Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Swagbucks problem


  • Please log in to reply

#46
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

Windows Resource Protection found corrupt files and successfully repaired
them.


That's fine. Go on to VEW.
  • 0

Advertisements


#47
Vintage Charms

Vintage Charms

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
ino's Event Viewer v01c run on Windows 2008 in English
Report run at 31/10/2013 6:11:51 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/10/2013 9:44:40 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The SQL Server Active Directory Helper service terminated with service-specific error %%-1073741724.

Log: 'System' Date/Time: 31/10/2013 9:44:39 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The CrashPlan Backup Service service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/10/2013 9:45:35 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#7&1C4905A4&0&058F63646476&1#.

Log: 'System' Date/Time: 31/10/2013 9:44:48 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 31/10/2013 9:41:53 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
  • 0

#48
Vintage Charms

Vintage Charms

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 31/10/2013 6:13:02 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 31/10/2013 9:44:40 PM
Type: Error Category: 0
Event: 100 Source: MSSQLServerADHelper
'0' is an invalid number of start up parameters. This service takes two start up parameters.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 31/10/2013 9:44:40 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.
  • 0

#49
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

Log: 'System' Date/Time: 31/10/2013 9:44:40 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The SQL Server Active Directory Helper service terminated with service-specific error %%-1073741724.



In the Search box, type in services.msc and wait for it to find it. Then right click on services.msc and Run As Admin.

Find SQL Server Active Directory Helper and right click on it and select Properties. Change the Startup Type: to Disabled.

Log: 'System' Date/Time: 31/10/2013 9:44:39 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The CrashPlan Backup Service service failed to start due to the following error: The system cannot find the file specified.


This one is looking for something on the O:\ drive so I assume you had an external hard drive which is no longer there. If it's gone for good then in the services menu, change its Startup Type to Disabled.

Log: 'Application' Date/Time: 31/10/2013 9:44:40 PM
Type: Error Category: 0
Event: 100 Source: MSSQLServerADHelper
'0' is an invalid number of start up parameters. This service takes two start up parameters.


in the services menu, change its Startup Type to Disabled.

Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.


in the services menu, change its Startup Type to Disabled.

Log: 'System' Date/Time: 31/10/2013 9:44:48 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.



This one requires a registry fix to fix but it's not really important so I think we will ignore it. You can read more about it here:

http://www.dslreport...pInit-is-blank.

That should fix the last of your errors. It should start up a bit faster now. To make Firefox (and Chrome) start up faster you can download, save and run SpeedyFox. Close Firefox and/or Chrome and click on Optimize. Close the program. Try Firefox now.

Were you able to uninstall the older versions of Java? It is important to get rid of them as they are often targeted by malware.
  • 0

#50
Vintage Charms

Vintage Charms

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Quote

Log: 'System' Date/Time: 31/10/2013 9:44:39 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The CrashPlan Backup Service service failed to start due to the following error: The system cannot find the file specified.


This one is looking for something on the O:\ drive so I assume you had an external hard drive which is no longer there. If it's gone for good then in the services menu, change its Startup Type to Disabled.

Quote

Log: 'Application' Date/Time: 31/10/2013 9:44:40 PM
Type: Error Category: 0
Event: 100 Source: MSSQLServerADHelper
'0' is an invalid number of start up parameters. This service takes two start up parameters.


in the services menu, change its Startup Type to Disabled.


Quote

Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.



Are all of the above for the 0 drive. Because an external HD should be plugged in. O, P and H are external hard drives
  • 0

#51
Vintage Charms

Vintage Charms

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
That should fix the last of your errors. It should start up a bit faster now. To make Firefox (and Chrome) start up faster you can download, save and run SpeedyFox. Close Firefox and/or Chrome and click on Optimize. Close the program. Try Firefox now.

Were you able to uninstall the older versions of Java? It is important to get rid of them as they are often targeted by malware.

Yes I just did the uninstall for old Javas. I don't use Firefox and Chrome much.

OK I changed my homes pages to where I want them. I hope that cleared out all of the Swagbucks junk. What is next?
  • 0

#52
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
I think we can clean up then.


Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.


OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

Unless you have the latest version of Avast which has its own update checker: To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. Windows always hides its icon so you need to unhide it. Click on the up arrow to the left of the clock. Then click on Customize. Maximize the window so you can see all of the options. Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications. OK. When you reboot you should see the icon. It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser. (Seems to work best if it uses Firefox. If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results. Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it. While there, also check Hide Beta Versions. OK. ) You will see a list of programs that have updates with green down arrows next to them. You do not need to download any Beta Versions. There is an option Settings to Hide Beta Versions. I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases. OK.

You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
Get the AdBlock Plus Add-on which now works for Firefox, Chrome and IE. adblockplus.org

If Firefox (or Chrome) is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

You should be at IE 10 now.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0

#53
Vintage Charms

Vintage Charms

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Nope, I rebooted and swagbucks took over my home page.
  • 0

#54
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Run OTL quickscan and post the log. Let's see if I can see it.
  • 0

#55
Vintage Charms

Vintage Charms

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
OTL logfile created on: 10/31/2013 8:02:17 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hewlett\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 8.37 Gb Available Physical Memory | 69.79% Memory free
23.98 Gb Paging File | 20.12 Gb Available in Paging File | 83.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.03 Gb Total Space | 767.69 Gb Free Space | 83.62% Space Free | Partition Type: NTFS
Drive D: | 13.39 Gb Total Space | 2.39 Gb Free Space | 17.86% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 598.17 Gb Free Space | 64.22% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 1859.47 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive O: | 931.28 Gb Total Space | 748.04 Gb Free Space | 80.32% Space Free | Partition Type: FAT32
Drive P: | 1863.01 Gb Total Space | 1052.95 Gb Free Space | 56.52% Space Free | Partition Type: NTFS

Computer Name: HEWLETT-PC | User Name: Hewlett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/31 13:34:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
PRC - [2013/09/23 01:17:34 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2013/08/27 21:03:20 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/07 07:42:00 | 000,123,136 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
PRC - [2013/04/07 07:38:46 | 001,044,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/24 13:44:22 | 000,072,704 | ---- | M] (Autodata Limited) -- C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
PRC - [2012/06/06 15:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/07 12:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/07/07 12:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/03/18 12:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/10 18:15:32 | 000,385,024 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
PRC - [2010/03/10 18:15:00 | 000,385,024 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010/03/05 17:03:26 | 000,376,832 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe
PRC - [2010/03/05 17:02:02 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/07 17:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2009/06/04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2008/11/20 14:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
PRC - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSVC01A.EXE
PRC - [2001/12/13 01:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSS01A.EXE


