x32 Version: 1.2.3220.3079)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Support Assistant (x32 Version:
HP Support Information (x32 Version: 10.1.0002)
HP Update (x32 Version:
HPPhotoGadget (x32 Version:
hpPrintProjects (x32 Version: 130.0.303.000)
HPProductAssistant (x32 Version: 130.0.371.000)
hpWLPGInstaller (x32 Version: 130.0.303.000)
HydraVision (x32 Version:
ImagXpress (x32 Version:
i-Menu 2.2 (x32)
ImgBurn (x32 Version:
inSSIDer 2.0 (Version: 2.0.7)
Intel® Matrix Storage Manager
Internet TV for Windows Media Center (x32 Version:
IP Camera Tool (x32 Version: 1.00.0000)
Java 7 Update 40 (64-bit) (Version: 7.0.400)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version:
Java 6 Update 31 (x32 Version: 6.0.310)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Keynote Connector (x32)
K-Lite Codec Pack 6.0.4 (Basic) (x32 Version: 6.0.4)
LabelPrint (x32 Version: 2.5.1901)
LightScribe System Software (x32 Version:
Logitech Onscreen Keyboard 1.0 (Version: 1.00.55)
Logitech SetPoint 6.52 (Version: 6.52.74)
Logitech Vid HD (x32 Version: 7.2 (7230))
Logitech Webcam Software (x32 Version: 2.30)
LWS Facebook (x32 Version: 13.31.1038.0)
LWS Gallery (x32 Version: 13.31.1038.0)
LWS Help_main (x32 Version: 13.31.1044.0)
LWS Launcher (x32 Version: 13.31.1038.0)
LWS Motion Detection (x32 Version: 13.30.1395.0)
LWS Pictures And Video (x32 Version: 13.31.1038.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Video Mask Maker (x32 Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (x32 Version: 13.31.1038.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.31.1038.0)
Malwarebytes Anti-Malware version (x32 Version:
MarketResearch (x32 Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version:
Microsoft Live Search Toolbar (x32 Version: 3.0.560.0)
Microsoft Office 2003 Web Components (x32 Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Live Meeting 2007 (x32 Version: 8.0.6362.187)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (x32 Version: 12.0.6423.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (x32 Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (x32 Version:
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version:
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC100_CRT_x86 (x32 Version: 1.0.0)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Mystery Case Files ®: 13th Skull ™ (x32)
Mystery Case Files ®: Dire Grove ™ (x32)
Mystery Case Files: Huntsville ™ (x32)
Mystery Case Files: Madame Fate ® (x32)
Mystery Case Files: Ravenhearst ® (x32)
Mystery P.I.: Stolen in San Francisco (x32)
Mystery P.I.: The Curious Case of Counterfeit Cove (x32)
Mystery P.I.: The New York Fortune (x32)
neroxml (x32 Version: 1.0.0)
NETGEAR Genie (x32 Version: )
Network64 (Version: 130.0.572.000)
Network64 (Version:
Nuance PaperPort 12 (x32 Version: 12.1.0000)
Nuance PDF Viewer Plus (x32 Version: 5.30.3290)
PaperPort Image Printer 64-bit (Version: 1.00.0001)
PDFZilla V1.2.9 (x32)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Power2Go (x32 Version: 6.0.3101)
PowerDirector (x32 Version: 7.0.3101)
PowerRecover (x32 Version: 5.5.1931)
PS_AIO_06_C4700_SW_Min (x32 Version: 130.0.373.000)
QuickPar 0.9 (x32 Version: 0.9)
Remote Control USB Driver (x32 Version:
RoboForm 7-9-1-1 (All Users) (x32 Version: 7-9-1-1)
Scan (x32 Version:
Scansoft PDF Professional (x32)
Screen+ 1.0 (x32)
Secure Online Account Numbers (x32 Version:
Secure Online Account Numbers (x32 Version:
Skype™ 5.10 (x32 Version: 5.10.116)
SmartWebPrinting (x32 Version:
SolutionCenter (x32 Version: 130.0.373.000)
Sound Blaster X-Fi (x32 Version: 1.0)
Status (x32 Version: 130.0.373.000)
SUPERAntiSpyware (Version: 5.0.1118)
swMSM (x32 Version:
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.376.000)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version:
Visual Studio 2008 x64 Redistributables (x32 Version:
Visual Studio 2010 x64 Redistributables (Version:
VLC media player 2.0.1 (x32 Version: 2.0.1)
WebReg (x32 Version:
Windows Live Communications Platform (x32 Version: 14.0.8098.930)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Photo Gallery (x32 Version: 14.0.8081.709)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Toolbar (x32 Version: 14.0.8064.206)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8089.0726)
WinRAR 4.00 (64-bit) (Version: 4.00.0)
YouTube Song Downloader (x32 Version: 8.2)
==================== Restore Points =========================
30-10-2013 20:56:49 OTL Restore Point - 10/30/2013 4:56:04 PM
==================== Hosts content: ==========================
2009-07-13 22:34 - 2013-10-30 14:59 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0D56175F-39DD-4205-9C1C-5289F27B43D7} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [2013-08-27] (Siber Systems)
Task: {1E0650E0-BE14-4E16-AD58-A7DE1B75F280} - System32\Tasks\{3F9C97BA-7670-4146-9AD2-960DCD8A2026} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {266D5758-758C-4AF5-A0DA-4CFD98F7871E} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {4BCEDAFE-F679-497E-8507-CEDF3A981EBB} - System32\Tasks\Run RoboForm Process => C:\Program Files (x86)\Siber Systems\AI RoboForm\identities.exe [2013-08-27] (Siber Systems)
Task: {4D707DDC-58F4-4C44-AEA7-953ACFBED17C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {6C35D65A-F338-4A9B-89F2-16A7777A15C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {6C76BD4E-9C62-4F42-8ABD-8A5F0D9D6DFA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {8BAFD163-1A6A-4E66-A66A-A8D54A6BAE2A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {A191ACA0-B500-463B-A494-15685BFCBAAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {A6142432-B8F9-4230-A7AA-F2BFCAD93449} - System32\Tasks\HPCeeScheduleForHewlett => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {B6DB0899-0230-4154-BBA0-03D631F46C83} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {BC0BBF31-6476-4B10-AF66-8340752BB477} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {BD89B565-6C23-46A8-8D7C-8EEAB99EBDCC} - System32\Tasks\{2E148BAD-DF4E-4C35-BF6B-CA5A5AA8E384} => Iexplore.exe http://ui.skype.com/...;toolbaroffered
Task: {C02CB7AF-9D9C-4C42-A41A-8A991C6AF2F4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA => C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-31] (Facebook Inc.)
Task: {C7FDE96F-4D1D-4983-B4B0-CD777E273332} - System32\Tasks\Go to RoboForm Install page => C:\Windows\System32\url.dll [2013-09-22] (Microsoft Corporation)
Task: {DCE559D3-11B6-454D-8172-4639FBCEAF46} - System32\Tasks\DVDAgent => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-10-20] (CyberLink Corp.)
Task: {F1BF90C8-2DA5-4430-B01B-BE4F6D347D02} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core => C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-31] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core.job => C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA.job => C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHewlett.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
==================== Loaded Modules (whitelisted) =============
2013-01-29 15:57 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files (x86)\rarext.dll
2012-01-13 10:17 - 2010-03-05 16:59 - 00071680 _____ () C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.dll
2009-12-01 20:49 - 2009-12-01 20:49 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:02DD996C
AlternateDataStreams: C:\ProgramData\Temp:072CBE6D
AlternateDataStreams: C:\ProgramData\Temp:0A74923C
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB
AlternateDataStreams: C:\ProgramData\Temp:0E684AC9
AlternateDataStreams: C:\ProgramData\Temp:12258D63
AlternateDataStreams: C:\ProgramData\Temp:14A1BBE3
AlternateDataStreams: C:\ProgramData\Temp:1A15E356
AlternateDataStreams: C:\ProgramData\Temp:1B7E2022
AlternateDataStreams: C:\ProgramData\Temp:1E17A249
AlternateDataStreams: C:\ProgramData\Temp:1ECED34B
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:22313216
AlternateDataStreams: C:\ProgramData\Temp:2342AE46
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:331B76C7
AlternateDataStreams: C:\ProgramData\Temp:36FFA2FB
AlternateDataStreams: C:\ProgramData\Temp:391535F9
AlternateDataStreams: C:\ProgramData\Temp:409A775B
AlternateDataStreams: C:\ProgramData\Temp:43301D1D
AlternateDataStreams: C:\ProgramData\Temp:4673E9EA
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:4EE95FE7
AlternateDataStreams: C:\ProgramData\Temp:4EFDF5FB
AlternateDataStreams: C:\ProgramData\Temp:551BED5F
AlternateDataStreams: C:\ProgramData\Temp:5539129F
AlternateDataStreams: C:\ProgramData\Temp:55F44B88
AlternateDataStreams: C:\ProgramData\Temp:561B1D2B
AlternateDataStreams: C:\ProgramData\Temp:5E9B629B
AlternateDataStreams: C:\ProgramData\Temp:61B54B15
AlternateDataStreams: C:\ProgramData\Temp:61F0C8FB
AlternateDataStreams: C:\ProgramData\Temp:62AF94A0
AlternateDataStreams: C:\ProgramData\Temp:6401C7FF
AlternateDataStreams: C:\ProgramData\Temp:6896CCCE
AlternateDataStreams: C:\ProgramData\Temp:6B709AD7
AlternateDataStreams: C:\ProgramData\Temp:6B9828AE
AlternateDataStreams: C:\ProgramData\Temp:737160C1
AlternateDataStreams: C:\ProgramData\Temp:78E0DF72
AlternateDataStreams: C:\ProgramData\Temp:7972CF54
AlternateDataStreams: C:\ProgramData\Temp:7A0EFE63
AlternateDataStreams: C:\ProgramData\Temp:7A84B999
AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F
AlternateDataStreams: C:\ProgramData\Temp:8F925134
AlternateDataStreams: C:\ProgramData\Temp:9ACB70D7
AlternateDataStreams: C:\ProgramData\Temp:9BAC4211
AlternateDataStreams: C:\ProgramData\Temp:A02025CE
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD
AlternateDataStreams: C:\ProgramData\Temp:AA6C7C38
AlternateDataStreams: C:\ProgramData\Temp:B36361EE
AlternateDataStreams: C:\ProgramData\Temp:B38BEEEE
AlternateDataStreams: C:\ProgramData\Temp:BE0654D6
AlternateDataStreams: C:\ProgramData\Temp:C22674B6
AlternateDataStreams: C:\ProgramData\Temp:C6D0ABC3
AlternateDataStreams: C:\ProgramData\Temp:C74D7A47
AlternateDataStreams: C:\ProgramData\Temp:D31BE97C
AlternateDataStreams: C:\ProgramData\Temp:E21987F7
AlternateDataStreams: C:\ProgramData\Temp:E32966C0
AlternateDataStreams: C:\ProgramData\Temp:E83EE313
AlternateDataStreams: C:\ProgramData\Temp:E8B61305
AlternateDataStreams: C:\ProgramData\Temp:EBCF5924
AlternateDataStreams: C:\ProgramData\Temp:EC0A74A1
AlternateDataStreams: C:\ProgramData\Temp:EFBD4447
AlternateDataStreams: C:\ProgramData\Temp:F3A27FDE
AlternateDataStreams: C:\ProgramData\Temp:F437A62A
AlternateDataStreams: C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty
AlternateDataStreams: C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML:OECustomProperty
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== Faulty Device Manager Devices =============
Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
System errors:
Microsoft Office Sessions:
Error: (10/20/2013 00:51:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 62036 seconds with 480 seconds of active time. This session ended with a crash.
Error: (07/01/2013 04:03:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1449 seconds with 120 seconds of active time. This session ended with a crash.
Error: (09/17/2012 00:14:03 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21208 seconds with 1860 seconds of active time. This session ended with a crash.
Error: (06/23/2012 07:06:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40505 seconds with 540 seconds of active time. This session ended with a crash.
Error: (06/21/2012 10:13:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8681 seconds with 600 seconds of active time. This session ended with a crash.
Error: (06/05/2012 08:45:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 73254 seconds with 1200 seconds of active time. This session ended with a crash.
Error: (05/31/2012 09:23:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 90202 seconds with 1560 seconds of active time. This session ended with a crash.
Error: (02/16/2012 06:40:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 73339 seconds with 240 seconds of active time. This session ended with a crash.
Error: (10/10/2011 00:34:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 21 seconds with 0 seconds of active time. This session ended with a crash.