========== Modules (No Company Name) ==========

MOD - [2013/10/08 21:24:18 | 004,466,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\b470f87b479584c9295b90641f175038\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll
MOD - [2013/10/08 21:24:15 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\17d646cd7bd3ef0e59a40de2328f4c86\Iris.Mapi.MessageStore.ni.dll
MOD - [2013/10/08 21:24:14 | 003,826,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\70bda4f97e9c4b4088c6cb939b98a9bb\BusinessLayer.ni.dll
MOD - [2013/10/08 21:24:10 | 001,040,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\487add060ca97a14bded964674ad63f7\Microsoft.Interop.Mapi.Impl.ni.dll
MOD - [2013/10/08 21:24:09 | 001,526,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMRes\c90f34b6018997c85226582d5c724a42\BCMRes.ni.dll
MOD - [2013/10/08 19:21:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/09/12 13:51:46 | 002,359,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\e56effd35e3da2a02874664ec7e1a365\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll
MOD - [2013/09/12 13:51:40 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/08/14 23:38:57 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\582023a23a1b9904483301ecdc20c018\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll
MOD - [2013/08/14 23:38:49 | 000,484,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\ffea4058c70243c5f4139eedb70a72ad\BCMCommon.ni.dll
MOD - [2013/08/14 22:25:41 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 22:25:28 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 22:25:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/12 10:19:15 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
MOD - [2013/07/12 10:18:54 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\8478684fb7a8875aba87db613abe95e9\Extensibility.ni.dll
MOD - [2013/07/12 10:18:39 | 002,267,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\1488c156635f7e35781ba386a27765ac\Microsoft.Office.Interop.Outlook.ni.dll
MOD - [2013/07/12 10:18:37 | 000,177,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\4070f36b1e502b80325621ecd1fd6467\Microsoft.Interop.Mapi.PropTags.ni.dll
MOD - [2013/07/12 10:18:36 | 000,963,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\office\362fac99ec7380f321c9e8fcb89faf6a\office.ni.dll
MOD - [2013/07/12 10:18:36 | 000,062,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\dc96be7f5242755ffaa72ade9707a689\Microsoft.Interop.eCRM.Ole.ni.dll
MOD - [2013/07/12 10:18:36 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\071856a2fade2421a4b3440ce7e5810c\stdole.ni.dll
MOD - [2013/07/12 10:18:35 | 000,152,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\b6d02b9cc9f934128f5ce0076c63a6e5\Microsoft.Interop.Mapi.Interfaces.ni.dll
MOD - [2013/07/12 09:02:26 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/04 21:22:32 | 000,481,280 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
MOD - [2013/05/28 02:21:30 | 004,334,592 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
MOD - [2013/05/14 22:56:24 | 008,432,128 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
MOD - [2013/05/14 01:18:30 | 000,931,840 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
MOD - [2013/05/09 23:12:10 | 000,229,888 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
MOD - [2013/04/28 02:25:56 | 001,205,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
MOD - [2013/04/07 07:42:00 | 000,123,136 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
MOD - [2013/04/07 07:38:46 | 001,044,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
MOD - [2013/03/27 04:52:32 | 000,500,736 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
MOD - [2013/03/27 04:51:52 | 000,714,240 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
MOD - [2013/03/27 04:51:40 | 000,641,536 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
MOD - [2013/03/27 04:51:26 | 001,198,080 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
MOD - [2013/03/27 04:50:02 | 000,186,368 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
MOD - [2013/03/27 04:49:54 | 000,116,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
MOD - [2013/03/27 04:49:40 | 000,485,376 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
MOD - [2013/03/27 04:49:26 | 000,438,272 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
MOD - [2013/03/27 04:43:48 | 001,067,520 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
MOD - [2013/03/27 04:42:54 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
MOD - [2013/03/27 04:42:52 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
MOD - [2013/03/27 04:42:50 | 001,553,920 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
MOD - [2013/03/26 22:58:14 | 000,074,752 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
MOD - [2013/03/26 22:58:12 | 000,136,704 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
MOD - [2013/03/26 22:58:08 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
MOD - [2013/03/26 22:58:06 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
MOD - [2013/03/26 22:58:06 | 000,066,560 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
MOD - [2013/02/19 02:46:06 | 009,814,016 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
MOD - [2013/02/19 02:46:06 | 002,537,472 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
MOD - [2013/02/19 02:46:06 | 001,140,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
MOD - [2013/02/19 02:46:00 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
MOD - [2013/02/19 02:46:00 | 000,287,232 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
MOD - [2013/02/19 02:46:00 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
MOD - [2013/02/19 02:46:00 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
MOD - [2013/02/19 02:46:00 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
MOD - [2013/02/19 02:46:00 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
MOD - [2012/11/29 05:56:00 | 003,332,720 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2010/11/04 21:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/07/07 12:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CtxfiRes.dll
MOD - [2010/03/10 18:15:32 | 000,385,024 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
MOD - [2010/03/05 16:59:44 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.dll
MOD - [2009/12/17 11:14:58 | 000,310,720 | ---- | M] () -- C:\Windows\assembly\GAC_32\BCMCommon\3.0.0.0__31bf3856ad364e35\BCMCommon.dll
MOD - [2009/12/11 04:55:07 | 000,591,976 | ---- | M] () -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/10 13:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2009/02/06 22:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2008/01/11 21:50:32 | 000,529,512 | ---- | M] () -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\en-US\BCMRes.resources.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/09 20:02:12 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/07 21:22:19 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/09/08 02:51:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/01 22:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2013/10/08 20:30:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/08/29 18:31:42 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/08 19:37:58 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- O:\CrashPlanService.exe -- (CrashPlanService)
SRV - [2013/04/07 07:39:20 | 000,232,192 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/24 13:44:22 | 000,072,704 | ---- | M] (Autodata Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/12/11 04:42:55 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/12/11 04:42:26 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/09 20:02:14 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013/08/09 20:02:14 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/06/27 09:31:39 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/04/10 19:32:06 | 001,907,440 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/01/03 04:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/01/03 04:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/04 12:29:52 | 000,276,256 | ---- | M] (Digiarty Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/25 03:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/08 03:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/09/08 03:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/08 02:15:06 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/21 16:59:09 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/12/19 14:23:52 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/10/14 19:29:46 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/14 19:29:44 | 000,230,480 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/10/14 19:29:02 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/14 19:29:02 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:46:06 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/01 08:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 08:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 08:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/12 14:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/07 11:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/10/20 14:50:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/19 12:24:59] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/04/29 20:27:24 | 000,013,856 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\i-Menu\hugoio64.sys -- (hugoio64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://slickdeals.net/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...F9-DB3A14AE98B3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 14 6E A8 A3 D5 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{119946E0-416B-4762-A0DE-32881B4DFE81}: "URL" = http://www.bing.com/...E10SR&pc=HPDTDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Hewlett\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Hewlett\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 20:12:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\discoversoan@orbiscom: C:\Program Files (x86)\Discover\SOAN [2012/01/13 10:17:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/05/06 00:56:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013/08/27 23:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/19 21:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/18 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 20:12:55 | 000,000,000 | ---D | M]