Error: (08/29/2011 03:11:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
Date: 2011-09-26 02:51:42.790
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-09-26 02:51:42.758
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-09-26 02:45:23.075
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-09-26 02:45:23.044
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 12279.09 MB
Available physical RAM: 9411.54 MB
Total Pagefile: 24556.37 MB
Available Pagefile: 21507.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (HP) (Fixed) (Total:918.03 GB) (Free:771.27 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.39 GB) (Free:2.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP2) (Fixed) (Total:931.51 GB) (Free:598.17 GB) NTFS
Drive h: (Elements) (Fixed) (Total:1863.01 GB) (Free:1859.47 GB) NTFS
Drive o: (Elements) (Fixed) (Total:931.28 GB) (Free:748.04 GB) FAT32
Drive p: (Elements) (Fixed) (Total:1863.01 GB) (Free:1052.95 GB) NTFS
==================== MBR & Partition Table ==================
Disk: 0 (Size: 932 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
Disk: 1 (Size: 932 GB) (Disk ID: 7A36D280)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
Disk: 6 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00020FC3)
Partition 1: (Not Active) - (Size=-198627557376) - (Type=07 NTFS)
Disk: 7 (Size: 932 GB) (Disk ID: EA81B695)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)
Disk: 8 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000DA1F8)
Partition 1: (Not Active) - (Size=-198627557376) - (Type=07 NTFS)
Ran by Hewlett at 2013-10-31 13:27:53
Running from C:\Users\Hewlett\Desktop
Boot Mode: Normal
==================== Security Center ========================
AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (x32)
2007 Microsoft Office system (x32 Version: 12.0.6612.1000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.13 (x64 edition) (Version:
Adobe AIR (x32 Version:
Adobe Connect 9 Add-in (HKCU Version: 11,2,251,0)
Adobe Digital Editions (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Adobe Shockwave Player 11.6 (x32 Version:
Alt.Binz 0.39.4 (x32 Version: 0.39.4)
Amazon Cloud Drive (HKCU Version: 2.0.2013.841)
Amazon MP3 Downloader 1.0.15 (x32 Version: 1.0.15)
AMD Accelerated Video Transcoding (Version:
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71116.1554)
ArcSoft MediaImpression 2 (x32 Version:
ArcSoft Panorama Maker 4 (x32 Version:
ArcSoft PhotoStudio Darkroom 2 (x32 Version:
ArcSoft Scan-n-Stitch Deluxe (x32 Version:
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3426)
AVG 2013 (Version: 2013.0.3426)
Big City Adventure: London Classic (x32)
Big City Adventure: New York City (x32)
Big City Adventure: Paris (x32)
Big Fish: Game Manager (x32 Version:
Bluetooth by hp (Version:
Brother MFL-Pro Suite MFC-7220 (x32 Version:
Brother MFL-Pro Suite MFC-J430W (x32 Version:
BufferChm (x32 Version: 130.0.331.000)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1)
C4700 (x32 Version: 130.0.373.000)
CameraHelperMsi (x32 Version: 13.31.1038.0)
Canon Easy-WebPrint EX (x32)
Canon MP Navigator EX 3.0 (x32)
Canon MP250 series MP Drivers
Canon MP250 series User Registration (x32)
Canon Utilities Easy-PhotoPrint EX (x32)
Canon Utilities My Printer (x32)
Canon Utilities Solution Menu (x32)
Catalina Savings Printer (x32 Version: 1.0.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center InstallProxy (x32 Version: 2009.0520.1631.27815)
Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190)
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190)
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190)
CCC Help Czech (x32 Version: 2012.1116.1514.27190)
CCC Help Danish (x32 Version: 2012.1116.1514.27190)
CCC Help Dutch (x32 Version: 2012.1116.1514.27190)
CCC Help English (x32 Version: 2012.1116.1514.27190)
CCC Help Finnish (x32 Version: 2012.1116.1514.27190)
CCC Help French (x32 Version: 2012.1116.1514.27190)
CCC Help German (x32 Version: 2012.1116.1514.27190)
CCC Help Greek (x32 Version: 2012.1116.1514.27190)
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190)
CCC Help Italian (x32 Version: 2012.1116.1514.27190)
CCC Help Japanese (x32 Version: 2012.1116.1514.27190)
CCC Help Korean (x32 Version: 2012.1116.1514.27190)
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190)
CCC Help Polish (x32 Version: 2012.1116.1514.27190)
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190)
CCC Help Russian (x32 Version: 2012.1116.1514.27190)
CCC Help Spanish (x32 Version: 2012.1116.1514.27190)
CCC Help Swedish (x32 Version: 2012.1116.1514.27190)
CCC Help Thai (x32 Version: 2012.1116.1514.27190)
CCC Help Turkish (x32 Version: 2012.1116.1514.27190)
ccc-utility64 (Version: 2012.1116.1515.27190)
CCleaner (Version: 4.06)
Christmas Wonderland (x32)
Coupon Printer for Windows (x32 Version:
CrashPlan (Version: 3.5.3)
CutePDF Writer 2.8
Defraggler (Version: 2.15)
Dell System Detect (HKCU Version:
Destinations (x32 Version:
DeviceDiscovery (x32 Version: 130.0.372.000)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)
Dolby Digital Live Pack (x32 Version: 3.00)
DVDFab (25/12/2012) Qt (x32)
eReg (x32 Version:
ERUNT 1.1j (x32)
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0)
FileHippo.com Update Checker (x32)
Foxit Creator (x32 Version: 3,0,2,0506)
Foxit PDF Editor (x32)
GPBaseService2 (x32 Version: 130.0.371.000)
Hardware Diagnostic Tools (Version: 6.0.5434.08)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Advisor (x32 Version: 3.2.8946.3086)
HP Customer Experience Enhancements (x32 Version:
HP Customer Participation Program 13.0 (Version: 13.0)
HP Easy Backup (x32 Version:
HP Imaging Device Functions 13.0 (Version: 13.0)
HP MediaSmart Demo (x32 Version: 1.00.0000)
HP MediaSmart DVD (x32 Version: 3.0.3420)
HP MediaSmart Movie Themes (x32 Version: 3.0.3102)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3601)
HP MediaSmart SmartMenu (Version:
HP Odometer (x32 Version: 2.10.0000)
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Remote Solution (x32 Version:
HP Setup (x32 Version: 1.2.3220.3079)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Support Assistant (x32 Version:
HP Support Information (x32 Version: 10.1.0002)
HP Update (x32 Version:
HPPhotoGadget (x32 Version:
hpPrintProjects (x32 Version: 130.0.303.000)
HPProductAssistant (x32 Version: 130.0.371.000)
hpWLPGInstaller (x32 Version: 130.0.303.000)
HydraVision (x32 Version:
ImagXpress (x32 Version:
i-Menu 2.2 (x32)
ImgBurn (x32 Version:
inSSIDer 2.0 (Version: 2.0.7)
Intel® Matrix Storage Manager
Internet TV for Windows Media Center (x32 Version:
IP Camera Tool (x32 Version: 1.00.0000)
Java 7 Update 40 (64-bit) (Version: 7.0.400)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version:
Java 6 Update 31 (x32 Version: 6.0.310)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Keynote Connector (x32)
K-Lite Codec Pack 6.0.4 (Basic) (x32 Version: 6.0.4)
LabelPrint (x32 Version: 2.5.1901)
LightScribe System Software (x32 Version:
Logitech Onscreen Keyboard 1.0 (Version: 1.00.55)
Logitech SetPoint 6.52 (Version: 6.52.74)
Logitech Vid HD (x32 Version: 7.2 (7230))
Logitech Webcam Software (x32 Version: 2.30)
LWS Facebook (x32 Version: 13.31.1038.0)
LWS Gallery (x32 Version: 13.31.1038.0)
LWS Help_main (x32 Version: 13.31.1044.0)
LWS Launcher (x32 Version: 13.31.1038.0)
LWS Motion Detection (x32 Version: 13.30.1395.0)
LWS Pictures And Video (x32 Version: 13.31.1038.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Video Mask Maker (x32 Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (x32 Version: 13.31.1038.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.31.1038.0)
Malwarebytes Anti-Malware version (x32 Version:
MarketResearch (x32 Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version:
Microsoft Live Search Toolbar (x32 Version: 3.0.560.0)
Microsoft Office 2003 Web Components (x32 Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Live Meeting 2007 (x32 Version: 8.0.6362.187)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (x32 Version: 12.0.6423.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (x32 Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (x32 Version:
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version:
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC100_CRT_x86 (x32 Version: 1.0.0)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Mystery Case Files ®: 13th Skull ™ (x32)
Mystery Case Files ®: Dire Grove ™ (x32)
Mystery Case Files: Huntsville ™ (x32)
Mystery Case Files: Madame Fate ® (x32)
Mystery Case Files: Ravenhearst ® (x32)
Mystery P.I.: Stolen in San Francisco (x32)
Mystery P.I.: The Curious Case of Counterfeit Cove (x32)
Mystery P.I.: The New York Fortune (x32)
neroxml (x32 Version: 1.0.0)
NETGEAR Genie (x32 Version: )
Network64 (Version: 130.0.572.000)
Network64 (Version:
Nuance PaperPort 12 (x32 Version: 12.1.0000)
Nuance PDF Viewer Plus (x32 Version: 5.30.3290)
PaperPort Image Printer 64-bit (Version: 1.00.0001)
PDFZilla V1.2.9 (x32)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Power2Go (x32 Version: 6.0.3101)
PowerDirector (x32 Version: 7.0.3101)
PowerRecover (x32 Version: 5.5.1931)
PS_AIO_06_C4700_SW_Min (x32 Version: 130.0.373.000)
QuickPar 0.9 (x32 Version: 0.9)
Remote Control USB Driver (x32 Version:
RoboForm 7-9-1-1 (All Users) (x32 Version: 7-9-1-1)
Scan (x32 Version:
Scansoft PDF Professional (x32)
Screen+ 1.0 (x32)
Secure Online Account Numbers (x32 Version:
Secure Online Account Numbers (x32 Version:
Skype™ 5.10 (x32 Version: 5.10.116)
SmartWebPrinting (x32 Version:
SolutionCenter (x32 Version: 130.0.373.000)
Sound Blaster X-Fi (x32 Version: 1.0)
Status (x32 Version: 130.0.373.000)
SUPERAntiSpyware (Version: 5.0.1118)
swMSM (x32 Version:
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.376.000)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version:
Visual Studio 2008 x64 Redistributables (x32 Version:
Visual Studio 2010 x64 Redistributables (Version:
VLC media player 2.0.1 (x32 Version: 2.0.1)
WebReg (x32 Version:
Windows Live Communications Platform (x32 Version: 14.0.8098.930)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Photo Gallery (x32 Version: 14.0.8081.709)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Toolbar (x32 Version: 14.0.8064.206)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8089.0726)
WinRAR 4.00 (64-bit) (Version: 4.00.0)
YouTube Song Downloader (x32 Version: 8.2)
==================== Restore Points =========================
30-10-2013 20:56:49 OTL Restore Point - 10/30/2013 4:56:04 PM
==================== Hosts content: ==========================
2009-07-13 22:34 - 2013-10-30 14:59 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0D56175F-39DD-4205-9C1C-5289F27B43D7} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [2013-08-27] (Siber Systems)
Task: {1E0650E0-BE14-4E16-AD58-A7DE1B75F280} - System32\Tasks\{3F9C97BA-7670-4146-9AD2-960DCD8A2026} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {266D5758-758C-4AF5-A0DA-4CFD98F7871E} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {4BCEDAFE-F679-497E-8507-CEDF3A981EBB} - System32\Tasks\Run RoboForm Process => C:\Program Files (x86)\Siber Systems\AI RoboForm\identities.exe [2013-08-27] (Siber Systems)
Task: {4D707DDC-58F4-4C44-AEA7-953ACFBED17C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {6C35D65A-F338-4A9B-89F2-16A7777A15C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {6C76BD4E-9C62-4F42-8ABD-8A5F0D9D6DFA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {8BAFD163-1A6A-4E66-A66A-A8D54A6BAE2A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {A191ACA0-B500-463B-A494-15685BFCBAAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {A6142432-B8F9-4230-A7AA-F2BFCAD93449} - System32\Tasks\HPCeeScheduleForHewlett => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {B6DB0899-0230-4154-BBA0-03D631F46C83} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {BC0BBF31-6476-4B10-AF66-8340752BB477} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {BD89B565-6C23-46A8-8D7C-8EEAB99EBDCC} - System32\Tasks\{2E148BAD-DF4E-4C35-BF6B-CA5A5AA8E384} => Iexplore.exe http://ui.skype.com/...;toolbaroffered
Task: {C02CB7AF-9D9C-4C42-A41A-8A991C6AF2F4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA => C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-31] (Facebook Inc.)
Task: {C7FDE96F-4D1D-4983-B4B0-CD777E273332} - System32\Tasks\Go to RoboForm Install page => C:\Windows\System32\url.dll [2013-09-22] (Microsoft Corporation)
Task: {DCE559D3-11B6-454D-8172-4639FBCEAF46} - System32\Tasks\DVDAgent => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-10-20] (CyberLink Corp.)
Task: {F1BF90C8-2DA5-4430-B01B-BE4F6D347D02} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core => C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-31] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core.job => C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA.job => C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHewlett.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
==================== Loaded Modules (whitelisted) =============
2013-01-29 15:57 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files (x86)\rarext.dll
2012-01-13 10:17 - 2010-03-05 16:59 - 00071680 _____ () C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.dll
2009-12-01 20:49 - 2009-12-01 20:49 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:02DD996C
AlternateDataStreams: C:\ProgramData\Temp:072CBE6D
AlternateDataStreams: C:\ProgramData\Temp:0A74923C
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB
AlternateDataStreams: C:\ProgramData\Temp:0E684AC9
AlternateDataStreams: C:\ProgramData\Temp:12258D63
AlternateDataStreams: C:\ProgramData\Temp:14A1BBE3
AlternateDataStreams: C:\ProgramData\Temp:1A15E356
AlternateDataStreams: C:\ProgramData\Temp:1B7E2022
AlternateDataStreams: C:\ProgramData\Temp:1E17A249
AlternateDataStreams: C:\ProgramData\Temp:1ECED34B
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:22313216
AlternateDataStreams: C:\ProgramData\Temp:2342AE46
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:331B76C7
AlternateDataStreams: C:\ProgramData\Temp:36FFA2FB
AlternateDataStreams: C:\ProgramData\Temp:391535F9
AlternateDataStreams: C:\ProgramData\Temp:409A775B
AlternateDataStreams: C:\ProgramData\Temp:43301D1D
AlternateDataStreams: C:\ProgramData\Temp:4673E9EA
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:4EE95FE7
AlternateDataStreams: C:\ProgramData\Temp:4EFDF5FB
AlternateDataStreams: C:\ProgramData\Temp:551BED5F
AlternateDataStreams: C:\ProgramData\Temp:5539129F
AlternateDataStreams: C:\ProgramData\Temp:55F44B88
AlternateDataStreams: C:\ProgramData\Temp:561B1D2B
AlternateDataStreams: C:\ProgramData\Temp:5E9B629B
AlternateDataStreams: C:\ProgramData\Temp:61B54B15
AlternateDataStreams: C:\ProgramData\Temp:61F0C8FB
AlternateDataStreams: C:\ProgramData\Temp:62AF94A0
AlternateDataStreams: C:\ProgramData\Temp:6401C7FF
AlternateDataStreams: C:\ProgramData\Temp:6896CCCE
AlternateDataStreams: C:\ProgramData\Temp:6B709AD7
AlternateDataStreams: C:\ProgramData\Temp:6B9828AE
AlternateDataStreams: C:\ProgramData\Temp:737160C1
AlternateDataStreams: C:\ProgramData\Temp:78E0DF72
AlternateDataStreams: C:\ProgramData\Temp:7972CF54
AlternateDataStreams: C:\ProgramData\Temp:7A0EFE63
AlternateDataStreams: C:\ProgramData\Temp:7A84B999
AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F
AlternateDataStreams: C:\ProgramData\Temp:8F925134
AlternateDataStreams: C:\ProgramData\Temp:9ACB70D7
AlternateDataStreams: C:\ProgramData\Temp:9BAC4211
AlternateDataStreams: C:\ProgramData\Temp:A02025CE
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD
AlternateDataStreams: C:\ProgramData\Temp:AA6C7C38
AlternateDataStreams: C:\ProgramData\Temp:B36361EE
AlternateDataStreams: C:\ProgramData\Temp:B38BEEEE
AlternateDataStreams: C:\ProgramData\Temp:BE0654D6
AlternateDataStreams: C:\ProgramData\Temp:C22674B6
AlternateDataStreams: C:\ProgramData\Temp:C6D0ABC3
AlternateDataStreams: C:\ProgramData\Temp:C74D7A47
AlternateDataStreams: C:\ProgramData\Temp:D31BE97C
AlternateDataStreams: C:\ProgramData\Temp:E21987F7
AlternateDataStreams: C:\ProgramData\Temp:E32966C0
AlternateDataStreams: C:\ProgramData\Temp:E83EE313
AlternateDataStreams: C:\ProgramData\Temp:E8B61305
AlternateDataStreams: C:\ProgramData\Temp:EBCF5924
AlternateDataStreams: C:\ProgramData\Temp:EC0A74A1
AlternateDataStreams: C:\ProgramData\Temp:EFBD4447
AlternateDataStreams: C:\ProgramData\Temp:F3A27FDE
AlternateDataStreams: C:\ProgramData\Temp:F437A62A
AlternateDataStreams: C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty
AlternateDataStreams: C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML:OECustomProperty
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== Faulty Device Manager Devices =============
Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
System errors:
Microsoft Office Sessions:
Error: (10/20/2013 00:51:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 62036 seconds with 480 seconds of active time. This session ended with a crash.
Error: (07/01/2013 04:03:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1449 seconds with 120 seconds of active time. This session ended with a crash.
Error: (09/17/2012 00:14:03 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21208 seconds with 1860 seconds of active time. This session ended with a crash.
Error: (06/23/2012 07:06:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40505 seconds with 540 seconds of active time. This session ended with a crash.
Error: (06/21/2012 10:13:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8681 seconds with 600 seconds of active time. This session ended with a crash.
Error: (06/05/2012 08:45:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 73254 seconds with 1200 seconds of active time. This session ended with a crash.
Error: (05/31/2012 09:23:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 90202 seconds with 1560 seconds of active time. This session ended with a crash.
Error: (02/16/2012 06:40:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 73339 seconds with 240 seconds of active time. This session ended with a crash.
Error: (10/10/2011 00:34:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 21 seconds with 0 seconds of active time. This session ended with a crash.