[2013/05/25 16:05:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Extensions
[2013/10/08 19:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Firefox\Profiles\smj03a5y.default-1379960535967\Extensions
[2013/10/08 18:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hewlett\AppData\Roaming\mozilla\Firefox\Profiles\v471oqlq.default\extensions
[2013/09/16 12:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/08/19 21:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/25 15:13:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/24 15:32:16 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2006/09/26 14:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddagfbbgmdhmolnjoaghlapikdcahbbl\5.0.0.170\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: No name found = C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/10/30 14:59:25 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2:64bit: - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Secure Online Account Numbers Helper) - {435EAA86-D32B-484F-869C-53745FCB1642} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Secure Online Account Numbers) - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Secure Online Account Numbers] C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [Grid] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe ()
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [IDMan] C:\Users\Hewlett\AppData\Local\Temp\Rar$EX70.016\Internet Download Manager 6.12 Build 21 Full Crack\IDMan.exe /onboot File not found
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [NETGEARGenie] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Vidalia] "E:\Tor Browser\App\vidalia.exe" File not found
O4 - Startup: C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.c...eUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://homedecorator...X_WEB_Win32.cab (20-20 3D Viewer for WEB)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokeso...1452/MILive.cab (Invoke Solutions MILiveParticipantPadHelper Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05CBDC94-EDE7-44A8-AE0D-41EA25F23289}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2B8D6F6-CFF4-4E54-9A58-84B2CF81C715}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/02 17:30:52 | 000,000,000 | RH-D | M] - P:\autorun -- [ NTFS ]
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\DTLplus_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/31 19:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adblock Plus for IE
[2013/10/31 19:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/10/31 18:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/10/31 17:36:32 | 004,699,456 | ---- | C] (Acro Software Inc. ) -- C:\Users\Hewlett\CuteWriter.exe
[2013/10/31 17:36:01 | 004,379,048 | ---- | C] (Piriform Ltd) -- C:\Users\Hewlett\ccsetup407.exe
[2013/10/31 17:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2013/10/31 17:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\{A5CCDB92-FA53-47D1-89E6-32B82D86621A}
[2013/10/31 15:13:00 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Documents\Bluetooth Exchange Folder
[2013/10/31 13:34:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
[2013/10/31 13:20:53 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/31 13:07:31 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\Hewlett\Desktop\JRT.exe
[2013/10/31 12:37:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/30 19:45:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2013/10/30 14:53:27 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Documents\JRT for geeks
[2013/10/30 14:46:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/28 18:40:16 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\Desktop\Games
[2013/10/27 13:14:53 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2013/10/24 06:03:54 | 001,033,335 | ---- | C] (Thisisu) -- C:\JRT.exe
[2013/10/23 08:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/10/20 21:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/20 21:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/20 02:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
[2013/10/09 18:56:52 | 004,369,632 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup406.exe
[2013/10/07 23:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My RoboForm Data
[2013/10/01 23:33:11 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Local\avgchrome
[2013/09/25 19:21:47 | 002,014,840 | ---- | C] (DriverBoost) -- C:\Program Files (x86)\DriverBoostPro_Setup.exe
[2013/08/29 00:31:00 | 013,813,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\mseinstall.exe
[2013/08/27 21:03:12 | 014,266,592 | ---- | C] (Siber Systems) -- C:\Program Files (x86)\AiRoboForm-cnetc.exe
[2013/08/07 19:42:19 | 004,100,432 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\dfsetup215.exe
[2013/07/10 17:50:40 | 010,104,832 | ---- | C] (© Phoenix Technologies Ltd. ) -- C:\Program Files (x86)\N4110A11.exe
[2013/06/27 09:31:14 | 016,974,720 | ---- | C] (NETGEAR Inc.) -- C:\Program Files (x86)\NETGEARGenie-install.exe
[2013/06/16 18:03:35 | 020,896,392 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Windows-KB890830-x64-V5.1.exe
[2013/05/29 18:26:37 | 013,998,208 | ---- | C] (Abelssoft ) -- C:\Program Files (x86)\ysd.exe
[2013/05/26 15:11:28 | 032,891,536 | ---- | C] (Amazon.com) -- C:\Program Files (x86)\KindleForPC-installer.exe.tm8cly3.partial
[2013/05/06 00:54:06 | 003,685,760 | ---- | C] (Logitech Inc.) -- C:\Program Files (x86)\setpoint652_smart.exe
[2013/03/27 13:40:24 | 002,148,152 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Hewlett\AppData\Local\BcsKtYcHW.dll
[2012/03/24 15:31:20 | 000,485,576 | ---- | C] (Catalina Marketing Corp. ) -- C:\Program Files\CouponActivator.exe
[2012/03/21 15:55:20 | 165,923,488 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Program Files\12-2_vista_win7_64_dd_ccc.exe
[2011/11/17 05:28:37 | 005,855,312 | ---- | C] (Digiarty ) -- C:\Program Files (x86)\winx-bd-decrypter.exe
[2011/09/20 09:42:10 | 000,946,352 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files (x86)\SkypeSetup.exe
[2011/08/20 12:19:14 | 001,637,504 | ---- | C] (Hewlett-Packard Development Company, L.P. ) -- C:\Program Files (x86)\sp49903.exe
[2011/08/04 01:30:58 | 000,046,464 | ---- | C] (SUPERAdBlocker.com) -- C:\Program Files (x86)\SASTask.exe
[2011/08/01 00:36:23 | 011,721,512 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpywarePro.exe
[2011/04/05 11:58:05 | 009,104,256 | ---- | C] (Logitech Inc.) -- C:\Program Files (x86)\Setup - 64 bit.exe
[2011/02/07 11:28:20 | 006,275,960 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Silverlight.exe
[2011/01/25 06:09:23 | 012,832,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\windows-kb890830-x64-v3.15.exe
[2010/01/07 22:15:56 | 005,115,840 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2009/12/23 14:53:39 | 114,591,160 | ---- | C] (CANON INC.) -- C:\Program Files\zb641vistaupd-en.exe
[2009/12/23 14:15:56 | 001,359,360 | ---- | C] (Irfan Skiljan) -- C:\Program Files\iview425_setup.exe
[2009/12/17 17:12:25 | 031,616,544 | ---- | C] (Logitech Inc.) -- C:\Program Files\Setup_64bit.exe
[2009/12/16 20:53:22 | 036,469,413 | ---- | C] (A.I.SOFT,INC.) -- C:\Program Files\7225-INST-WIN7-A.EXE
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/31 19:46:26 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/31 19:46:26 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/31 19:43:34 | 000,844,720 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/31 19:43:34 | 000,707,344 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/31 19:43:34 | 000,137,888 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/31 19:38:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/31 19:37:37 | 1066,737,662 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/31 19:35:25 | 000,062,068 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/31 19:35:25 | 000,062,068 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/31 19:35:25 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2013/10/31 19:29:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/31 18:20:29 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/10/31 18:09:20 | 000,061,440 | ---- | M] ( ) -- C:\Users\Hewlett\Desktop\VEW.exe
[2013/10/31 17:36:39 | 004,699,456 | ---- | M] (Acro Software Inc. ) -- C:\Users\Hewlett\CuteWriter.exe
[2013/10/31 17:36:11 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/31 17:36:03 | 004,379,048 | ---- | M] (Piriform Ltd) -- C:\Users\Hewlett\ccsetup407.exe
[2013/10/31 17:29:14 | 000,002,179 | ---- | M] () -- C:\Users\Hewlett\Desktop\HP Support Assistant.lnk
[2013/10/31 15:15:26 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/31 13:34:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
[2013/10/31 13:07:38 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\Hewlett\Desktop\JRT.exe
[2013/10/31 12:54:21 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHewlett.job
[2013/10/31 10:44:00 | 000,001,931 | ---- | M] () -- C:\Users\Hewlett\Desktop\Update Checker.lnk
[2013/10/30 14:59:25 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/10/29 20:34:08 | 000,001,126 | ---- | M] () -- C:\Users\Hewlett\Desktop\Vast Studios - Shortcut.lnk
[2013/10/28 18:45:22 | 000,009,296 | ---- | M] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013/10/28 00:00:06 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2013/10/24 12:38:32 | 001,033,335 | ---- | M] (Thisisu) -- C:\JRT.exe