Error: (08/29/2011 03:11:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
Date: 2011-09-26 02:51:42.790
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-09-26 02:51:42.758
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-09-26 02:45:23.075
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-09-26 02:45:23.044
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 12279.09 MB
Available physical RAM: 9411.54 MB
Total Pagefile: 24556.37 MB
Available Pagefile: 21507.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (HP) (Fixed) (Total:918.03 GB) (Free:771.27 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.39 GB) (Free:2.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP2) (Fixed) (Total:931.51 GB) (Free:598.17 GB) NTFS
Drive h: (Elements) (Fixed) (Total:1863.01 GB) (Free:1859.47 GB) NTFS
Drive o: (Elements) (Fixed) (Total:931.28 GB) (Free:748.04 GB) FAT32
Drive p: (Elements) (Fixed) (Total:1863.01 GB) (Free:1052.95 GB) NTFS
==================== MBR & Partition Table ==================
Disk: 0 (Size: 932 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
Disk: 1 (Size: 932 GB) (Disk ID: 7A36D280)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
Disk: 6 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00020FC3)
Partition 1: (Not Active) - (Size=-198627557376) - (Type=07 NTFS)
Disk: 7 (Size: 932 GB) (Disk ID: EA81B695)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)
Disk: 8 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000DA1F8)
Partition 1: (Not Active) - (Size=-198627557376) - (Type=07 NTFS)
Posted 31 October 2013 - 11:32 AM
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by Hewlett (administrator) on HEWLETT-PC on 31-10-2013 13:27:31
Running from C:\Users\Hewlett\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Autodata Limited) C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(CrashPlan) O:\CrashPlanService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Orbiscom Ltd. All rights reserved.) C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Orbiscom Ltd.) C:\Windows\SysWOW64\OBroker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [109784 2013-08-27] (Siber Systems)
HKCU\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKCU\...\Policies\system: [EnableLUA] 1
MountPoints2: M - M:\DTLplus_Launcher.exe
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Secure Online Account Numbers] - C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe [376832 2010-03-05] (Orbiscom Ltd. All rights reserved.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://my.ebay.com/w...ll?MyEbay&gbh=1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x74146EA8A3D5CE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {337113BC-D80B-4AE0-95FC-BD4F05655A21} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {337113BC-D80B-4AE0-95FC-BD4F05655A21} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {337113BC-D80B-4AE0-95FC-BD4F05655A21} URL =
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Secure Online Account Numbers Helper - {435EAA86-D32B-484F-869C-53745FCB1642} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll (Orbiscom Ltd. All rights reserved.)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll No File
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll No File
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll No File
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll No File
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Secure Online Account Numbers - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll (Orbiscom Ltd. All rights reserved.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: HKLM-x32 {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB
DPF: HKLM-x32 {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB
DPF: HKLM-x32 {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.c...eUploader57.cab
DPF: HKLM-x32 {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab
DPF: HKLM-x32 {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: HKLM-x32 {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://homedecorator...X_WEB_Win32.cab
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab
DPF: HKLM-x32 {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokeso...1452/MILive.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab
DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab
DPF: HKLM-x32 {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler-x32: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll No File
Tcpip\Parameters: [DhcpNameServer]
FF ProfilePath: C:\Users\Hewlett\AppData\Roaming\Mozilla\Firefox\Profiles\smj03a5y.default-1379960535967
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\\npapicomadapter.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\Hewlett\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Hewlett\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [avg@igeared] - C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF HKLM-x32\...\Firefox\Extensions: [discoversoan@orbiscom] - C:\Program Files (x86)\Discover\SOAN
FF Extension: Secure Online Account Numbers - C:\Program Files (x86)\Discover\SOAN
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Users\Hewlett\AppData\Roaming\IDM\idmmzcc5
CHR Extension: (YouTube) - C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\
CHR Extension: (Password Manager Autofill Engine) - C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddagfbbgmdhmolnjoaghlapikdcahbbl\
CHR Extension: (Logitech SetPoint) - C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0
CHR Extension: (Gmail) - C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Users\Hewlett\AppData\Local\Temp\Rar$EX70.016\Internet Download Manager 6.12 Build 21 Full Crack\IDMGCExt.crx
==================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-07] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2013-01-24] (Autodata Limited)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
R2 Brother XP spl Service; C:\Windows\SysWow64\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd)
R2 CrashPlanService; O:\CrashPlanService.exe [222720 2013-04-08] (CrashPlan)
S4 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S3 DfSdkS; "E:\JAN 18 prog files\Ashampoo WinOptimizer 6\Dfsdks.exe" [x]
S3 STSService; "C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe" [x]
==================== Drivers (Whitelisted) ====================
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2012-03-04] (Digiarty Software, Inc.)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [32768 2009-07-14] (Hauppauge Computer Works, Inc.)
R1 hugoio64; C:\Program Files (x86)\i-Menu\hugoio64.sys [13856 2008-04-29] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-06-27] (CACE Technologies, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2010-01-21] ()
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-20] (CyberLink Corp.)
S3 lvpopf64; system32\DRIVERS\lvpopf64.sys [x]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-31 13:20 - 2013-10-31 13:20 - 01956614 _____ (Farbar) C:\Users\Hewlett\Desktop\FRST64.exe
2013-10-31 13:20 - 2013-10-31 13:20 - 00000000 ____D C:\FRST
2013-10-31 13:16 - 2013-10-31 13:16 - 00000635 _____ C:\Users\Hewlett\Desktop\JRT.txt
2013-10-31 13:07 - 2013-10-31 13:07 - 01033335 _____ (Thisisu) C:\Users\Hewlett\Desktop\JRT.exe
2013-10-31 12:37 - 2013-10-31 12:50 - 00000000 ____D C:\AdwCleaner
2013-10-31 12:36 - 2013-10-31 12:36 - 01060070 _____ C:\Users\Hewlett\AdwCleaner.exe
2013-10-30 19:45 - 2013-10-31 10:44 - 00001961 _____ C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2013-10-30 19:45 - 2013-10-31 10:44 - 00001931 _____ C:\Users\Hewlett\Desktop\Update Checker.lnk
2013-10-30 19:45 - 2013-10-31 10:43 - 00264757 _____ C:\Users\Hewlett\FHSetup.exe
2013-10-30 19:45 - 2013-10-30 19:45 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
2013-10-30 19:44 - 2013-10-30 19:44 - 00047104 ___SH C:\Users\Hewlett\Desktop\Thumbs.db
2013-10-30 18:54 - 2013-10-30 18:54 - 00000524 _____ C:\Windows\PFRO.log
2013-10-30 15:08 - 2013-10-31 12:54 - 00000224 _____ C:\Windows\setupact.log
2013-10-30 15:08 - 2013-10-30 15:08 - 00000000 _____ C:\Windows\setuperr.log
2013-10-30 14:53 - 2013-10-30 14:53 - 00000000 ____D C:\Users\Hewlett\Documents\JRT for geeks
2013-10-30 14:46 - 2013-10-30 14:46 - 00000000 ____D C:\Windows\ERUNT
2013-10-29 20:34 - 2013-10-29 20:34 - 00001126 _____ C:\Users\Hewlett\Desktop\Vast Studios - Shortcut.lnk
2013-10-28 18:40 - 2013-10-28 18:40 - 00000000 ____D C:\Users\Hewlett\Desktop\Games
2013-10-27 13:14 - 2013-10-27 13:14 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2013-10-24 11:48 - 2013-10-24 12:01 - 00010240 ___SH C:\Users\Hewlett\Documents\Thumbs.db
2013-10-24 06:03 - 2013-10-24 12:38 - 01033335 _____ (Thisisu) C:\JRT.exe
2013-10-24 05:52 - 2013-10-24 05:52 - 00985600 _____ C:\Users\Hewlett\MicrosoftFixit50123.msi
2013-10-24 05:41 - 2013-10-24 05:41 - 00966656 _____ C:\Users\Hewlett\Downloads\MicrosoftFixit50043.msi
2013-10-20 21:42 - 2013-10-20 21:42 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 21:42 - 2013-10-20 21:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-16 00:10 - 2013-10-28 18:45 - 00009296 _____ C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
2013-10-09 18:56 - 2013-10-09 18:57 - 04369632 _____ (Piriform Ltd) C:\Program Files (x86)\ccsetup406.exe
2013-10-08 19:00 - 2013-09-22 11:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-08 19:00 - 2013-09-22 11:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-08 19:00 - 2013-09-22 10:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-08 19:00 - 2013-09-22 10:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-08 19:00 - 2013-09-22 10:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-08 19:00 - 2013-09-22 10:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-08 19:00 - 2013-09-22 10:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-08 19:00 - 2013-09-22 10:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-08 19:00 - 2013-09-22 10:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-08 19:00 - 2013-09-22 10:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-08 19:00 - 2013-09-22 10:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-08 19:00 - 2013-09-22 10:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-08 19:00 - 2013-09-22 10:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-08 19:00 - 2013-09-22 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-08 19:00 - 2013-09-22 10:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-08 19:00 - 2013-09-22 10:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-08 19:00 - 2013-09-22 06:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-08 19:00 - 2013-09-22 06:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-08 19:00 - 2013-09-22 06:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-08 19:00 - 2013-09-22 06:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-08 19:00 - 2013-09-22 06:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-08 19:00 - 2013-09-22 06:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-08 19:00 - 2013-09-22 06:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-08 19:00 - 2013-09-22 06:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-08 19:00 - 2013-09-22 06:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-08 19:00 - 2013-09-22 06:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-08 19:00 - 2013-09-22 06:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-08 19:00 - 2013-09-22 06:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-08 19:00 - 2013-09-22 06:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-08 19:00 - 2013-09-22 06:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-08 19:00 - 2013-09-22 06:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-08 19:00 - 2013-09-22 05:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-08 18:45 - 2013-09-13 21:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-08 18:45 - 2013-09-07 22:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-08 18:45 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-08 18:45 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-08 18:45 - 2013-09-04 08:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-08 18:45 - 2013-09-04 08:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-08 18:45 - 2013-09-04 08:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-08 18:45 - 2013-09-04 08:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-08 18:45 - 2013-09-04 08:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-08 18:45 - 2013-09-04 08:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-08 18:45 - 2013-09-04 08:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-08 18:45 - 2013-08-28 22:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-08 18:45 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-08 18:45 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-08 18:45 - 2013-08-28 22:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-08 18:45 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-08 18:45 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-08 18:45 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-08 18:45 - 2013-08-28 21:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-08 18:45 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-08 18:45 - 2013-08-28 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-08 18:45 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-08 18:45 - 2013-08-28 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-08 18:45 - 2013-08-28 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-08 18:45 - 2013-08-28 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-08 18:45 - 2013-08-28 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-08 18:45 - 2013-08-27 21:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-08 18:45 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-08 18:45 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-08 18:45 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 18:45 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 18:45 - 2013-07-12 06:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-08 18:45 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-08 18:45 - 2013-07-12 06:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-08 18:45 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-08 18:45 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-08 18:45 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-08 18:45 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-08 18:45 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-08 18:45 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-08 18:45 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-08 18:45 - 2013-07-03 00:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-08 18:45 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-08 18:45 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-08 18:45 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-08 18:45 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-08 18:45 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-08 18:45 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-08 18:45 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-08 18:45 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-08 18:45 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-08 18:45 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-08 18:45 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-08 18:45 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-08 18:45 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-07 23:48 - 2013-10-07 23:48 - 00000000 ____D C:\Program Files (x86)\My RoboForm Data
2013-10-01 23:33 - 2013-10-01 23:33 - 00000000 ____D C:\Users\Hewlett\AppData\Local\avgchrome
==================== One Month Modified Files and Folders =======
2013-10-31 13:22 - 2013-01-26 16:39 - 00000000 ____D C:\!ebay
2013-10-31 13:20 - 2013-10-31 13:20 - 01956614 _____ (Farbar) C:\Users\Hewlett\Desktop\FRST64.exe
2013-10-31 13:20 - 2013-10-31 13:20 - 00000000 ____D C:\FRST
2013-10-31 13:16 - 2013-10-31 13:16 - 00000635 _____ C:\Users\Hewlett\Desktop\JRT.txt
2013-10-31 13:07 - 2013-10-31 13:07 - 01033335 _____ (Thisisu) C:\Users\Hewlett\Desktop\JRT.exe
2013-10-31 13:05 - 2012-08-16 15:09 - 01666521 _____ C:\Windows\WindowsUpdate.log
2013-10-31 13:05 - 2009-12-17 18:34 - 00000000 ____D C:\!Personal Oct 2013
2013-10-31 13:02 - 2009-07-14 00:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-31 13:02 - 2009-07-14 00:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-31 13:00 - 2009-07-14 01:13 - 00006664 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-31 12:54 - 2013-10-30 15:08 - 00000224 _____ C:\Windows\setupact.log
2013-10-31 12:54 - 2013-01-31 03:33 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForHewlett.job
2013-10-31 12:54 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-31 12:50 - 2013-10-31 12:37 - 00000000 ____D C:\AdwCleaner
2013-10-31 12:50 - 2010-05-19 18:14 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\Uniblue
2013-10-31 12:50 - 2010-05-19 18:14 - 00000000 ____D C:\ProgramData\Uniblue
2013-10-31 12:36 - 2013-10-31 12:36 - 01060070 _____ C:\Users\Hewlett\AdwCleaner.exe
2013-10-31 12:36 - 2009-12-16 15:17 - 00000000 ____D C:\Users\Hewlett
2013-10-31 12:29 - 2012-10-09 16:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-31 11:42 - 2012-08-31 20:37 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA.job
2013-10-31 10:44 - 2013-10-30 19:45 - 00001961 _____ C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2013-10-31 10:44 - 2013-10-30 19:45 - 00001931 _____ C:\Users\Hewlett\Desktop\Update Checker.lnk
2013-10-31 10:43 - 2013-10-30 19:45 - 00264757 _____ C:\Users\Hewlett\FHSetup.exe
2013-10-31 10:42 - 2013-06-15 20:41 - 00180224 ___SH C:\Users\Hewlett\Downloads\Thumbs.db
2013-10-31 09:59 - 2011-07-05 19:27 - 00000000 ____D C:\ProgramData\MFAData
2013-10-31 02:00 - 2013-01-31 03:33 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHewlett
2013-10-31 02:00 - 2011-11-02 04:22 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-10-31 02:00 - 2009-12-17 20:44 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-10-31 01:58 - 2009-12-17 20:43 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\HpUpdate
2013-10-31 01:58 - 2009-12-17 20:43 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\HP Support Assistant
2013-10-30 20:42 - 2012-08-31 20:37 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core.job
2013-10-30 19:45 - 2013-10-30 19:45 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
2013-10-30 19:44 - 2013-10-30 19:44 - 00047104 ___SH C:\Users\Hewlett\Desktop\Thumbs.db
2013-10-30 18:54 - 2013-10-30 18:54 - 00000524 _____ C:\Windows\PFRO.log
2013-10-30 15:25 - 2013-05-04 11:37 - 00000000 ____D C:\Users\Hewlett\Cloud Drive
2013-10-30 15:08 - 2013-10-30 15:08 - 00000000 _____ C:\Windows\setuperr.log
2013-10-30 14:53 - 2013-10-30 14:53 - 00000000 ____D C:\Users\Hewlett\Documents\JRT for geeks
2013-10-30 14:47 - 2013-08-19 21:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-30 14:46 - 2013-10-30 14:46 - 00000000 ____D C:\Windows\ERUNT
2013-10-30 11:33 - 2011-05-29 00:34 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\vlc
2013-10-30 08:40 - 2013-04-14 01:10 - 00000000 ____D C:\Orders
2013-10-30 08:40 - 2010-02-01 17:46 - 00000000 ____D C:\Users\Hewlett\AppData\Local\CutePDF Writer
2013-10-29 21:05 - 2011-08-16 13:20 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-29 20:34 - 2013-10-29 20:34 - 00001126 _____ C:\Users\Hewlett\Desktop\Vast Studios - Shortcut.lnk
2013-10-28 19:14 - 2012-02-16 23:03 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\GoodSync
2013-10-28 18:45 - 2013-10-16 00:10 - 00009296 _____ C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
2013-10-28 18:40 - 2013-10-28 18:40 - 00000000 ____D C:\Users\Hewlett\Desktop\Games
2013-10-28 17:33 - 2010-01-31 18:58 - 00000000 ____D C:\Users\Hewlett\AppData\Local\Deployment
2013-10-28 00:00 - 2009-12-16 19:28 - 00000456 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-10-27 13:14 - 2013-10-27 13:14 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2013-10-27 06:16 - 2012-01-18 17:01 - 00000000 ____D C:\Personal old
2013-10-24 12:38 - 2013-10-24 06:03 - 01033335 _____ (Thisisu) C:\JRT.exe
2013-10-24 12:01 - 2013-10-24 11:48 - 00010240 ___SH C:\Users\Hewlett\Documents\Thumbs.db
2013-10-24 06:52 - 2009-12-16 19:33 - 00000426 _____ C:\Windows\BRWMARK.INI
2013-10-24 05:52 - 2013-10-24 05:52 - 00985600 _____ C:\Users\Hewlett\MicrosoftFixit50123.msi
2013-10-24 05:41 - 2013-10-24 05:41 - 00966656 _____ C:\Users\Hewlett\Downloads\MicrosoftFixit50043.msi
2013-10-23 08:03 - 2013-06-21 22:25 - 00000927 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-10-23 07:37 - 2010-01-21 17:37 - 00022016 _____ C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-22 08:25 - 2013-07-12 12:26 - 00000000 ____D C:\Class Actions
2013-10-21 08:47 - 2010-02-13 19:02 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\dvdcss
2013-10-20 21:42 - 2013-10-20 21:42 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 21:41 - 2013-10-20 21:42 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-20 21:41 - 2013-06-19 21:50 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-20 21:41 - 2013-06-19 21:50 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-20 21:41 - 2013-06-19 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-20 21:41 - 2011-02-21 17:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-20 03:34 - 2012-04-16 00:50 - 00000000 ____D C:\Users\Hewlett\Desktop\nzb
2013-10-20 02:37 - 2013-04-21 18:59 - 00000000 ____D C:\ProgramData\CrashPlan
2013-10-20 02:37 - 2013-04-21 18:58 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\CrashPlan
2013-10-15 09:28 - 2012-08-14 22:50 - 00001726 _____ C:\Users\Public\Desktop\Defraggler.lnk
2013-10-15 09:28 - 2012-08-14 22:50 - 00000000 ____D C:\Program Files\Defraggler
2013-10-12 01:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-12 01:39 - 2013-06-27 09:31 - 00000000 ____D C:\Users\Hewlett\AppData\Local\NETGEARGenie
2013-10-09 18:57 - 2013-10-09 18:56 - 04369632 _____ (Piriform Ltd) C:\Program Files (x86)\ccsetup406.exe
2013-10-09 18:57 - 2013-04-14 00:07 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-09 18:57 - 2011-10-07 12:00 - 00000000 ____D C:\Program Files\CCleaner
2013-10-09 00:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-10-08 20:30 - 2012-10-09 16:57 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 20:30 - 2011-11-01 18:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 20:30 - 2011-05-23 21:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 19:10 - 2009-07-14 00:45 - 00579528 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-08 19:09 - 2012-05-12 22:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-08 19:09 - 2012-05-12 22:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-08 19:03 - 2009-12-11 04:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-08 18:54 - 2013-07-12 08:23 - 00000000 ____D C:\Windows\system32\MRT
2013-10-08 18:52 - 2009-12-17 11:15 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-08 18:47 - 2012-07-24 22:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-08 18:47 - 2011-05-09 17:48 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-08 18:47 - 2011-01-25 20:30 - 00002155 _____ C:\Windows\epplauncher.mif
2013-10-07 23:48 - 2013-10-07 23:48 - 00000000 ____D C:\Program Files (x86)\My RoboForm Data
2013-10-01 23:33 - 2013-10-01 23:33 - 00000000 ____D C:\Users\Hewlett\AppData\Local\avgchrome
Files to move or delete:
Some content of TEMP:
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-31 00:23
Ran by Hewlett (administrator) on HEWLETT-PC on 31-10-2013 13:27:31
Running from C:\Users\Hewlett\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Autodata Limited) C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(CrashPlan) O:\CrashPlanService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Orbiscom Ltd. All rights reserved.) C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Orbiscom Ltd.) C:\Windows\SysWOW64\OBroker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [109784 2013-08-27] (Siber Systems)
HKCU\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKCU\...\Policies\system: [EnableLUA] 1
MountPoints2: M - M:\DTLplus_Launcher.exe
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Secure Online Account Numbers] - C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe [376832 2010-03-05] (Orbiscom Ltd. All rights reserved.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://my.ebay.com/w...ll?MyEbay&gbh=1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x74146EA8A3D5CE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {337113BC-D80B-4AE0-95FC-BD4F05655A21} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {337113BC-D80B-4AE0-95FC-BD4F05655A21} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {337113BC-D80B-4AE0-95FC-BD4F05655A21} URL =
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Secure Online Account Numbers Helper - {435EAA86-D32B-484F-869C-53745FCB1642} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll (Orbiscom Ltd. All rights reserved.)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll No File
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll No File
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll No File
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll No File
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Secure Online Account Numbers - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll (Orbiscom Ltd. All rights reserved.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: HKLM-x32 {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB
DPF: HKLM-x32 {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB
DPF: HKLM-x32 {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.c...eUploader57.cab
DPF: HKLM-x32 {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab
DPF: HKLM-x32 {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: HKLM-x32 {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://homedecorator...X_WEB_Win32.cab
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab
DPF: HKLM-x32 {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokeso...1452/MILive.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab
DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab
DPF: HKLM-x32 {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler-x32: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll No File
Tcpip\Parameters: [DhcpNameServer]
FF ProfilePath: C:\Users\Hewlett\AppData\Roaming\Mozilla\Firefox\Profiles\smj03a5y.default-1379960535967
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\\npapicomadapter.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\Hewlett\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Hewlett\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [avg@igeared] - C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF HKLM-x32\...\Firefox\Extensions: [discoversoan@orbiscom] - C:\Program Files (x86)\Discover\SOAN
FF Extension: Secure Online Account Numbers - C:\Program Files (x86)\Discover\SOAN
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Users\Hewlett\AppData\Roaming\IDM\idmmzcc5
CHR Extension: (YouTube) - C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\
CHR Extension: (Password Manager Autofill Engine) - C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddagfbbgmdhmolnjoaghlapikdcahbbl\
CHR Extension: (Logitech SetPoint) - C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0
CHR Extension: (Gmail) - C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Users\Hewlett\AppData\Local\Temp\Rar$EX70.016\Internet Download Manager 6.12 Build 21 Full Crack\IDMGCExt.crx
==================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-07] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2013-01-24] (Autodata Limited)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
R2 Brother XP spl Service; C:\Windows\SysWow64\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd)
R2 CrashPlanService; O:\CrashPlanService.exe [222720 2013-04-08] (CrashPlan)
S4 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S3 DfSdkS; "E:\JAN 18 prog files\Ashampoo WinOptimizer 6\Dfsdks.exe" [x]
S3 STSService; "C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe" [x]
==================== Drivers (Whitelisted) ====================
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2012-03-04] (Digiarty Software, Inc.)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [32768 2009-07-14] (Hauppauge Computer Works, Inc.)
R1 hugoio64; C:\Program Files (x86)\i-Menu\hugoio64.sys [13856 2008-04-29] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-06-27] (CACE Technologies, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2010-01-21] ()
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-20] (CyberLink Corp.)
S3 lvpopf64; system32\DRIVERS\lvpopf64.sys [x]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-31 13:20 - 2013-10-31 13:20 - 01956614 _____ (Farbar) C:\Users\Hewlett\Desktop\FRST64.exe
2013-10-31 13:20 - 2013-10-31 13:20 - 00000000 ____D C:\FRST
2013-10-31 13:16 - 2013-10-31 13:16 - 00000635 _____ C:\Users\Hewlett\Desktop\JRT.txt
2013-10-31 13:07 - 2013-10-31 13:07 - 01033335 _____ (Thisisu) C:\Users\Hewlett\Desktop\JRT.exe
2013-10-31 12:37 - 2013-10-31 12:50 - 00000000 ____D C:\AdwCleaner
2013-10-31 12:36 - 2013-10-31 12:36 - 01060070 _____ C:\Users\Hewlett\AdwCleaner.exe
2013-10-30 19:45 - 2013-10-31 10:44 - 00001961 _____ C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2013-10-30 19:45 - 2013-10-31 10:44 - 00001931 _____ C:\Users\Hewlett\Desktop\Update Checker.lnk
2013-10-30 19:45 - 2013-10-31 10:43 - 00264757 _____ C:\Users\Hewlett\FHSetup.exe
2013-10-30 19:45 - 2013-10-30 19:45 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
2013-10-30 19:44 - 2013-10-30 19:44 - 00047104 ___SH C:\Users\Hewlett\Desktop\Thumbs.db
2013-10-30 18:54 - 2013-10-30 18:54 - 00000524 _____ C:\Windows\PFRO.log
2013-10-30 15:08 - 2013-10-31 12:54 - 00000224 _____ C:\Windows\setupact.log
2013-10-30 15:08 - 2013-10-30 15:08 - 00000000 _____ C:\Windows\setuperr.log
2013-10-30 14:53 - 2013-10-30 14:53 - 00000000 ____D C:\Users\Hewlett\Documents\JRT for geeks
2013-10-30 14:46 - 2013-10-30 14:46 - 00000000 ____D C:\Windows\ERUNT
2013-10-29 20:34 - 2013-10-29 20:34 - 00001126 _____ C:\Users\Hewlett\Desktop\Vast Studios - Shortcut.lnk
2013-10-28 18:40 - 2013-10-28 18:40 - 00000000 ____D C:\Users\Hewlett\Desktop\Games
2013-10-27 13:14 - 2013-10-27 13:14 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2013-10-24 11:48 - 2013-10-24 12:01 - 00010240 ___SH C:\Users\Hewlett\Documents\Thumbs.db
2013-10-24 06:03 - 2013-10-24 12:38 - 01033335 _____ (Thisisu) C:\JRT.exe
2013-10-24 05:52 - 2013-10-24 05:52 - 00985600 _____ C:\Users\Hewlett\MicrosoftFixit50123.msi
2013-10-24 05:41 - 2013-10-24 05:41 - 00966656 _____ C:\Users\Hewlett\Downloads\MicrosoftFixit50043.msi
2013-10-20 21:42 - 2013-10-20 21:42 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 21:42 - 2013-10-20 21:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-16 00:10 - 2013-10-28 18:45 - 00009296 _____ C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
2013-10-09 18:56 - 2013-10-09 18:57 - 04369632 _____ (Piriform Ltd) C:\Program Files (x86)\ccsetup406.exe
2013-10-08 19:00 - 2013-09-22 11:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-08 19:00 - 2013-09-22 11:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-08 19:00 - 2013-09-22 10:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-08 19:00 - 2013-09-22 10:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-08 19:00 - 2013-09-22 10:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-08 19:00 - 2013-09-22 10:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-08 19:00 - 2013-09-22 10:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-08 19:00 - 2013-09-22 10:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-08 19:00 - 2013-09-22 10:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-08 19:00 - 2013-09-22 10:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-08 19:00 - 2013-09-22 10:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-08 19:00 - 2013-09-22 10:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-08 19:00 - 2013-09-22 10:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-08 19:00 - 2013-09-22 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-08 19:00 - 2013-09-22 10:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-08 19:00 - 2013-09-22 10:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-08 19:00 - 2013-09-22 06:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-08 19:00 - 2013-09-22 06:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-08 19:00 - 2013-09-22 06:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-08 19:00 - 2013-09-22 06:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-08 19:00 - 2013-09-22 06:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-08 19:00 - 2013-09-22 06:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-08 19:00 - 2013-09-22 06:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-08 19:00 - 2013-09-22 06:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-08 19:00 - 2013-09-22 06:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-08 19:00 - 2013-09-22 06:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-08 19:00 - 2013-09-22 06:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-08 19:00 - 2013-09-22 06:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-08 19:00 - 2013-09-22 06:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-08 19:00 - 2013-09-22 06:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-08 19:00 - 2013-09-22 06:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-08 19:00 - 2013-09-22 05:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-08 18:45 - 2013-09-13 21:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-08 18:45 - 2013-09-07 22:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-08 18:45 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-08 18:45 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-08 18:45 - 2013-09-04 08:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-08 18:45 - 2013-09-04 08:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-08 18:45 - 2013-09-04 08:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-08 18:45 - 2013-09-04 08:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-08 18:45 - 2013-09-04 08:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-08 18:45 - 2013-09-04 08:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-08 18:45 - 2013-09-04 08:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-08 18:45 - 2013-08-28 22:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-08 18:45 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-08 18:45 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-08 18:45 - 2013-08-28 22:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-08 18:45 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-08 18:45 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-08 18:45 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-08 18:45 - 2013-08-28 21:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-08 18:45 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-08 18:45 - 2013-08-28 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-08 18:45 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-08 18:45 - 2013-08-28 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-08 18:45 - 2013-08-28 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-08 18:45 - 2013-08-28 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-08 18:45 - 2013-08-28 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-08 18:45 - 2013-08-27 21:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-08 18:45 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-08 18:45 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-08 18:45 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 18:45 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 18:45 - 2013-07-12 06:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-08 18:45 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-08 18:45 - 2013-07-12 06:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-08 18:45 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-08 18:45 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-08 18:45 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-08 18:45 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-08 18:45 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-08 18:45 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-08 18:45 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-08 18:45 - 2013-07-03 00:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-08 18:45 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-08 18:45 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-08 18:45 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-08 18:45 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-08 18:45 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-08 18:45 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-08 18:45 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-08 18:45 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-08 18:45 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-08 18:45 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-08 18:45 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-08 18:45 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-08 18:45 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-07 23:48 - 2013-10-07 23:48 - 00000000 ____D C:\Program Files (x86)\My RoboForm Data
2013-10-01 23:33 - 2013-10-01 23:33 - 00000000 ____D C:\Users\Hewlett\AppData\Local\avgchrome
==================== One Month Modified Files and Folders =======
2013-10-31 13:22 - 2013-01-26 16:39 - 00000000 ____D C:\!ebay
2013-10-31 13:20 - 2013-10-31 13:20 - 01956614 _____ (Farbar) C:\Users\Hewlett\Desktop\FRST64.exe
2013-10-31 13:20 - 2013-10-31 13:20 - 00000000 ____D C:\FRST
2013-10-31 13:16 - 2013-10-31 13:16 - 00000635 _____ C:\Users\Hewlett\Desktop\JRT.txt
2013-10-31 13:07 - 2013-10-31 13:07 - 01033335 _____ (Thisisu) C:\Users\Hewlett\Desktop\JRT.exe
2013-10-31 13:05 - 2012-08-16 15:09 - 01666521 _____ C:\Windows\WindowsUpdate.log
2013-10-31 13:05 - 2009-12-17 18:34 - 00000000 ____D C:\!Personal Oct 2013
2013-10-31 13:02 - 2009-07-14 00:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-31 13:02 - 2009-07-14 00:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-31 13:00 - 2009-07-14 01:13 - 00006664 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-31 12:54 - 2013-10-30 15:08 - 00000224 _____ C:\Windows\setupact.log
2013-10-31 12:54 - 2013-01-31 03:33 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForHewlett.job
2013-10-31 12:54 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-31 12:50 - 2013-10-31 12:37 - 00000000 ____D C:\AdwCleaner
2013-10-31 12:50 - 2010-05-19 18:14 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\Uniblue
2013-10-31 12:50 - 2010-05-19 18:14 - 00000000 ____D C:\ProgramData\Uniblue
2013-10-31 12:36 - 2013-10-31 12:36 - 01060070 _____ C:\Users\Hewlett\AdwCleaner.exe
2013-10-31 12:36 - 2009-12-16 15:17 - 00000000 ____D C:\Users\Hewlett
2013-10-31 12:29 - 2012-10-09 16:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-31 11:42 - 2012-08-31 20:37 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA.job
2013-10-31 10:44 - 2013-10-30 19:45 - 00001961 _____ C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2013-10-31 10:44 - 2013-10-30 19:45 - 00001931 _____ C:\Users\Hewlett\Desktop\Update Checker.lnk
2013-10-31 10:43 - 2013-10-30 19:45 - 00264757 _____ C:\Users\Hewlett\FHSetup.exe
2013-10-31 10:42 - 2013-06-15 20:41 - 00180224 ___SH C:\Users\Hewlett\Downloads\Thumbs.db
2013-10-31 09:59 - 2011-07-05 19:27 - 00000000 ____D C:\ProgramData\MFAData
2013-10-31 02:00 - 2013-01-31 03:33 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHewlett
2013-10-31 02:00 - 2011-11-02 04:22 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-10-31 02:00 - 2009-12-17 20:44 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-10-31 01:58 - 2009-12-17 20:43 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\HpUpdate
2013-10-31 01:58 - 2009-12-17 20:43 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\HP Support Assistant
2013-10-30 20:42 - 2012-08-31 20:37 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core.job
2013-10-30 19:45 - 2013-10-30 19:45 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
2013-10-30 19:44 - 2013-10-30 19:44 - 00047104 ___SH C:\Users\Hewlett\Desktop\Thumbs.db
2013-10-30 18:54 - 2013-10-30 18:54 - 00000524 _____ C:\Windows\PFRO.log
2013-10-30 15:25 - 2013-05-04 11:37 - 00000000 ____D C:\Users\Hewlett\Cloud Drive
2013-10-30 15:08 - 2013-10-30 15:08 - 00000000 _____ C:\Windows\setuperr.log
2013-10-30 14:53 - 2013-10-30 14:53 - 00000000 ____D C:\Users\Hewlett\Documents\JRT for geeks
2013-10-30 14:47 - 2013-08-19 21:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-30 14:46 - 2013-10-30 14:46 - 00000000 ____D C:\Windows\ERUNT
2013-10-30 11:33 - 2011-05-29 00:34 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\vlc
2013-10-30 08:40 - 2013-04-14 01:10 - 00000000 ____D C:\Orders
2013-10-30 08:40 - 2010-02-01 17:46 - 00000000 ____D C:\Users\Hewlett\AppData\Local\CutePDF Writer
2013-10-29 21:05 - 2011-08-16 13:20 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-29 20:34 - 2013-10-29 20:34 - 00001126 _____ C:\Users\Hewlett\Desktop\Vast Studios - Shortcut.lnk
2013-10-28 19:14 - 2012-02-16 23:03 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\GoodSync
2013-10-28 18:45 - 2013-10-16 00:10 - 00009296 _____ C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
2013-10-28 18:40 - 2013-10-28 18:40 - 00000000 ____D C:\Users\Hewlett\Desktop\Games
2013-10-28 17:33 - 2010-01-31 18:58 - 00000000 ____D C:\Users\Hewlett\AppData\Local\Deployment
2013-10-28 00:00 - 2009-12-16 19:28 - 00000456 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-10-27 13:14 - 2013-10-27 13:14 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2013-10-27 06:16 - 2012-01-18 17:01 - 00000000 ____D C:\Personal old
2013-10-24 12:38 - 2013-10-24 06:03 - 01033335 _____ (Thisisu) C:\JRT.exe
2013-10-24 12:01 - 2013-10-24 11:48 - 00010240 ___SH C:\Users\Hewlett\Documents\Thumbs.db
2013-10-24 06:52 - 2009-12-16 19:33 - 00000426 _____ C:\Windows\BRWMARK.INI
2013-10-24 05:52 - 2013-10-24 05:52 - 00985600 _____ C:\Users\Hewlett\MicrosoftFixit50123.msi
2013-10-24 05:41 - 2013-10-24 05:41 - 00966656 _____ C:\Users\Hewlett\Downloads\MicrosoftFixit50043.msi
2013-10-23 08:03 - 2013-06-21 22:25 - 00000927 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-10-23 07:37 - 2010-01-21 17:37 - 00022016 _____ C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-22 08:25 - 2013-07-12 12:26 - 00000000 ____D C:\Class Actions
2013-10-21 08:47 - 2010-02-13 19:02 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\dvdcss
2013-10-20 21:42 - 2013-10-20 21:42 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 21:41 - 2013-10-20 21:42 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-20 21:41 - 2013-06-19 21:50 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-20 21:41 - 2013-06-19 21:50 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-20 21:41 - 2013-06-19 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-20 21:41 - 2011-02-21 17:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-20 03:34 - 2012-04-16 00:50 - 00000000 ____D C:\Users\Hewlett\Desktop\nzb
2013-10-20 02:37 - 2013-04-21 18:59 - 00000000 ____D C:\ProgramData\CrashPlan
2013-10-20 02:37 - 2013-04-21 18:58 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\CrashPlan
2013-10-15 09:28 - 2012-08-14 22:50 - 00001726 _____ C:\Users\Public\Desktop\Defraggler.lnk
2013-10-15 09:28 - 2012-08-14 22:50 - 00000000 ____D C:\Program Files\Defraggler
2013-10-12 01:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-12 01:39 - 2013-06-27 09:31 - 00000000 ____D C:\Users\Hewlett\AppData\Local\NETGEARGenie
2013-10-09 18:57 - 2013-10-09 18:56 - 04369632 _____ (Piriform Ltd) C:\Program Files (x86)\ccsetup406.exe
2013-10-09 18:57 - 2013-04-14 00:07 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-09 18:57 - 2011-10-07 12:00 - 00000000 ____D C:\Program Files\CCleaner
2013-10-09 00:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-10-08 20:30 - 2012-10-09 16:57 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 20:30 - 2011-11-01 18:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 20:30 - 2011-05-23 21:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 19:10 - 2009-07-14 00:45 - 00579528 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-08 19:09 - 2012-05-12 22:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-08 19:09 - 2012-05-12 22:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-08 19:03 - 2009-12-11 04:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-08 18:54 - 2013-07-12 08:23 - 00000000 ____D C:\Windows\system32\MRT
2013-10-08 18:52 - 2009-12-17 11:15 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-08 18:47 - 2012-07-24 22:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-08 18:47 - 2011-05-09 17:48 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-08 18:47 - 2011-01-25 20:30 - 00002155 _____ C:\Windows\epplauncher.mif
2013-10-07 23:48 - 2013-10-07 23:48 - 00000000 ____D C:\Program Files (x86)\My RoboForm Data
2013-10-01 23:33 - 2013-10-01 23:33 - 00000000 ____D C:\Users\Hewlett\AppData\Local\avgchrome
Files to move or delete:
Some content of TEMP:
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-31 00:23
Posted 31 October 2013 - 11:47 AM
OTL logfile created on: 10/31/2013 1:35:49 PM - Run 1
OTL by OldTimer - Version Folder = C:\Users\Hewlett\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
11.99 Gb Total Physical Memory | 9.20 Gb Available Physical Memory | 76.69% Memory free
23.98 Gb Paging File | 21.00 Gb Available in Paging File | 87.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.03 Gb Total Space | 771.27 Gb Free Space | 84.01% Space Free | Partition Type: NTFS
Drive D: | 13.39 Gb Total Space | 2.39 Gb Free Space | 17.86% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 598.17 Gb Free Space | 64.21% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 1859.47 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive O: | 931.28 Gb Total Space | 748.04 Gb Free Space | 80.32% Space Free | Partition Type: FAT32
Drive P: | 1863.01 Gb Total Space | 1052.95 Gb Free Space | 56.52% Space Free | Partition Type: NTFS
Computer Name: HEWLETT-PC | User Name: Hewlett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/10/31 13:34:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
PRC - [2013/09/23 01:17:34 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2013/08/27 21:03:20 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/24 13:44:22 | 000,072,704 | ---- | M] (Autodata Limited) -- C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 17:03:26 | 000,376,832 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe
PRC - [2010/03/05 17:02:02 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/06/04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSVC01A.EXE
PRC - [2001/12/13 01:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSS01A.EXE
========== Modules (No Company Name) ==========
MOD - [2010/03/05 16:59:44 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/08/09 20:02:12 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/07 21:22:19 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/09/08 02:51:16 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/01 22:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2013/10/08 20:30:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/08 19:37:58 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- O:\CrashPlanService.exe -- (CrashPlanService)
SRV - [2013/04/07 07:39:20 | 000,232,192 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/24 13:44:22 | 000,072,704 | ---- | M] (Autodata Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/12/11 04:42:55 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/12/11 04:42:26 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/09 20:02:14 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013/08/09 20:02:14 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/06/27 09:31:39 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/10 19:32:06 | 001,907,440 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/01/03 04:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/01/03 04:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/04 12:29:52 | 000,276,256 | ---- | M] (Digiarty Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/25 03:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/08 03:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/09/08 03:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/08 02:15:06 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/21 16:59:09 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/12/19 14:23:52 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/10/14 19:29:46 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/14 19:29:44 | 000,230,480 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/10/14 19:29:02 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/14 19:29:02 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:46:06 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/01 08:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 08:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 08:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/12 14:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/07 11:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/10/20 14:50:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/19 12:24:59] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/04/29 20:27:24 | 000,013,856 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\i-Menu\hugoio64.sys -- (hugoio64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{337113BC-D80B-4AE0-95FC-BD4F05655A21}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{337113BC-D80B-4AE0-95FC-BD4F05655A21}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://my.ebay.com/ws/eBayISAPI.dl [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 14 6E A8 A3 D5 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...E10SR&pc=HPDTDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Hewlett\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Hewlett\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 20:12:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\discoversoan@orbiscom: C:\Program Files (x86)\Discover\SOAN [2012/01/13 10:17:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/05/06 00:56:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013/08/27 23:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 20:12:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Hewlett\AppData\Roaming\IDM\idmmzcc5
[2013/05/25 16:05:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Extensions
[2013/10/08 19:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Firefox\Profiles\smj03a5y.default-1379960535967\Extensions
[2013/10/08 18:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Firefox\Profiles\v471oqlq.default\extensions
[2013/09/16 12:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/08/19 21:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/25 15:13:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/24 15:32:16 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2006/09/26 14:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddagfbbgmdhmolnjoaghlapikdcahbbl\\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013/10/30 14:59:25 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Secure Online Account Numbers Helper) - {435EAA86-D32B-484F-869C-53745FCB1642} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll File not found
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Secure Online Account Numbers) - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Secure Online Account Numbers] C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.c...eUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://homedecorator...X_WEB_Win32.cab (20-20 3D Viewer for WEB)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokeso...1452/MILive.cab (Invoke Solutions MILiveParticipantPadHelper Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Invoke Solutions Participant Control(MR))
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05CBDC94-EDE7-44A8-AE0D-41EA25F23289}: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2B8D6F6-CFF4-4E54-9A58-84B2CF81C715}: DhcpNameServer =
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/02 17:30:52 | 000,000,000 | RH-D | M] - P:\autorun -- [ NTFS ]
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\DTLplus_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Onscreen Keyboard.lnk - C:\Program Files\Logitech\OnScreen Keyboard\LOnScreenKeyboard.exe - (Logitech, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^Hewlett^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Cloud Drive.lnk - C:\Users\Hewlett\AppData\Local\Apps\2.0\M23K5LCL.GD3\JN29OKJQ.ZDY\AMAZTI~1.000\AMAZON~1.EXE - (Amazon Digital Services, LLC.)
MsConfig:64bit - StartUpFolder: C:^Users^Hewlett^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig:64bit - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig:64bit - StartUpReg: BrStsMon00 - hkey= - key= - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig:64bit - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig:64bit - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig:64bit - StartUpReg: ControlCenter4 - hkey= - key= - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
MsConfig:64bit - StartUpReg: CTxfiHlp - hkey= - key= - C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: DVDFab Passkey - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: EvtMgr6 - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig:64bit - StartUpReg: GoogleDriveSync - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Grid - hkey= - key= - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe ()
MsConfig:64bit - StartUpReg: HP Remote Solution - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
MsConfig:64bit - StartUpReg: hpsysdrv - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HydraVisionDesktopManager - hkey= - key= - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
MsConfig:64bit - StartUpReg: IDMan - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: ISUSPM - hkey= - key= - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
MsConfig:64bit - StartUpReg: KasperskyPasswordManager - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Logitech Vid - hkey= - key= - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: LWS - hkey= - key= - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: NETGEARGenie - hkey= - key= - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()
MsConfig:64bit - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: PDF5 Registry Controller - hkey= - key= - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: PDFHook - hkey= - key= - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: PPort12reminder - hkey= - key= - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: SmartMenu - hkey= - key= - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
MsConfig:64bit - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.)
MsConfig:64bit - StartUpReg: Vidalia - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: VolPanel - hkey= - key= - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\system32\ieudinit.exe
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX:64bit: >{aafa5c78-3f99-4996-b6c5-2521f0ad7120} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7CC11B09-FA69-F498-7009-C9D74E5BD559} - Themes Setup
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AAF107F6-4392-E3D1-F5FA-D76E2ECC5C58} - Microsoft Windows Media Player 12.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {F5CA6589-4358-75BC-C9FC-0A7AEFFDB691} - Browser Customizations
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/10/31 13:34:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
[2013/10/31 13:20:53 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/31 13:20:32 | 001,956,614 | ---- | C] (Farbar) -- C:\Users\Hewlett\Desktop\FRST64.exe
[2013/10/31 13:07:31 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\Hewlett\Desktop\JRT.exe
[2013/10/31 12:37:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/30 19:45:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2013/10/30 14:53:27 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Documents\JRT for geeks
[2013/10/30 14:46:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/28 18:40:16 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Desktop\Games
[2013/10/27 13:14:53 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2013/10/24 06:03:54 | 001,033,335 | ---- | C] (Thisisu) -- C:\JRT.exe
[2013/10/23 08:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/10/20 21:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/20 21:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/20 21:42:01 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/20 02:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
[2013/10/09 18:56:52 | 004,369,632 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup406.exe
[2013/10/08 19:00:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/10/08 19:00:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/10/08 19:00:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/08 19:00:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/08 19:00:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/10/08 19:00:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/10/08 19:00:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/10/08 19:00:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/10/08 19:00:18 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/08 19:00:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/08 19:00:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/10/08 19:00:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/10/08 19:00:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/08 19:00:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/08 19:00:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/10/08 18:45:49 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/08 18:45:48 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/08 18:45:47 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/08 18:45:47 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/08 18:45:47 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/08 18:45:47 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/08 18:45:46 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/08 18:45:46 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/08 18:45:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/08 18:45:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/08 18:45:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/08 18:45:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/08 18:45:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/08 18:45:43 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/08 18:45:41 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/08 18:45:41 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/08 18:45:41 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/08 18:45:41 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/08 18:45:41 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/08 18:45:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/08 18:45:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/08 18:45:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/08 18:45:40 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/08 18:45:40 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/08 18:45:40 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/08 18:45:39 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/08 18:45:30 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/08 18:45:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/08 18:45:30 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/08 18:45:30 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/07 23:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My RoboForm Data
[2013/10/01 23:33:11 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Local\avgchrome
[2013/09/25 20:03:20 | 153,684,128 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Hewlett\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
[2013/09/25 19:38:49 | 030,669,224 | ---- | C] (Oracle Corporation) -- C:\Users\Hewlett\jre-7u40-windows-x64.exe
[2013/09/25 19:21:47 | 002,014,840 | ---- | C] (DriverBoost) -- C:\Program Files (x86)\DriverBoostPro_Setup.exe
[2013/08/29 00:31:00 | 013,813,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\mseinstall.exe
[2013/08/27 21:03:12 | 014,266,592 | ---- | C] (Siber Systems) -- C:\Program Files (x86)\AiRoboForm-cnetc.exe
[2013/08/07 19:42:19 | 004,100,432 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\dfsetup215.exe
[2013/07/10 17:50:40 | 010,104,832 | ---- | C] (© Phoenix Technologies Ltd. ) -- C:\Program Files (x86)\N4110A11.exe
[2013/06/27 09:31:14 | 016,974,720 | ---- | C] (NETGEAR Inc.) -- C:\Program Files (x86)\NETGEARGenie-install.exe
[2013/06/16 18:03:35 | 020,896,392 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Windows-KB890830-x64-V5.1.exe
[2013/06/16 18:01:57 | 013,475,464 | ---- | C] (Microsoft Corporation) -- C:\Users\Hewlett\mseinstall.exe
[2013/05/29 18:26:37 | 013,998,208 | ---- | C] (Abelssoft ) -- C:\Program Files (x86)\ysd.exe
[2013/05/26 15:11:28 | 032,891,536 | ---- | C] (Amazon.com) -- C:\Program Files (x86)\KindleForPC-installer.exe.tm8cly3.partial
[2013/05/06 00:54:06 | 003,685,760 | ---- | C] (Logitech Inc.) -- C:\Program Files (x86)\setpoint652_smart.exe
[2013/03/27 13:40:24 | 002,148,152 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Hewlett\AppData\Local\BcsKtYcHW.dll
[2012/03/24 15:31:20 | 000,485,576 | ---- | C] (Catalina Marketing Corp. ) -- C:\Program Files\CouponActivator.exe
[2012/03/21 15:55:20 | 165,923,488 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Program Files\12-2_vista_win7_64_dd_ccc.exe
[2011/11/17 05:28:37 | 005,855,312 | ---- | C] (Digiarty ) -- C:\Program Files (x86)\winx-bd-decrypter.exe
[2011/09/20 09:42:10 | 000,946,352 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files (x86)\SkypeSetup.exe
[2011/08/20 12:19:14 | 001,637,504 | ---- | C] (Hewlett-Packard Development Company, L.P. ) -- C:\Program Files (x86)\sp49903.exe
[2011/08/04 01:30:58 | 000,046,464 | ---- | C] (SUPERAdBlocker.com) -- C:\Program Files (x86)\SASTask.exe
[2011/08/01 00:36:23 | 011,721,512 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpywarePro.exe
[2011/04/05 11:58:05 | 009,104,256 | ---- | C] (Logitech Inc.) -- C:\Program Files (x86)\Setup - 64 bit.exe
[2011/02/07 11:28:20 | 006,275,960 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Silverlight.exe
[2011/01/25 06:09:23 | 012,832,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\windows-kb890830-x64-v3.15.exe
[2010/01/07 22:15:56 | 005,115,840 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2009/12/23 14:53:39 | 114,591,160 | ---- | C] (CANON INC.) -- C:\Program Files\zb641vistaupd-en.exe
[2009/12/23 14:15:56 | 001,359,360 | ---- | C] (Irfan Skiljan) -- C:\Program Files\iview425_setup.exe
[2009/12/17 17:12:25 | 031,616,544 | ---- | C] (Logitech Inc.) -- C:\Program Files\Setup_64bit.exe
[2009/12/16 20:53:22 | 036,469,413 | ---- | C] (A.I.SOFT,INC.) -- C:\Program Files\7225-INST-WIN7-A.EXE
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/10/31 13:34:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
[2013/10/31 13:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/31 13:20:48 | 001,956,614 | ---- | M] (Farbar) -- C:\Users\Hewlett\Desktop\FRST64.exe
[2013/10/31 13:07:38 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\Hewlett\Desktop\JRT.exe
[2013/10/31 13:02:33 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/31 13:02:33 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/31 13:00:59 | 014,450,434 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/31 13:00:59 | 004,854,120 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/31 13:00:59 | 000,006,664 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/31 12:54:21 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHewlett.job
[2013/10/31 12:54:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/31 12:53:36 | 1066,737,662 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/31 12:51:38 | 000,062,068 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/31 12:51:38 | 000,062,068 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/31 12:51:38 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/31 12:36:54 | 001,060,070 | ---- | M] () -- C:\Users\Hewlett\AdwCleaner.exe
[2013/10/31 11:42:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA.job
[2013/10/31 10:44:00 | 000,001,931 | ---- | M] () -- C:\Users\Hewlett\Desktop\Update Checker.lnk
[2013/10/31 10:43:51 | 000,264,757 | ---- | M] () -- C:\Users\Hewlett\FHSetup.exe
[2013/10/30 20:42:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core.job
[2013/10/30 14:59:25 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/10/29 20:34:08 | 000,001,126 | ---- | M] () -- C:\Users\Hewlett\Desktop\Vast Studios - Shortcut.lnk
[2013/10/28 18:45:22 | 000,009,296 | ---- | M] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013/10/28 00:00:06 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2013/10/24 12:38:32 | 001,033,335 | ---- | M] (Thisisu) -- C:\JRT.exe
[2013/10/24 06:52:59 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/10/24 05:52:22 | 000,985,600 | ---- | M] () -- C:\Users\Hewlett\MicrosoftFixit50123.msi
[2013/10/23 08:03:58 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/10/23 07:37:58 | 000,022,016 | ---- | M] () -- C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/20 21:41:57 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/20 21:41:56 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/20 21:41:56 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/20 21:41:56 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/15 09:28:53 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013/10/09 18:57:18 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/09 18:57:10 | 004,369,632 | ---- | M] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup406.exe
[2013/10/08 20:30:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/08 20:30:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/08 19:10:30 | 000,579,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/08 18:47:54 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/10/31 12:36:15 | 001,060,070 | ---- | C] () -- C:\Users\Hewlett\AdwCleaner.exe
[2013/10/30 19:45:39 | 000,001,961 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2013/10/30 19:45:39 | 000,001,931 | ---- | C] () -- C:\Users\Hewlett\Desktop\Update Checker.lnk
[2013/10/30 19:45:24 | 000,264,757 | ---- | C] () -- C:\Users\Hewlett\FHSetup.exe
[2013/10/29 20:34:08 | 000,001,126 | ---- | C] () -- C:\Users\Hewlett\Desktop\Vast Studios - Shortcut.lnk
[2013/10/24 05:52:18 | 000,985,600 | ---- | C] () -- C:\Users\Hewlett\MicrosoftFixit50123.msi
[2013/10/16 00:10:49 | 000,009,296 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013/09/16 12:35:39 | 003,787,776 | ---- | C] () -- C:\Program Files (x86)\RogueKillerX64.exe
[2013/05/11 09:23:32 | 000,098,304 | ---- | C] () -- C:\Users\Hewlett\fbchathistory.dat
[2013/05/04 11:19:07 | 000,502,592 | ---- | C] () -- C:\Program Files (x86)\AmazonCloudDriveSetup.exe
[2013/04/24 22:18:47 | 000,013,235 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2013/04/24 22:17:23 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/04/24 22:17:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/03/27 13:40:22 | 000,915,073 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\a.zip
[2013/02/27 21:15:40 | 000,798,720 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.dll
[2013/02/27 21:15:40 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.exe
[2013/02/27 21:15:40 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\FCNetLib.dll
[2013/02/27 21:15:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\SearchLib.dll
[2013/02/27 21:15:40 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\IPCamera.exe
[2013/02/27 21:15:40 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FCSDK.dll
[2013/01/29 15:57:11 | 000,000,474 | ---- | C] () -- C:\Program Files (x86)\rarreg.key
[2013/01/29 15:57:11 | 000,000,022 | ---- | C] () -- C:\Program Files (x86)\zipnew.dat
[2013/01/29 15:57:11 | 000,000,020 | ---- | C] () -- C:\Program Files (x86)\rarnew.dat
[2013/01/29 15:57:09 | 000,140,288 | ---- | C] () -- C:\Program Files (x86)\RarExt32.dll
[2013/01/29 15:57:09 | 000,097,792 | ---- | C] () -- C:\Program Files (x86)\Zip64.SFX
[2013/01/29 15:57:09 | 000,094,720 | ---- | C] () -- C:\Program Files (x86)\WinCon64.SFX
[2013/01/29 15:57:09 | 000,078,336 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX
[2013/01/29 15:57:08 | 001,163,264 | ---- | C] () -- C:\Program Files (x86)\WinRAR.exe
[2013/01/29 15:57:08 | 000,276,992 | ---- | C] () -- C:\Program Files (x86)\UnRAR.exe
[2013/01/29 15:57:08 | 000,266,224 | ---- | C] () -- C:\Program Files (x86)\WinRAR.chm
[2013/01/29 15:57:08 | 000,164,864 | ---- | C] () -- C:\Program Files (x86)\RarExt.dll
[2013/01/29 15:57:08 | 000,072,704 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX
[2013/01/29 15:57:08 | 000,001,233 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst
[2013/01/29 15:57:08 | 000,000,700 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst
[2013/01/29 12:56:55 | 000,000,408 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/01/14 13:29:23 | 000,000,000 | ---- | C] () -- C:\Windows\Tomb.INI
[2012/12/26 04:05:45 | 000,241,040 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/11/26 15:35:09 | 000,000,408 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/11/26 15:35:09 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/11/26 15:30:48 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012/11/26 15:30:48 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/11/26 15:30:47 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/11/16 19:16:27 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/10 04:13:22 | 022,259,528 | ---- | C] () -- C:\Program Files (x86)\vlc-2.0.1-win32.exe
[2012/02/25 05:29:23 | 001,639,789 | ---- | C] () -- C:\Program Files (x86)\winrar-x64-411.exe
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/07/02 20:44:47 | 000,009,314 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML
[2011/02/04 10:18:49 | 013,358,984 | ---- | C] () -- C:\Program Files (x86)\SAS_919F32C6.COM
[2011/01/30 15:47:18 | 000,173,966 | ---- | C] () -- C:\Program Files (x86)\sfjsetup.exe
[2010/12/13 19:05:47 | 000,007,609 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\resmon.resmoncfg
[2010/12/06 18:27:18 | 000,002,176 | -H-- | C] () -- C:\Program Files\ZbThumbnail.info
[2010/10/15 17:30:34 | 000,001,057 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\vso_ts_preview.xml
[2010/06/24 18:11:27 | 002,236,416 | ---- | C] () -- C:\Program Files (x86)\ue293reg64.exe
[2010/01/21 17:37:47 | 000,022,016 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/05 14:11:32 | 000,717,374 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8138.1
[2010/01/05 14:11:30 | 001,767,146 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8138.0
[2010/01/05 14:10:05 | 000,703,221 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8137.1
[2010/01/05 14:10:04 | 001,747,941 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8137.0
[2009/12/16 20:50:55 | 000,591,586 | ---- | C] () -- C:\Program Files\Pack_Main0En250.exe
[2006/01/06 05:24:34 | 000,000,015 | -H-- | C] () -- C:\Users\Hewlett\AppData\Roaming\Hewlettlog.dat
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 09:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 09:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
========== Drive Information ==========
Physical Drives
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: Hitachi HDT721010SLA360
Partitions: 3
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: Hitachi HDT721010SLA360
Partitions: 1
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic- SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic- SM/xD-Picture USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE5 -
Interface type: USB
Media Type:
Model: Generic- MS/MS-Pro USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE6 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: WD Ext HDD 1021 USB Device
Partitions: 1
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE7 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: WD 10EAVS External USB Device
Partitions: 1
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE8 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: WD Ext HDD 1021 USB Device
Partitions: 1
Status: OK
Status Info: 0
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 918.00GB
Starting Offset: 105906176
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 13.00GB
Starting Offset: 985828163584
Hidden sectors: 0
DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 32256
Hidden sectors: 0
DeviceID: Disk #6, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #7, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 32256
Hidden sectors: 0
DeviceID: Disk #8, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 1048576
Hidden sectors: 0
< %SYSTEMDRIVE%\*.exe >
[2013/10/24 12:38:32 | 001,033,335 | ---- | M] (Thisisu) -- C:\JRT.exe
< %systemroot%\assembly\GAC_32\*.ini >
< %systemroot%\assembly\GAC_64\*.ini >
< %SYSTEMDRIVE%\*.exe >
[2013/10/24 12:38:32 | 001,033,335 | ---- | M] (Thisisu) -- C:\JRT.exe
< %ALLUSERSPROFILE%\Application Data\*.exe >
< %APPDATA%\*. >
[2013/06/23 00:20:18 | 000,000,000 | -HSD | M] -- C:\Users\Hewlett\AppData\Roaming\.#
[2011/12/03 14:36:08 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Adobe
[2011/10/13 12:42:12 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AdobeUM
[2010/09/05 18:41:05 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Amazon
[2012/10/19 20:34:24 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Apple Computer
[2012/11/25 19:29:30 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ArcSoft
[2009/12/16 15:21:17 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ATI
[2012/07/13 23:41:51 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AVG
[2013/06/21 22:26:15 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AVG2013
[2011/09/03 21:13:56 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AVS4YOU
[2012/03/21 15:31:47 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\BigFishv1002
[2013/09/27 19:28:36 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Boomzap
[2009/12/21 15:46:33 | 000,000,000 | R--D | M] -- C:\Users\Hewlett\AppData\Roaming\Brother
[2012/11/22 15:47:41 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Canon
[2012/02/02 19:31:14 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Casual Arts
[2012/02/01 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\casualArts
[2012/01/14 15:38:03 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Catalina Marketing Corp
[2013/03/27 13:40:19 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Catalina – Print Savings
[2011/09/09 17:30:19 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\com.amazon.music.uploader
[2013/05/02 02:53:58 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ControlCenter4
[2013/10/20 02:37:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\CrashPlan
[2010/10/22 06:21:38 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Creative
[2010/02/12 00:05:34 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\CyberLink
[2011/12/27 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Digiarty
[2013/05/25 17:05:11 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\DMCache
[2013/10/21 08:47:22 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\dvdcss
[2013/05/26 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\EurekaLog
[2013/05/26 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\FDRLab
[2013/04/25 00:06:53 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\FLEXnet
[2009/12/29 18:18:49 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Foxit
[2011/12/21 01:01:11 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Foxit Software
[2013/09/16 10:40:53 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\FreeBurner
[2011/07/20 00:04:28 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\go
[2013/10/28 19:14:45 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\GoodSync
[2009/12/24 23:53:37 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Hewlett-Packard
[2010/06/29 20:15:38 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\HP
[2013/10/31 01:58:59 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\HP Support Assistant
[2009/12/16 15:18:08 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\HP TCS
[2011/11/01 17:54:37 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\HPAppData
[2013/03/29 18:00:28 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\hpqLog
[2013/10/31 01:58:59 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\HpUpdate
[2009/12/16 15:19:59 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Identities
[2013/05/25 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\IDM
[2013/09/16 10:40:33 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ImgBurn
[2012/11/26 15:29:36 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\InstallShield
[2009/12/17 17:27:52 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Leadertech
[2011/04/05 12:00:01 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Logishrd
[2011/04/05 11:59:07 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Logitech
[2009/12/16 18:22:04 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Macromedia
[2010/01/07 22:16:20 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Malwarebytes
[2009/07/14 03:44:38 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Media Center Programs
[2010/01/29 22:36:55 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Media Player Classic
[2013/04/01 12:31:46 | 000,000,000 | --SD | M] -- C:\Users\Hewlett\AppData\Roaming\Microsoft
[2012/08/22 23:07:07 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\mjusbsp
[2013/05/25 16:05:42 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Mozilla
[2012/03/05 13:56:49 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Namco
[2010/01/22 14:33:01 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\NCH Software
[2012/10/28 03:00:31 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Netgear Live Parental Controls
[2013/05/03 07:13:29 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Nuance
[2010/10/11 23:49:15 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Serif
[2013/05/10 11:21:58 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Skype
[2011/05/29 16:01:43 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\skypePM
[2011/04/24 17:42:19 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Sun
[2011/08/16 13:21:06 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/03 15:19:26 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\TechSmith
[2013/10/31 12:50:55 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Uniblue
[2013/09/25 18:36:27 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Vast Studios
[2013/10/30 11:33:10 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\vlc
[2012/01/29 14:24:08 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Vso
[2010/03/02 16:10:50 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\webex
[2009/12/24 22:32:00 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\WinBatch
[2011/07/02 20:36:06 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\WinRAR
< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
< MD5 for: CSRSS.EXE >
[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
< MD5 for: MSWSOCK.DLL >
[2009/07/13 21:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 09:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2013/09/06 22:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2013/09/07 22:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\SysNative\mswsock.dll
[2013/09/07 22:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
[2013/09/06 22:24:39 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
[2013/09/07 22:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll
[2013/09/07 22:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll
[2009/07/13 21:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll
< MD5 for: NAPINSP.DLL >
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 21:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 21:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll
< MD5 for: NLAAPI.DLL >
[2009/07/13 21:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
[2012/01/13 03:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 03:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/20 08:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/03 12:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/20 09:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/03 13:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
[2012/10/03 13:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2009/07/13 21:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll
[2012/10/03 13:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll
< MD5 for: PNRPNSP.DLL >
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 21:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 21:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll
[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USER32.DLL >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< MD5 for: WINRNR.DLL >
[2009/07/13 21:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 21:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll
< dir C:\ /S /A:L /C >
Volume in drive C is HP
Volume Serial Number is 888C-D1A3
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Hewlett
12/16/2009 03:17 PM <JUNCTION> Application Data [C:\Users\Hewlett\AppData\Roaming]
12/16/2009 03:17 PM <JUNCTION> Cookies [C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Cookies]
12/16/2009 03:17 PM <JUNCTION> Local Settings [C:\Users\Hewlett\AppData\Local]
12/16/2009 03:17 PM <JUNCTION> NetHood [C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/16/2009 03:17 PM <JUNCTION> PrintHood [C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/16/2009 03:17 PM <JUNCTION> Recent [C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Recent]
12/16/2009 03:17 PM <JUNCTION> SendTo [C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\SendTo]
12/16/2009 03:17 PM <JUNCTION> Start Menu [C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu]
12/16/2009 03:17 PM <JUNCTION> Templates [C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Hewlett\AppData\Local
12/16/2009 03:17 PM <JUNCTION> Application Data [C:\Users\Hewlett\AppData\Local]
12/16/2009 03:17 PM <JUNCTION> History [C:\Users\Hewlett\AppData\Local\Microsoft\Windows\History]
12/16/2009 03:17 PM <JUNCTION> Temporary Internet Files [C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Hewlett\AppData\LocalLow\Siber Systems\RoboForm
08/27/2013 11:18 PM <SYMLINKD> UserData [C:\Users\Hewlett\Documents\My RoboForm Data\Default Profile]
0 File(s) 0 bytes
Directory of C:\Users\Hewlett\Documents
12/16/2009 03:17 PM <JUNCTION> My Music [C:\Users\Hewlett\Music]
12/16/2009 03:17 PM <JUNCTION> My Pictures [C:\Users\Hewlett\Pictures]
12/16/2009 03:17 PM <JUNCTION> My Videos [C:\Users\Hewlett\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
12/13/2010 05:46 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
12/13/2010 05:46 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
12/13/2010 05:46 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
12/13/2010 05:46 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
12/13/2010 05:46 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
12/13/2010 05:46 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
12/13/2010 05:46 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
12/13/2010 05:46 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
12/13/2010 05:46 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
12/13/2010 05:46 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
12/13/2010 05:46 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
12/13/2010 05:46 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
12/13/2010 05:46 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
12/13/2010 05:46 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
64 Dir(s) 828,136,370,176 bytes free
< C:\Windows\assembly\tmp\U\*.* /s >
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/09/25 15:13:15 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/09/25 15:13:15 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/09/25 15:13:15 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2013/09/25 15:13:21 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/09/25 15:13:21 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/09/25 15:13:21 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2013/01/31 17:06:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2013/01/31 17:06:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2013/01/31 17:06:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2013/09/22 06:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013/09/22 06:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013/09/25 15:13:15 | 000,871,608 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013/09/25 15:13:15 | 000,871,608 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013/09/25 15:13:15 | 000,871,608 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2013/09/25 15:13:21 | 000,274,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013/09/25 15:13:21 | 000,274,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013/09/25 15:13:21 | 000,274,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/01/31 17:06:21 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/01/31 17:06:21 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/01/31 17:06:21 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/09/22 06:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2013/09/22 06:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/20 08:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2009/07/13 21:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
[2009/07/13 22:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/13 21:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 17:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 17:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 17:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 17:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 17:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 17:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 17:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/07/13 22:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui
< %systemroot%\system32\drivers\*.sys /lockedfiles >
========== Files - Unicode (All) ==========
[2010/02/16 00:00:56 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?r) -- C:\Windows\SysWow64\쓐ř
[2010/02/16 00:00:56 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?r) -- C:\Windows\SysWow64\쓐ř
[2010/01/10 18:46:32 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?Ů) -- C:\Windows\SysWow64\Ů
[2010/01/10 18:46:32 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?Ů) -- C:\Windows\SysWow64\Ů
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:E21987F7
@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:391535F9
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:F3A27FDE
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:1E17A249
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:EBCF5924
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:EFBD4447
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:9BAC4211
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:61F0C8FB
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:D31BE97C
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:2342AE46
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:4673E9EA
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:78E0DF72
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:9ACB70D7
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:4B6A9FDA
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:02DD996C
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:AA6C7C38
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:6B9828AE
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 143 bytes -> C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E8B61305
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:B38BEEEE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:072CBE6D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1A15E356
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:62AF94A0
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:C6D0ABC3
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:6B709AD7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:737160C1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:8E5EA40F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8F925134
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:4EFDF5FB
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:BE0654D6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:7A84B999
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5539129F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:409A775B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:36FFA2FB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0A74923C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6896CCCE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:55F44B88
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:22313216
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:14A1BBE3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0E684AC9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7A0EFE63
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:12258D63
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4EE95FE7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:E83EE313
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:6401C7FF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:1B7E2022
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:7972CF54
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C74D7A47
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:43301D1D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:E32966C0
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:331B76C7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:561B1D2B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:EC0A74A1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:551BED5F
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:F437A62A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5E9B629B
< End of report >
OTL by OldTimer - Version Folder = C:\Users\Hewlett\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
11.99 Gb Total Physical Memory | 9.20 Gb Available Physical Memory | 76.69% Memory free
23.98 Gb Paging File | 21.00 Gb Available in Paging File | 87.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.03 Gb Total Space | 771.27 Gb Free Space | 84.01% Space Free | Partition Type: NTFS
Drive D: | 13.39 Gb Total Space | 2.39 Gb Free Space | 17.86% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 598.17 Gb Free Space | 64.21% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 1859.47 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive O: | 931.28 Gb Total Space | 748.04 Gb Free Space | 80.32% Space Free | Partition Type: FAT32
Drive P: | 1863.01 Gb Total Space | 1052.95 Gb Free Space | 56.52% Space Free | Partition Type: NTFS
Computer Name: HEWLETT-PC | User Name: Hewlett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/10/31 13:34:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
PRC - [2013/09/23 01:17:34 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2013/08/27 21:03:20 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/24 13:44:22 | 000,072,704 | ---- | M] (Autodata Limited) -- C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 17:03:26 | 000,376,832 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe
PRC - [2010/03/05 17:02:02 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/06/04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSVC01A.EXE
PRC - [2001/12/13 01:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSS01A.EXE
========== Modules (No Company Name) ==========
MOD - [2010/03/05 16:59:44 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/08/09 20:02:12 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/07 21:22:19 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/09/08 02:51:16 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/01 22:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2013/10/08 20:30:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/08 19:37:58 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- O:\CrashPlanService.exe -- (CrashPlanService)
SRV - [2013/04/07 07:39:20 | 000,232,192 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/24 13:44:22 | 000,072,704 | ---- | M] (Autodata Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/12/11 04:42:55 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/12/11 04:42:26 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/09 20:02:14 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013/08/09 20:02:14 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/06/27 09:31:39 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/10 19:32:06 | 001,907,440 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/01/03 04:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/01/03 04:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/04 12:29:52 | 000,276,256 | ---- | M] (Digiarty Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/25 03:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/08 03:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/09/08 03:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/08 02:15:06 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/21 16:59:09 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/12/19 14:23:52 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/10/14 19:29:46 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/14 19:29:44 | 000,230,480 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/10/14 19:29:02 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/14 19:29:02 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:46:06 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/01 08:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 08:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 08:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/12 14:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/07 11:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/10/20 14:50:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/19 12:24:59] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/04/29 20:27:24 | 000,013,856 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\i-Menu\hugoio64.sys -- (hugoio64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{337113BC-D80B-4AE0-95FC-BD4F05655A21}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{337113BC-D80B-4AE0-95FC-BD4F05655A21}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://my.ebay.com/ws/eBayISAPI.dl [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 14 6E A8 A3 D5 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...E10SR&pc=HPDTDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Hewlett\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Hewlett\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 20:12:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\discoversoan@orbiscom: C:\Program Files (x86)\Discover\SOAN [2012/01/13 10:17:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/05/06 00:56:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013/08/27 23:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 20:12:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Hewlett\AppData\Roaming\IDM\idmmzcc5
[2013/05/25 16:05:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Extensions
[2013/10/08 19:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Firefox\Profiles\smj03a5y.default-1379960535967\Extensions
[2013/10/08 18:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Firefox\Profiles\v471oqlq.default\extensions
[2013/09/16 12:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/08/19 21:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/25 15:13:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/24 15:32:16 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2006/09/26 14:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddagfbbgmdhmolnjoaghlapikdcahbbl\\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013/10/30 14:59:25 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Secure Online Account Numbers Helper) - {435EAA86-D32B-484F-869C-53745FCB1642} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll File not found
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Secure Online Account Numbers) - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Secure Online Account Numbers] C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.c...eUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://homedecorator...X_WEB_Win32.cab (20-20 3D Viewer for WEB)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokeso...1452/MILive.cab (Invoke Solutions MILiveParticipantPadHelper Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Invoke Solutions Participant Control(MR))
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05CBDC94-EDE7-44A8-AE0D-41EA25F23289}: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2B8D6F6-CFF4-4E54-9A58-84B2CF81C715}: DhcpNameServer =
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/02 17:30:52 | 000,000,000 | RH-D | M] - P:\autorun -- [ NTFS ]
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\DTLplus_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Onscreen Keyboard.lnk - C:\Program Files\Logitech\OnScreen Keyboard\LOnScreenKeyboard.exe - (Logitech, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^Hewlett^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Cloud Drive.lnk - C:\Users\Hewlett\AppData\Local\Apps\2.0\M23K5LCL.GD3\JN29OKJQ.ZDY\AMAZTI~1.000\AMAZON~1.EXE - (Amazon Digital Services, LLC.)
MsConfig:64bit - StartUpFolder: C:^Users^Hewlett^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig:64bit - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig:64bit - StartUpReg: BrStsMon00 - hkey= - key= - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig:64bit - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig:64bit - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig:64bit - StartUpReg: ControlCenter4 - hkey= - key= - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
MsConfig:64bit - StartUpReg: CTxfiHlp - hkey= - key= - C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: DVDFab Passkey - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: EvtMgr6 - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig:64bit - StartUpReg: GoogleDriveSync - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Grid - hkey= - key= - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe ()
MsConfig:64bit - StartUpReg: HP Remote Solution - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
MsConfig:64bit - StartUpReg: hpsysdrv - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HydraVisionDesktopManager - hkey= - key= - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
MsConfig:64bit - StartUpReg: IDMan - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: ISUSPM - hkey= - key= - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
MsConfig:64bit - StartUpReg: KasperskyPasswordManager - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Logitech Vid - hkey= - key= - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: LWS - hkey= - key= - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: NETGEARGenie - hkey= - key= - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()
MsConfig:64bit - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: PDF5 Registry Controller - hkey= - key= - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: PDFHook - hkey= - key= - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: PPort12reminder - hkey= - key= - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: SmartMenu - hkey= - key= - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
MsConfig:64bit - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.)
MsConfig:64bit - StartUpReg: Vidalia - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: VolPanel - hkey= - key= - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\system32\ieudinit.exe
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX:64bit: >{aafa5c78-3f99-4996-b6c5-2521f0ad7120} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7CC11B09-FA69-F498-7009-C9D74E5BD559} - Themes Setup
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AAF107F6-4392-E3D1-F5FA-D76E2ECC5C58} - Microsoft Windows Media Player 12.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {F5CA6589-4358-75BC-C9FC-0A7AEFFDB691} - Browser Customizations
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/10/31 13:34:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
[2013/10/31 13:20:53 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/31 13:20:32 | 001,956,614 | ---- | C] (Farbar) -- C:\Users\Hewlett\Desktop\FRST64.exe
[2013/10/31 13:07:31 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\Hewlett\Desktop\JRT.exe
[2013/10/31 12:37:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/30 19:45:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2013/10/30 14:53:27 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Documents\JRT for geeks
[2013/10/30 14:46:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/28 18:40:16 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Desktop\Games
[2013/10/27 13:14:53 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2013/10/24 06:03:54 | 001,033,335 | ---- | C] (Thisisu) -- C:\JRT.exe
[2013/10/23 08:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/10/20 21:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/20 21:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/20 21:42:01 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/20 02:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
[2013/10/09 18:56:52 | 004,369,632 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup406.exe
[2013/10/08 19:00:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/10/08 19:00:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/10/08 19:00:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/08 19:00:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/08 19:00:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/10/08 19:00:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/10/08 19:00:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/10/08 19:00:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/10/08 19:00:18 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/08 19:00:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/08 19:00:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/10/08 19:00:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/10/08 19:00:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/08 19:00:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/08 19:00:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/10/08 18:45:49 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/08 18:45:48 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/08 18:45:47 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/08 18:45:47 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/08 18:45:47 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/08 18:45:47 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/08 18:45:46 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/08 18:45:46 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/08 18:45:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/08 18:45:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/08 18:45:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/08 18:45:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/08 18:45:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/08 18:45:43 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/08 18:45:41 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/08 18:45:41 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/08 18:45:41 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/08 18:45:41 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/08 18:45:41 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/08 18:45:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/08 18:45:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/08 18:45:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/08 18:45:40 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/08 18:45:40 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/08 18:45:40 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/08 18:45:39 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/08 18:45:30 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/08 18:45:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/08 18:45:30 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/08 18:45:30 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/07 23:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My RoboForm Data
[2013/10/01 23:33:11 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Local\avgchrome
[2013/09/25 20:03:20 | 153,684,128 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Hewlett\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
[2013/09/25 19:38:49 | 030,669,224 | ---- | C] (Oracle Corporation) -- C:\Users\Hewlett\jre-7u40-windows-x64.exe
[2013/09/25 19:21:47 | 002,014,840 | ---- | C] (DriverBoost) -- C:\Program Files (x86)\DriverBoostPro_Setup.exe
[2013/08/29 00:31:00 | 013,813,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\mseinstall.exe
[2013/08/27 21:03:12 | 014,266,592 | ---- | C] (Siber Systems) -- C:\Program Files (x86)\AiRoboForm-cnetc.exe
[2013/08/07 19:42:19 | 004,100,432 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\dfsetup215.exe
[2013/07/10 17:50:40 | 010,104,832 | ---- | C] (© Phoenix Technologies Ltd. ) -- C:\Program Files (x86)\N4110A11.exe
[2013/06/27 09:31:14 | 016,974,720 | ---- | C] (NETGEAR Inc.) -- C:\Program Files (x86)\NETGEARGenie-install.exe
[2013/06/16 18:03:35 | 020,896,392 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Windows-KB890830-x64-V5.1.exe
[2013/06/16 18:01:57 | 013,475,464 | ---- | C] (Microsoft Corporation) -- C:\Users\Hewlett\mseinstall.exe
[2013/05/29 18:26:37 | 013,998,208 | ---- | C] (Abelssoft ) -- C:\Program Files (x86)\ysd.exe
[2013/05/26 15:11:28 | 032,891,536 | ---- | C] (Amazon.com) -- C:\Program Files (x86)\KindleForPC-installer.exe.tm8cly3.partial
[2013/05/06 00:54:06 | 003,685,760 | ---- | C] (Logitech Inc.) -- C:\Program Files (x86)\setpoint652_smart.exe
[2013/03/27 13:40:24 | 002,148,152 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Hewlett\AppData\Local\BcsKtYcHW.dll
[2012/03/24 15:31:20 | 000,485,576 | ---- | C] (Catalina Marketing Corp. ) -- C:\Program Files\CouponActivator.exe
[2012/03/21 15:55:20 | 165,923,488 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Program Files\12-2_vista_win7_64_dd_ccc.exe
[2011/11/17 05:28:37 | 005,855,312 | ---- | C] (Digiarty ) -- C:\Program Files (x86)\winx-bd-decrypter.exe
[2011/09/20 09:42:10 | 000,946,352 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files (x86)\SkypeSetup.exe
[2011/08/20 12:19:14 | 001,637,504 | ---- | C] (Hewlett-Packard Development Company, L.P. ) -- C:\Program Files (x86)\sp49903.exe
[2011/08/04 01:30:58 | 000,046,464 | ---- | C] (SUPERAdBlocker.com) -- C:\Program Files (x86)\SASTask.exe
[2011/08/01 00:36:23 | 011,721,512 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpywarePro.exe
[2011/04/05 11:58:05 | 009,104,256 | ---- | C] (Logitech Inc.) -- C:\Program Files (x86)\Setup - 64 bit.exe
[2011/02/07 11:28:20 | 006,275,960 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Silverlight.exe
[2011/01/25 06:09:23 | 012,832,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\windows-kb890830-x64-v3.15.exe
[2010/01/07 22:15:56 | 005,115,840 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2009/12/23 14:53:39 | 114,591,160 | ---- | C] (CANON INC.) -- C:\Program Files\zb641vistaupd-en.exe
[2009/12/23 14:15:56 | 001,359,360 | ---- | C] (Irfan Skiljan) -- C:\Program Files\iview425_setup.exe
[2009/12/17 17:12:25 | 031,616,544 | ---- | C] (Logitech Inc.) -- C:\Program Files\Setup_64bit.exe
[2009/12/16 20:53:22 | 036,469,413 | ---- | C] (A.I.SOFT,INC.) -- C:\Program Files\7225-INST-WIN7-A.EXE
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/10/31 13:34:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
[2013/10/31 13:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/31 13:20:48 | 001,956,614 | ---- | M] (Farbar) -- C:\Users\Hewlett\Desktop\FRST64.exe
[2013/10/31 13:07:38 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\Hewlett\Desktop\JRT.exe
[2013/10/31 13:02:33 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/31 13:02:33 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/31 13:00:59 | 014,450,434 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/31 13:00:59 | 004,854,120 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/31 13:00:59 | 000,006,664 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/31 12:54:21 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHewlett.job
[2013/10/31 12:54:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/31 12:53:36 | 1066,737,662 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/31 12:51:38 | 000,062,068 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/31 12:51:38 | 000,062,068 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/31 12:51:38 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/31 12:36:54 | 001,060,070 | ---- | M] () -- C:\Users\Hewlett\AdwCleaner.exe
[2013/10/31 11:42:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA.job
[2013/10/31 10:44:00 | 000,001,931 | ---- | M] () -- C:\Users\Hewlett\Desktop\Update Checker.lnk
[2013/10/31 10:43:51 | 000,264,757 | ---- | M] () -- C:\Users\Hewlett\FHSetup.exe
[2013/10/30 20:42:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core.job
[2013/10/30 14:59:25 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/10/29 20:34:08 | 000,001,126 | ---- | M] () -- C:\Users\Hewlett\Desktop\Vast Studios - Shortcut.lnk
[2013/10/28 18:45:22 | 000,009,296 | ---- | M] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013/10/28 00:00:06 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2013/10/24 12:38:32 | 001,033,335 | ---- | M] (Thisisu) -- C:\JRT.exe
[2013/10/24 06:52:59 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/10/24 05:52:22 | 000,985,600 | ---- | M] () -- C:\Users\Hewlett\MicrosoftFixit50123.msi
[2013/10/23 08:03:58 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/10/23 07:37:58 | 000,022,016 | ---- | M] () -- C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/20 21:41:57 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/20 21:41:56 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/20 21:41:56 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/20 21:41:56 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/15 09:28:53 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013/10/09 18:57:18 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/09 18:57:10 | 004,369,632 | ---- | M] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup406.exe
[2013/10/08 20:30:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/08 20:30:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/08 19:10:30 | 000,579,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/08 18:47:54 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/10/31 12:36:15 | 001,060,070 | ---- | C] () -- C:\Users\Hewlett\AdwCleaner.exe
[2013/10/30 19:45:39 | 000,001,961 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2013/10/30 19:45:39 | 000,001,931 | ---- | C] () -- C:\Users\Hewlett\Desktop\Update Checker.lnk
[2013/10/30 19:45:24 | 000,264,757 | ---- | C] () -- C:\Users\Hewlett\FHSetup.exe
[2013/10/29 20:34:08 | 000,001,126 | ---- | C] () -- C:\Users\Hewlett\Desktop\Vast Studios - Shortcut.lnk
[2013/10/24 05:52:18 | 000,985,600 | ---- | C] () -- C:\Users\Hewlett\MicrosoftFixit50123.msi
[2013/10/16 00:10:49 | 000,009,296 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013/09/16 12:35:39 | 003,787,776 | ---- | C] () -- C:\Program Files (x86)\RogueKillerX64.exe
[2013/05/11 09:23:32 | 000,098,304 | ---- | C] () -- C:\Users\Hewlett\fbchathistory.dat
[2013/05/04 11:19:07 | 000,502,592 | ---- | C] () -- C:\Program Files (x86)\AmazonCloudDriveSetup.exe
[2013/04/24 22:18:47 | 000,013,235 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2013/04/24 22:17:23 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/04/24 22:17:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/03/27 13:40:22 | 000,915,073 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\a.zip
[2013/02/27 21:15:40 | 000,798,720 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.dll
[2013/02/27 21:15:40 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.exe
[2013/02/27 21:15:40 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\FCNetLib.dll
[2013/02/27 21:15:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\SearchLib.dll
[2013/02/27 21:15:40 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\IPCamera.exe
[2013/02/27 21:15:40 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FCSDK.dll
[2013/01/29 15:57:11 | 000,000,474 | ---- | C] () -- C:\Program Files (x86)\rarreg.key
[2013/01/29 15:57:11 | 000,000,022 | ---- | C] () -- C:\Program Files (x86)\zipnew.dat
[2013/01/29 15:57:11 | 000,000,020 | ---- | C] () -- C:\Program Files (x86)\rarnew.dat
[2013/01/29 15:57:09 | 000,140,288 | ---- | C] () -- C:\Program Files (x86)\RarExt32.dll
[2013/01/29 15:57:09 | 000,097,792 | ---- | C] () -- C:\Program Files (x86)\Zip64.SFX
[2013/01/29 15:57:09 | 000,094,720 | ---- | C] () -- C:\Program Files (x86)\WinCon64.SFX
[2013/01/29 15:57:09 | 000,078,336 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX
[2013/01/29 15:57:08 | 001,163,264 | ---- | C] () -- C:\Program Files (x86)\WinRAR.exe
[2013/01/29 15:57:08 | 000,276,992 | ---- | C] () -- C:\Program Files (x86)\UnRAR.exe
[2013/01/29 15:57:08 | 000,266,224 | ---- | C] () -- C:\Program Files (x86)\WinRAR.chm
[2013/01/29 15:57:08 | 000,164,864 | ---- | C] () -- C:\Program Files (x86)\RarExt.dll
[2013/01/29 15:57:08 | 000,072,704 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX
[2013/01/29 15:57:08 | 000,001,233 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst
[2013/01/29 15:57:08 | 000,000,700 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst
[2013/01/29 12:56:55 | 000,000,408 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/01/14 13:29:23 | 000,000,000 | ---- | C] () -- C:\Windows\Tomb.INI
[2012/12/26 04:05:45 | 000,241,040 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/11/26 15:35:09 | 000,000,408 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/11/26 15:35:09 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/11/26 15:30:48 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012/11/26 15:30:48 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/11/26 15:30:47 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/11/16 19:16:27 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/10 04:13:22 | 022,259,528 | ---- | C] () -- C:\Program Files (x86)\vlc-2.0.1-win32.exe
[2012/02/25 05:29:23 | 001,639,789 | ---- | C] () -- C:\Program Files (x86)\winrar-x64-411.exe
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/07/02 20:44:47 | 000,009,314 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML
[2011/02/04 10:18:49 | 013,358,984 | ---- | C] () -- C:\Program Files (x86)\SAS_919F32C6.COM
[2011/01/30 15:47:18 | 000,173,966 | ---- | C] () -- C:\Program Files (x86)\sfjsetup.exe
[2010/12/13 19:05:47 | 000,007,609 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\resmon.resmoncfg
[2010/12/06 18:27:18 | 000,002,176 | -H-- | C] () -- C:\Program Files\ZbThumbnail.info
[2010/10/15 17:30:34 | 000,001,057 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\vso_ts_preview.xml
[2010/06/24 18:11:27 | 002,236,416 | ---- | C] () -- C:\Program Files (x86)\ue293reg64.exe
[2010/01/21 17:37:47 | 000,022,016 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/05 14:11:32 | 000,717,374 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8138.1
[2010/01/05 14:11:30 | 001,767,146 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8138.0
[2010/01/05 14:10:05 | 000,703,221 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8137.1
[2010/01/05 14:10:04 | 001,747,941 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8137.0
[2009/12/16 20:50:55 | 000,591,586 | ---- | C] () -- C:\Program Files\Pack_Main0En250.exe
[2006/01/06 05:24:34 | 000,000,015 | -H-- | C] () -- C:\Users\Hewlett\AppData\Roaming\Hewlettlog.dat
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 09:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 09:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
========== Drive Information ==========
Physical Drives
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: Hitachi HDT721010SLA360
Partitions: 3
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: Hitachi HDT721010SLA360
Partitions: 1
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic- SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic- SM/xD-Picture USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE5 -
Interface type: USB
Media Type:
Model: Generic- MS/MS-Pro USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE6 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: WD Ext HDD 1021 USB Device
Partitions: 1
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE7 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: WD 10EAVS External USB Device
Partitions: 1
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE8 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: WD Ext HDD 1021 USB Device
Partitions: 1
Status: OK
Status Info: 0
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 918.00GB
Starting Offset: 105906176
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 13.00GB
Starting Offset: 985828163584
Hidden sectors: 0
DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 32256
Hidden sectors: 0
DeviceID: Disk #6, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #7, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 32256
Hidden sectors: 0
DeviceID: Disk #8, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 1048576
Hidden sectors: 0
< %SYSTEMDRIVE%\*.exe >
[2013/10/24 12:38:32 | 001,033,335 | ---- | M] (Thisisu) -- C:\JRT.exe
< %systemroot%\assembly\GAC_32\*.ini >
< %systemroot%\assembly\GAC_64\*.ini >
< %SYSTEMDRIVE%\*.exe >
[2013/10/24 12:38:32 | 001,033,335 | ---- | M] (Thisisu) -- C:\JRT.exe
< %ALLUSERSPROFILE%\Application Data\*.exe >
< %APPDATA%\*. >
[2013/06/23 00:20:18 | 000,000,000 | -HSD | M] -- C:\Users\Hewlett\AppData\Roaming\.#
[2011/12/03 14:36:08 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Adobe
[2011/10/13 12:42:12 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AdobeUM
[2010/09/05 18:41:05 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Amazon
[2012/10/19 20:34:24 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Apple Computer
[2012/11/25 19:29:30 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ArcSoft
[2009/12/16 15:21:17 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ATI
[2012/07/13 23:41:51 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AVG
[2013/06/21 22:26:15 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AVG2013
[2011/09/03 21:13:56 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AVS4YOU
[2012/03/21 15:31:47 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\BigFishv1002
[2013/09/27 19:28:36 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Boomzap
[2009/12/21 15:46:33 | 000,000,000 | R--D | M] -- C:\Users\Hewlett\AppData\Roaming\Brother
[2012/11/22 15:47:41 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Canon
[2012/02/02 19:31:14 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Casual Arts
[2012/02/01 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\casualArts
[2012/01/14 15:38:03 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Catalina Marketing Corp
[2013/03/27 13:40:19 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Catalina – Print Savings
[2011/09/09 17:30:19 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\com.amazon.music.uploader
[2013/05/02 02:53:58 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ControlCenter4
[2013/10/20 02:37:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\CrashPlan
[2010/10/22 06:21:38 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Creative
[2010/02/12 00:05:34 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\CyberLink
[2011/12/27 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Digiarty
[2013/05/25 17:05:11 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\DMCache
[2013/10/21 08:47:22 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\dvdcss
[2013/05/26 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\EurekaLog
[2013/05/26 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\FDRLab
[2013/04/25 00:06:53 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\FLEXnet
[2009/12/29 18:18:49 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Foxit
[2011/12/21 01:01:11 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Foxit Software
[2013/09/16 10:40:53 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\FreeBurner
[2011/07/20 00:04:28 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\go
[2013/10/28 19:14:45 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\GoodSync
[2009/12/24 23:53:37 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Hewlett-Packard
[2010/06/29 20:15:38 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\HP
[2013/10/31 01:58:59 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\HP Support Assistant
[2009/12/16 15:18:08 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\HP TCS
[2011/11/01 17:54:37 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\HPAppData
[2013/03/29 18:00:28 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\hpqLog
[2013/10/31 01:58:59 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\HpUpdate
[2009/12/16 15:19:59 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Identities
[2013/05/25 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\IDM
[2013/09/16 10:40:33 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ImgBurn
[2012/11/26 15:29:36 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\InstallShield
[2009/12/17 17:27:52 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Leadertech
[2011/04/05 12:00:01 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Logishrd
[2011/04/05 11:59:07 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Logitech
[2009/12/16 18:22:04 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Macromedia
[2010/01/07 22:16:20 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Malwarebytes
[2009/07/14 03:44:38 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Media Center Programs
[2010/01/29 22:36:55 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Media Player Classic
[2013/04/01 12:31:46 | 000,000,000 | --SD | M] -- C:\Users\Hewlett\AppData\Roaming\Microsoft
[2012/08/22 23:07:07 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\mjusbsp
[2013/05/25 16:05:42 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Mozilla
[2012/03/05 13:56:49 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Namco
[2010/01/22 14:33:01 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\NCH Software
[2012/10/28 03:00:31 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Netgear Live Parental Controls
[2013/05/03 07:13:29 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Nuance
[2010/10/11 23:49:15 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Serif
[2013/05/10 11:21:58 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Skype
[2011/05/29 16:01:43 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\skypePM
[2011/04/24 17:42:19 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Sun
[2011/08/16 13:21:06 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/03 15:19:26 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\TechSmith
[2013/10/31 12:50:55 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Uniblue
[2013/09/25 18:36:27 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Vast Studios
[2013/10/30 11:33:10 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\vlc
[2012/01/29 14:24:08 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Vso
[2010/03/02 16:10:50 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\webex
[2009/12/24 22:32:00 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\WinBatch
[2011/07/02 20:36:06 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\WinRAR
< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
< MD5 for: CSRSS.EXE >
[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 21:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
< MD5 for: MSWSOCK.DLL >
[2009/07/13 21:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 09:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2013/09/06 22:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2013/09/07 22:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\SysNative\mswsock.dll
[2013/09/07 22:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
[2013/09/06 22:24:39 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
[2013/09/07 22:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll
[2013/09/07 22:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll
[2009/07/13 21:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll
< MD5 for: NAPINSP.DLL >
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 21:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 21:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll
< MD5 for: NLAAPI.DLL >
[2009/07/13 21:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
[2012/01/13 03:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 03:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/20 08:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/03 12:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/20 09:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/03 13:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
[2012/10/03 13:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2009/07/13 21:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll
[2012/10/03 13:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll
< MD5 for: PNRPNSP.DLL >
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 21:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 21:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll
[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/13 21:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USER32.DLL >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< MD5 for: WINRNR.DLL >
[2009/07/13 21:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 21:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll
< dir C:\ /S /A:L /C >
Volume in drive C is HP
Volume Serial Number is 888C-D1A3
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Hewlett
12/16/2009 03:17 PM <JUNCTION> Application Data [C:\Users\Hewlett\AppData\Roaming]
12/16/2009 03:17 PM <JUNCTION> Cookies [C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Cookies]
12/16/2009 03:17 PM <JUNCTION> Local Settings [C:\Users\Hewlett\AppData\Local]
12/16/2009 03:17 PM <JUNCTION> NetHood [C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/16/2009 03:17 PM <JUNCTION> PrintHood [C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/16/2009 03:17 PM <JUNCTION> Recent [C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Recent]
12/16/2009 03:17 PM <JUNCTION> SendTo [C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\SendTo]
12/16/2009 03:17 PM <JUNCTION> Start Menu [C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu]
12/16/2009 03:17 PM <JUNCTION> Templates [C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Hewlett\AppData\Local
12/16/2009 03:17 PM <JUNCTION> Application Data [C:\Users\Hewlett\AppData\Local]
12/16/2009 03:17 PM <JUNCTION> History [C:\Users\Hewlett\AppData\Local\Microsoft\Windows\History]
12/16/2009 03:17 PM <JUNCTION> Temporary Internet Files [C:\Users\Hewlett\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Hewlett\AppData\LocalLow\Siber Systems\RoboForm
08/27/2013 11:18 PM <SYMLINKD> UserData [C:\Users\Hewlett\Documents\My RoboForm Data\Default Profile]
0 File(s) 0 bytes
Directory of C:\Users\Hewlett\Documents
12/16/2009 03:17 PM <JUNCTION> My Music [C:\Users\Hewlett\Music]
12/16/2009 03:17 PM <JUNCTION> My Pictures [C:\Users\Hewlett\Pictures]
12/16/2009 03:17 PM <JUNCTION> My Videos [C:\Users\Hewlett\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
12/13/2010 05:46 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
12/13/2010 05:46 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
12/13/2010 05:46 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
12/13/2010 05:46 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
12/13/2010 05:46 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
12/13/2010 05:46 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
12/13/2010 05:46 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
12/13/2010 05:46 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
12/13/2010 05:46 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
12/13/2010 05:46 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
12/13/2010 05:46 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
12/13/2010 05:46 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
12/13/2010 05:46 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
12/13/2010 05:46 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
64 Dir(s) 828,136,370,176 bytes free
< C:\Windows\assembly\tmp\U\*.* /s >
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/09/25 15:13:15 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/09/25 15:13:15 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/09/25 15:13:15 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2013/09/25 15:13:21 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/09/25 15:13:21 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/09/25 15:13:21 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2013/01/31 17:06:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2013/01/31 17:06:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2013/01/31 17:06:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2013/09/22 06:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013/09/22 06:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013/09/25 15:13:15 | 000,871,608 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013/09/25 15:13:15 | 000,871,608 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013/09/25 15:13:15 | 000,871,608 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2013/09/25 15:13:21 | 000,274,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013/09/25 15:13:21 | 000,274,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013/09/25 15:13:21 | 000,274,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/01/31 17:06:21 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/01/31 17:06:21 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/01/31 17:06:21 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/09/22 06:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2013/09/22 06:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/20 08:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2009/07/13 21:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
[2009/07/13 22:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/13 21:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 17:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 17:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 17:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 17:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 17:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 17:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 17:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/07/13 22:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui
< %systemroot%\system32\drivers\*.sys /lockedfiles >
========== Files - Unicode (All) ==========
[2010/02/16 00:00:56 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?r) -- C:\Windows\SysWow64\쓐ř
[2010/02/16 00:00:56 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?r) -- C:\Windows\SysWow64\쓐ř
[2010/01/10 18:46:32 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?Ů) -- C:\Windows\SysWow64\Ů
[2010/01/10 18:46:32 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?Ů) -- C:\Windows\SysWow64\Ů
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:E21987F7
@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:391535F9
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:F3A27FDE
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:1E17A249
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:EBCF5924
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:EFBD4447
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:9BAC4211
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:61F0C8FB
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:D31BE97C
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:2342AE46
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:4673E9EA
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:78E0DF72
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:9ACB70D7
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:4B6A9FDA
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:02DD996C
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:AA6C7C38
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:6B9828AE
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 143 bytes -> C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E8B61305
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:B38BEEEE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:072CBE6D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1A15E356
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:62AF94A0
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:C6D0ABC3
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:6B709AD7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:737160C1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:8E5EA40F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8F925134
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:4EFDF5FB
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:BE0654D6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:7A84B999
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5539129F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:409A775B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:36FFA2FB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0A74923C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6896CCCE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:55F44B88
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:22313216
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:14A1BBE3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0E684AC9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7A0EFE63
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:12258D63
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4EE95FE7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:E83EE313
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:6401C7FF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:1B7E2022
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:7972CF54
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C74D7A47
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:43301D1D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:E32966C0
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:331B76C7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:561B1D2B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:EC0A74A1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:551BED5F
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:F437A62A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5E9B629B
< End of report >
Posted 31 October 2013 - 01:07 PM
Go into msconfig and check Normal Startup and OK and reboot.
Microsoft Security Essentials (YOu have AVG so should not have a second anti-virus. They fight each other.)
Java 7 Update 40 (64-bit) (Version: 7.0.400)
Java™ 6 Update 31 (x32 Version: 6.0.310)
JavaFX 2.1.1 (x32 Version: 2.1.1) (Older Java Versions are dangerous! If you must have Java then: Go into Control Panel, Java, Security and set the slider to the Highest then OK. )
K-Lite Codec Pack 6.0.4 (Basic) (x32 Version: 6.0.4) (This installs a bunch of adware and worthless toolbars)
Microsoft Live Search Toolbar (x32 Version: 3.0.560.0)
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that then run FRST again as before but check the Addition.txt box before you Scan. You will get two logs. Please post them both.
Microsoft Security Essentials (YOu have AVG so should not have a second anti-virus. They fight each other.)
Java 7 Update 40 (64-bit) (Version: 7.0.400)
Java™ 6 Update 31 (x32 Version: 6.0.310)
JavaFX 2.1.1 (x32 Version: 2.1.1) (Older Java Versions are dangerous! If you must have Java then: Go into Control Panel, Java, Security and set the slider to the Highest then OK. )
K-Lite Codec Pack 6.0.4 (Basic) (x32 Version: 6.0.4) (This installs a bunch of adware and worthless toolbars)
Microsoft Live Search Toolbar (x32 Version: 3.0.560.0)
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that then run FRST again as before but check the Addition.txt box before you Scan. You will get two logs. Please post them both.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users