[2013/10/24 06:52:59 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/10/24 05:52:22 | 000,985,600 | ---- | M] () -- C:\Users\Hewlett\MicrosoftFixit50123.msi
[2013/10/23 08:03:58 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/10/23 07:37:58 | 000,022,016 | ---- | M] () -- C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/15 09:28:53 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013/10/09 18:57:10 | 004,369,632 | ---- | M] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup406.exe
[2013/10/08 19:10:30 | 000,579,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[5 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/31 18:09:18 | 000,061,440 | ---- | C] ( ) -- C:\Users\Hewlett\Desktop\VEW.exe
[2013/10/31 17:29:14 | 000,002,179 | ---- | C] () -- C:\Users\Hewlett\Desktop\HP Support Assistant.lnk
[2013/10/31 15:08:40 | 000,002,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013/10/31 15:08:40 | 000,002,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Onscreen Keyboard.lnk
[2013/10/31 15:08:40 | 000,001,066 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/10/30 19:45:39 | 000,001,961 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2013/10/30 19:45:39 | 000,001,931 | ---- | C] () -- C:\Users\Hewlett\Desktop\Update Checker.lnk
[2013/10/29 20:34:08 | 000,001,126 | ---- | C] () -- C:\Users\Hewlett\Desktop\Vast Studios - Shortcut.lnk
[2013/10/24 05:52:18 | 000,985,600 | ---- | C] () -- C:\Users\Hewlett\MicrosoftFixit50123.msi
[2013/10/16 00:10:49 | 000,009,296 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
[2013/09/16 12:35:39 | 003,787,776 | ---- | C] () -- C:\Program Files (x86)\RogueKillerX64.exe
[2013/05/04 11:19:07 | 000,502,592 | ---- | C] () -- C:\Program Files (x86)\AmazonCloudDriveSetup.exe
[2013/04/24 22:18:47 | 000,013,235 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2013/04/24 22:17:23 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/04/24 22:17:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/03/27 13:40:22 | 000,915,073 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\a.zip
[2013/02/27 21:15:40 | 000,798,720 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.dll
[2013/02/27 21:15:40 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.exe
[2013/02/27 21:15:40 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\FCNetLib.dll
[2013/02/27 21:15:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\SearchLib.dll
[2013/02/27 21:15:40 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\IPCamera.exe
[2013/02/27 21:15:40 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FCSDK.dll
[2013/01/29 15:57:11 | 000,000,474 | ---- | C] () -- C:\Program Files (x86)\rarreg.key
[2013/01/29 15:57:11 | 000,000,022 | ---- | C] () -- C:\Program Files (x86)\zipnew.dat
[2013/01/29 15:57:11 | 000,000,020 | ---- | C] () -- C:\Program Files (x86)\rarnew.dat
[2013/01/29 15:57:09 | 000,140,288 | ---- | C] () -- C:\Program Files (x86)\RarExt32.dll
[2013/01/29 15:57:09 | 000,097,792 | ---- | C] () -- C:\Program Files (x86)\Zip64.SFX
[2013/01/29 15:57:09 | 000,094,720 | ---- | C] () -- C:\Program Files (x86)\WinCon64.SFX
[2013/01/29 15:57:09 | 000,078,336 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX
[2013/01/29 15:57:08 | 001,163,264 | ---- | C] () -- C:\Program Files (x86)\WinRAR.exe
[2013/01/29 15:57:08 | 000,276,992 | ---- | C] () -- C:\Program Files (x86)\UnRAR.exe
[2013/01/29 15:57:08 | 000,266,224 | ---- | C] () -- C:\Program Files (x86)\WinRAR.chm
[2013/01/29 15:57:08 | 000,164,864 | ---- | C] () -- C:\Program Files (x86)\RarExt.dll
[2013/01/29 15:57:08 | 000,072,704 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX
[2013/01/29 15:57:08 | 000,001,233 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst
[2013/01/29 15:57:08 | 000,000,700 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst
[2013/01/29 12:56:55 | 000,000,408 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/01/14 13:29:23 | 000,000,000 | ---- | C] () -- C:\Windows\Tomb.INI
[2012/12/26 04:05:45 | 000,241,040 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/11/26 15:35:09 | 000,000,408 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/11/26 15:35:09 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/11/26 15:30:48 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012/11/26 15:30:48 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/11/26 15:30:47 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/11/16 19:16:27 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/10 04:13:22 | 022,259,528 | ---- | C] () -- C:\Program Files (x86)\vlc-2.0.1-win32.exe
[2012/02/25 05:29:23 | 001,639,789 | ---- | C] () -- C:\Program Files (x86)\winrar-x64-411.exe
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/07/02 20:44:47 | 000,009,314 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML
[2011/02/04 10:18:49 | 013,358,984 | ---- | C] () -- C:\Program Files (x86)\SAS_919F32C6.COM
[2011/01/30 15:47:18 | 000,173,966 | ---- | C] () -- C:\Program Files (x86)\sfjsetup.exe
[2010/12/13 19:05:47 | 000,007,609 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\resmon.resmoncfg
[2010/12/06 18:27:18 | 000,002,176 | -H-- | C] () -- C:\Program Files\ZbThumbnail.info
[2010/10/15 17:30:34 | 000,001,057 | ---- | C] () -- C:\Users\Hewlett\AppData\Roaming\vso_ts_preview.xml
[2010/06/24 18:11:27 | 002,236,416 | ---- | C] () -- C:\Program Files (x86)\ue293reg64.exe
[2010/01/21 17:37:47 | 000,022,016 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/05 14:11:32 | 000,717,374 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8138.1
[2010/01/05 14:11:30 | 001,767,146 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8138.0
[2010/01/05 14:10:05 | 000,703,221 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8137.1
[2010/01/05 14:10:04 | 001,747,941 | ---- | C] () -- C:\Users\Hewlett\AppData\Local\tmpIMG_8137.0
[2009/12/16 20:50:55 | 000,591,586 | ---- | C] () -- C:\Program Files\Pack_Main0En250.exe
[2006/01/06 05:24:34 | 000,000,015 | -H-- | C] () -- C:\Users\Hewlett\AppData\Roaming\Hewlettlog.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 09:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 09:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/23 00:20:18 | 000,000,000 | -HSD | M] -- C:\Users\Hewlett\AppData\Roaming\.#
[2010/09/05 18:41:05 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Amazon
[2012/07/13 23:41:51 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AVG
[2013/06/21 22:26:15 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\AVG2013
[2013/09/27 19:28:36 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Boomzap
[2012/11/22 15:47:41 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Canon
[2012/02/02 19:31:14 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Casual Arts
[2012/02/01 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\casualArts
[2012/01/14 15:38:03 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Catalina Marketing Corp
[2013/03/27 13:40:19 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Catalina – Print Savings
[2011/09/09 17:30:19 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\com.amazon.music.uploader
[2013/05/02 02:53:58 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ControlCenter4
[2013/10/20 02:37:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\CrashPlan
[2011/12/27 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Digiarty
[2013/05/25 17:05:11 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\DMCache
[2013/05/26 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\EurekaLog
[2013/05/26 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\FDRLab
[2009/12/29 18:18:49 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Foxit
[2011/12/21 01:01:11 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Foxit Software
[2013/09/16 10:40:53 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\FreeBurner
[2011/07/20 00:04:28 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\go
[2013/10/28 19:14:45 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\GoodSync
[2013/05/25 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\IDM
[2013/09/16 10:40:33 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\ImgBurn
[2009/12/17 17:27:52 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Leadertech
[2012/08/22 23:07:07 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\mjusbsp
[2012/03/05 13:56:49 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Namco
[2012/10/28 03:00:31 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Netgear Live Parental Controls
[2013/05/03 07:13:29 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Nuance
[2010/10/11 23:49:15 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Serif
[2011/09/03 15:19:26 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\TechSmith
[2013/09/25 18:36:27 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Vast Studios
[2012/01/29 14:24:08 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\Vso
[2010/03/02 16:10:50 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\webex
[2009/12/24 22:32:00 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/02/16 00:00:56 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?r) -- C:\Windows\SysWow64\쓐ř
[2010/02/16 00:00:56 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?r) -- C:\Windows\SysWow64\쓐ř
[2010/01/10 18:46:32 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?Ù) -- C:\Windows\SysWow64\Ù
[2010/01/10 18:46:32 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?Ù) -- C:\Windows\SysWow64\Ù

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty

< End of report >
  • 0

Advertisements


#56
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://slickdeals.net/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...F9-DB3A14AE98B3
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming File not found
O4 - HKCU..\Run: [IDMan] C:\Users\Hewlett\AppData\Local\Temp\Rar$EX70.016\Internet Download Manager 6.12 Build 21 Full Crack\IDMan.exe /onboot File not found
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Vidalia] "E:\Tor Browser\App\vidalia.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\10312013-some number.log so look there if you don't see it.

If it comes back again then let's try a different anti-virus:

Download save the free version of Avast
http://www.avast.com/index
Click on Download then choose the free version. (Make sure you uncheck the Chrome and google toolbar options. We don't need them.)


Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe


Uninstall AVG then right click on the AVG Removal Tool and Run As Admin.

Reboot.

Right click on the Avast installer and run as admin. Once you get it installed and it has updated (You might want to do this while you sleep as it takes hours to finish):

First mute the speakers so it won't wake you up when Windows loads. Click on the Orange ball. Click on Scans. Change Quickscan to Boot-time Scan. Click on Settings. Where it says Heuristic Sensitivity click on the last rectangle so that all of them are orange and it says High. Check both boxes. Then change When a threat is found ... to: Move to Chest. OK. Now click on Start. Close the Avast window and then reboot. The scan will start. It will tell you where it will save the report. Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. When Windows loads Click on the Orange Ball then Maintenance then Scan Logs. Click on the Boot-time scan log and then View Results. IF it found anything then open the saved Report and copy and paste the text into a reply so I can see it.

If you can't find the text version then take a screen shot of the report and attach it:
Press the Alt + the Print Screen key on your keyboard. It may be labeled [PrtScn].

Open Microsoft Paint (All Programs, Accessories,Paint).

Go to the Edit menu and choose Paste (or just do Ctrl + v) and the image should appear.


Go to the File Menu and choose Save As.

Navigate to the folder where you want to save the image. (Desktop)

Type a file name for the image: Avast

Select a file type. jpeg

Click the Save button.

Attach Avast.jpg to your Reply.

(Start a Reply. Click on the Browse button, point it at your desktop and click on Avast.jpg then Open. Now click on Attach this File)
  • 0

#57
Vintage Charms

Vintage Charms

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EvtMgr6 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IDMan deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM deleted successfully.
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Vidalia deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Hewlett
->Flash cache emptied: 2656 bytes

User: PAT

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Hewlett
->Java cache emptied: 0 bytes

User: PAT

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10312013_204439
  • 0

#58
Vintage Charms

Vintage Charms

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe


Uninstall AVG then right click on the AVG Removal Tool and Run As Admin. Just saying - AVG never removes all of their files when you try to uninstall.

Reboot.

Right click on the Avast installer and run as admin. Once you get it installed and it has updated (You might want to do this while you sleep as it takes hours to finish):

I downloaded it, but I think it installed alread. Off to reboot. brb
  • 0

#59
Vintage Charms

Vintage Charms

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Good Grief. I got the report and thought I posted it. I must not have hit send. I don't see it. I already emptied my recycle bin. Nothing seems to be happening so you must have got it all. Thank you so much, Carole
  • 0

#60
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Stick with Avast for a while and see how you like it. Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings then on Appearance. Then on Sounds and uncheck Automatic Updates OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)

They have also started using their info popup to try and get you to upgrade so I go into Settings, Appearance, Popups and change the first two to 1 second.

If you haven't registered already then right click on the orange ball and select Registration Information and click on the link. (They just want your name and email address). The registration is good for 12-14 months then you will need to register again. They will, of course, try to talk you into buying the product but you can always register again for another year free tho it may not be the default.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP