OTL logfile created on: 5/27/2014 2:55:22 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = D:\_DOWNLOAD_ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17041) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 15.96 Gb Total Physical Memory | 10.79 Gb Available Physical Memory | 67.59% Memory free 31.92 Gb Paging File | 26.17 Gb Available in Paging File | 82.01% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 238.38 Gb Total Space | 57.99 Gb Free Space | 24.33% Space Free | Partition Type: NTFS Drive D: | 1863.02 Gb Total Space | 8.69 Gb Free Space | 0.47% Space Free | Partition Type: NTFS Drive E: | 1863.01 Gb Total Space | 82.30 Gb Free Space | 4.42% Space Free | Partition Type: NTFS Drive F: | 2.82 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive J: | 931.48 Gb Total Space | 17.85 Gb Free Space | 1.92% Space Free | Partition Type: NTFS Computer Name: DERR2 | User Name: robert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014/05/26 23:12:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\_DOWNLOAD_\OTL.exe PRC - [2014/05/08 09:49:02 | 003,499,896 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe PRC - [2014/04/23 19:54:16 | 002,135,232 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe PRC - [2014/02/07 06:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2014/01/31 17:46:40 | 000,043,184 | ---- | M] (NoMachine) -- C:\Program Files (x86)\NoMachine\bin\nxnode.bin PRC - [2014/01/31 17:46:30 | 000,220,336 | ---- | M] (NoMachine) -- C:\Program Files (x86)\NoMachine\bin\nxdisplay.exe PRC - [2014/01/31 17:46:30 | 000,181,936 | ---- | M] (NoMachine) -- C:\Program Files (x86)\NoMachine\bin\nxfsd.exe PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/12/18 21:04:09 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe PRC - [2013/08/06 17:33:16 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2013/07/04 01:46:42 | 002,384,472 | ---- | M] (GRETECH) -- C:\Program Files (x86)\GRETECH\GOMTray\GomTray.exe PRC - [2013/07/02 09:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013/01/09 07:06:06 | 001,259,872 | ---- | M] (SafeNet, Inc) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2013/01/09 01:03:02 | 000,376,832 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe PRC - [2013/01/09 01:00:02 | 000,293,216 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe PRC - [2012/11/22 16:10:40 | 003,575,120 | ---- | M] (EasyTech) -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe PRC - [2012/10/08 19:15:51 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Wacom\WacomHost.exe PRC - [2012/08/24 16:45:00 | 000,084,360 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe PRC - [2012/06/28 11:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2012/06/14 10:40:12 | 012,120,064 | ---- | M] (Scendix Software-Vertriebsges. mbH) -- C:\Program Files (x86)\Pamela\Pamela.exe PRC - [2012/06/09 02:28:58 | 000,433,816 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2012/06/09 02:28:32 | 000,103,576 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe PRC - [2012/06/09 02:28:30 | 000,354,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2012/06/09 00:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2012/05/28 00:58:19 | 003,450,832 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2012/04/05 01:47:00 | 001,134,592 | ---- | M] (Zhorn Software) -- C:\Program Files (x86)\Stickies\stickies.exe PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011/12/16 14:35:42 | 005,881,952 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe PRC - [2011/01/12 14:40:30 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE PRC - [2010/08/12 17:06:46 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe PRC - [2010/06/03 13:09:42 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\GenArts\Monsters-AE64\bin\JawsServerAE64.exe PRC - [2010/06/03 11:13:04 | 001,540,096 | ---- | M] (Reprise Software Inc.) -- C:\Program Files (x86)\GenArts\rlm\rlm.exe PRC - [2010/05/21 13:40:26 | 000,324,976 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007/05/30 08:14:22 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\KatMouse\KatMouse.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/01/16 11:58:54 | 008,626,176 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2013/01/16 11:58:52 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2013/01/16 11:58:50 | 002,408,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2012/08/22 16:50:05 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Pamela\zlib.dll MOD - [2012/04/05 01:47:00 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Stickies\shook70.dll MOD - [2008/12/30 12:23:28 | 000,214,528 | ---- | M] () -- C:\Program Files (x86)\KatMouse\KatMouseH.dll MOD - [2007/06/22 10:48:58 | 000,044,032 | ---- | M] () -- C:\Program Files (x86)\KatMouse\KatMouseS.dll MOD - [2007/05/30 08:14:22 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\KatMouse\KatMouse.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014/04/16 17:12:45 | 006,817,544 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV:[b]64bit:[/b] - [2014/03/25 15:22:18 | 002,264,280 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth) SRV:[b]64bit:[/b] - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2014/01/24 14:32:44 | 001,657,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV:[b]64bit:[/b] - [2013/09/04 03:53:20 | 007,228,720 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV:[b]64bit:[/b] - [2013/06/24 00:13:42 | 000,464,712 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Avid\Editor Transcode\Dynamic Media Files\DMFService.exe -- (Avid DMF Service) SRV:[b]64bit:[/b] - [2013/06/24 00:11:56 | 000,465,224 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorMSE.exe -- (Avid Editor Broker) SRV:[b]64bit:[/b] - [2013/06/24 00:11:56 | 000,100,680 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Avid\Editor Transcode\TranscodeService\rnc-central\AvidEditorTranscodeStatus.exe -- (Avid Editor Transcode Status) SRV:[b]64bit:[/b] - [2013/06/24 00:11:54 | 000,465,224 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorTranscode.exe -- (Avid Editor Transcode Service) SRV:[b]64bit:[/b] - [2013/06/24 00:11:54 | 000,464,712 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Avid\Editor Transcode\TranscodeService\AvidEditorDbEngine.exe -- (Avid Editor Db Engine) SRV:[b]64bit:[/b] - [2013/06/06 13:31:52 | 000,598,808 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\WTabletServicePro.exe -- (WTabletServicePro) SRV:[b]64bit:[/b] - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2012/12/06 22:20:30 | 001,005,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ASUS\Bluetooth Software\btwdins.exe -- (btwdins) SRV:[b]64bit:[/b] - [2012/11/22 16:10:40 | 003,575,120 | ---- | M] (EasyTech) [Auto | Running] -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe -- (EasyRedirect) SRV:[b]64bit:[/b] - [2012/06/27 23:13:01 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:[b]64bit:[/b] - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:[b]64bit:[/b] - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2010/06/03 18:33:28 | 000,751,104 | ---- | M] () [Auto | Running] -- C:\Program Files\GenArts\Monsters-AE64\bin\FlowFinder3MonstersAE64.exe -- (FlowFinder3MonstersAE64) SRV - [2014/05/26 14:14:49 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint) SRV - [2014/05/26 14:14:45 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2014/05/14 01:13:08 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014/05/10 16:07:14 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014/04/23 19:54:16 | 002,135,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater) SRV - [2014/02/07 06:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2014/01/31 17:46:38 | 003,795,632 | ---- | M] (NoMachine) [Auto | Running] -- C:\Program Files (x86)\NoMachine\bin\nxusbd64.exe -- (nxusbd) SRV - [2014/01/31 17:46:34 | 000,206,512 | ---- | M] (NoMachine) [Auto | Stopped] -- C:\Program Files (x86)\NoMachine\bin\nxservice.exe -- (nxservice) SRV - [2014/01/31 17:46:30 | 000,220,336 | ---- | M] (NoMachine) [Auto | Running] -- C:\Program Files (x86)\NoMachine\bin\nxdisplay.exe -- (nxdisplay) SRV - [2014/01/31 17:46:30 | 000,181,936 | ---- | M] (NoMachine) [Auto | Running] -- C:\Program Files (x86)\NoMachine\bin\nxfsd.exe -- (nxfsd) SRV - [2014/01/31 17:46:28 | 000,958,128 | ---- | M] (NoMachine) [Auto | Running] -- C:\Program Files (x86)\NoMachine\bin\nxdeviced64.exe -- (nxdeviced) SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/12/11 17:11:48 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn) SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013/08/06 17:33:16 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013/01/09 07:06:06 | 001,259,872 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2013/01/09 01:03:02 | 000,376,832 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer) SRV - [2013/01/09 01:00:02 | 000,293,216 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime) SRV - [2012/06/09 02:28:58 | 000,433,816 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2012/06/09 02:28:30 | 000,354,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2012/06/09 01:39:40 | 011,839,488 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd) SRV - [2012/06/09 00:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2012/05/28 00:58:19 | 003,450,832 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012/05/02 05:01:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011/12/16 14:35:42 | 005,881,952 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2011/12/16 14:35:00 | 001,124,096 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011/08/29 23:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2011/01/12 14:40:30 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc) SRV - [2010/08/12 17:06:46 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc) SRV - [2010/07/12 23:30:42 | 000,032,944 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\BitKinex\bitkinexsvc.exe -- (BitKinex) SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010/06/03 13:09:42 | 000,393,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GenArts\Monsters-AE64\bin\JawsServerAE64.exe -- (JawsServerAE64) SRV - [2010/06/03 11:13:04 | 001,540,096 | ---- | M] (Reprise Software Inc.) [Auto | Running] -- C:\Program Files (x86)\GenArts\rlm\rlm.exe -- (RLM-GenArts) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010/02/18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2003/04/18 20:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2014/05/26 14:14:46 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV:[b]64bit:[/b] - [2014/04/16 17:12:55 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd) DRV:[b]64bit:[/b] - [2014/01/22 23:21:06 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:[b]64bit:[/b] - [2014/01/22 23:21:06 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:[b]64bit:[/b] - [2013/12/11 17:11:48 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV:[b]64bit:[/b] - [2013/12/11 17:10:22 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr) DRV:[b]64bit:[/b] - [2013/11/12 18:53:16 | 000,068,096 | ---- | M] (NoMachine) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nxusbh.sys -- (nxusbh) DRV:[b]64bit:[/b] - [2013/11/04 18:52:18 | 000,010,240 | ---- | M] (NoMachine) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nxusbs.sys -- (nxusbs) DRV:[b]64bit:[/b] - [2013/08/29 17:49:06 | 000,017,920 | ---- | M] (NoMachine) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nxaudio.sys -- (nxaudio) DRV:[b]64bit:[/b] - [2013/05/30 13:56:28 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1) DRV:[b]64bit:[/b] - [2013/04/30 13:18:10 | 000,085,304 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter) DRV:[b]64bit:[/b] - [2013/04/30 13:18:10 | 000,014,136 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf) DRV:[b]64bit:[/b] - [2012/12/20 18:20:07 | 000,015,344 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter) DRV:[b]64bit:[/b] - [2012/12/11 15:48:54 | 000,029,696 | ---- | M] (NoMachine Sarl) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nxdm.sys -- (nxdm) DRV:[b]64bit:[/b] - [2012/12/03 13:08:28 | 000,598,808 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:[b]64bit:[/b] - [2012/09/24 15:32:10 | 000,165,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums) DRV:[b]64bit:[/b] - [2012/06/09 02:29:20 | 000,063,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:[b]64bit:[/b] - [2012/06/09 02:28:08 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:[b]64bit:[/b] - [2012/06/09 02:27:30 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:[b]64bit:[/b] - [2012/06/08 23:52:20 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:[b]64bit:[/b] - [2012/06/08 23:52:20 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:[b]64bit:[/b] - [2012/05/28 00:58:19 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:[b]64bit:[/b] - [2012/05/28 00:58:18 | 001,285,216 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman) DRV:[b]64bit:[/b] - [2012/05/28 00:58:17 | 000,986,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:[b]64bit:[/b] - [2012/05/28 00:58:16 | 000,211,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr) DRV:[b]64bit:[/b] - [2012/05/28 00:58:16 | 000,142,944 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt61.sys -- (vidsflt61) DRV:[b]64bit:[/b] - [2012/05/28 00:58:15 | 000,310,368 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:[b]64bit:[/b] - [2012/05/28 00:58:13 | 000,133,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv) DRV:[b]64bit:[/b] - [2012/05/01 15:48:28 | 000,184,144 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:[b]64bit:[/b] - [2012/03/19 15:12:38 | 001,454,896 | ---- | M] (ShiningMorning Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vasdDev.sys -- (VASDeviceDrm) DRV:[b]64bit:[/b] - [2012/03/05 20:59:42 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:[b]64bit:[/b] - [2012/03/05 20:59:40 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:[b]64bit:[/b] - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:[b]64bit:[/b] - [2012/01/17 08:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2011/09/17 10:08:52 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:[b]64bit:[/b] - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:[b]64bit:[/b] - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:[b]64bit:[/b] - [2011/08/29 23:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:[b]64bit:[/b] - [2011/08/29 23:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:[b]64bit:[/b] - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:[b]64bit:[/b] - [2011/05/11 14:55:24 | 000,196,912 | ---- | M] (Paragon Software Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hfsplus.sys -- (Hfsplus) DRV:[b]64bit:[/b] - [2011/05/11 14:55:24 | 000,060,720 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gpt_loader.sys -- (gpt_loader) DRV:[b]64bit:[/b] - [2011/05/11 14:55:24 | 000,051,504 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\apmwin.sys -- (apmwin) DRV:[b]64bit:[/b] - [2011/05/11 14:55:24 | 000,042,288 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mounthlp.sys -- (mounthlp) DRV:[b]64bit:[/b] - [2011/05/11 14:55:24 | 000,016,176 | ---- | M] (Paragon Software Group) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\hfsplusrec.sys -- (HfsplusRec) DRV:[b]64bit:[/b] - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011/02/14 02:08:24 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons) DRV:[b]64bit:[/b] - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:[b]64bit:[/b] - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:[b]64bit:[/b] - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64) DRV:[b]64bit:[/b] - [2009/08/06 04:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:[b]64bit:[/b] - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:[b]64bit:[/b] - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV - [2013/12/11 17:11:48 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo) DRV - [2013/11/14 12:02:46 | 000,087,216 | ---- | M] (NoMachine) [Kernel | Auto | Running] -- C:\Program Files (x86)\NoMachine\bin\drivers\nxusb\NT6\amd64\nxusbf.sys -- (nxusbf) DRV - [2013/08/30 21:15:04 | 000,057,008 | ---- | M] (NoMachine) [File_System | Auto | Running] -- C:\Program Files (x86)\NoMachine\bin\drivers\nxdisk\amd64\nxfs.sys -- (nxfs) DRV - [2012/08/24 16:45:54 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility) DRV - [2012/06/19 23:46:07 | 000,092,536 | ---- | M] (WinMount International Inc) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\WMDrive.sys -- (WMDrive) DRV - [2011/06/02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 EB 0F 7F 28 28 CD 01 [binary data] IE - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\..\SearchScopes,DefaultScope = {0F0180FB-1B20-4620-B8CA-F7E141F90193} IE - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\..\SearchScopes\{0F0180FB-1B20-4620-B8CA-F7E141F90193}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms} IE - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 IE - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Yahoo! (Avast)" FF - prefs.js..browser.search.defaultenginename: "Google Default" FF - prefs.js..browser.search.defaultthis.engineName: "Yahoo! (Avast)" FF - prefs.js..browser.search.order.1: "Yahoo! (Avast)" FF - prefs.js..browser.search.selectedEngine: "Google Default" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.metal-archives.com/" FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.4: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\robert\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\robert\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014/05/15 15:18:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/04/29 16:16:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/05/07 23:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Extensions [2014/05/26 11:24:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\35es82b6.default_PRZED RESETEM\extensions [2014/05/25 11:43:26 | 000,203,751 | ---- | M] () (No name found) -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\35es82b6.default_PRZED RESETEM\extensions\jid0-GokC6R49cBZciOKniufAR4QKFWc@jetpack.xpi [2014/05/26 00:15:17 | 000,005,830 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\35es82b6.default_PRZED RESETEM\searchplugins\bing-avast.xml [2014/05/26 00:16:14 | 000,002,315 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\35es82b6.default_PRZED RESETEM\searchplugins\google-default.xml [2014/05/26 00:18:22 | 000,009,433 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\35es82b6.default_PRZED RESETEM\searchplugins\yahoo-avast.xml [2014/05/25 14:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: https://www.yahoo.com?fr=hp-avast&type=avastbcl CHR - Extension: No name found = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_1\ CHR - Extension: No name found = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\ CHR - Extension: No name found = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_1\ CHR - Extension: No name found = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\ CHR - Extension: No name found = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\ CHR - Extension: No name found = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\ CHR - Extension: No name found = C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\ O1 HOSTS File: ([2014/05/25 15:15:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:[b]64bit:[/b] - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O2:[b]64bit:[/b] - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:[b]64bit:[/b] - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O2:[b]64bit:[/b] - BHO: (Atomic Savings BHO) - {FD54B52E-A521-4C98-A65E-2213146AE98D} - C:\Program Files (x86)\Atomic Savings\FrameworkBHO64.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {C92D948D-97DC-4F90-A21E-5718540A79C3} - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Alive Text to Speech) - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\Program Files (x86)\AliveMedia\Text to Speech\IEToolbar.dll () O3:[b]64bit:[/b] - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [apmwinapp] C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.0\apmwinsrv.exe () O4:[b]64bit:[/b] - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO) O4:[b]64bit:[/b] - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe (Greenshot) O4:[b]64bit:[/b] - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe File not found O4:[b]64bit:[/b] - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [HFS Activator] C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.0\activation\hfsactivator.exe () O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.) O4 - HKLM..\Run: [Nuance OmniPage 18-reminder] C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-1235320012-531206643-3524170785-1000..\Run: [GomTray] C:\Program Files (x86)\GRETECH\GOMTray\GomTray.exe (GRETECH) O4 - HKU\S-1-5-21-1235320012-531206643-3524170785-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software, Inc.) O4 - HKU\S-1-5-21-1235320012-531206643-3524170785-1000..\Run: [pamela.exe] C:\Program Files (x86)\Pamela\Pamela.exe (Scendix Software-Vertriebsges. mbH) O4 - Startup: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Clock.lnk = File not found O4 - Startup: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk = C:\Program Files (x86)\KatMouse\KatMouse.exe () O4 - Startup: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Locate32 Autorun.lnk = File not found O4 - Startup: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software) O4 - Startup: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search O7 - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://www.google.com/search?q=%w O7 - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1 O8:[b]64bit:[/b] - Extra context menu item: &Download with BitKinex - C:\Program Files (x86)\BitKinex\ieext_cp.htm () O8:[b]64bit:[/b] - Extra context menu item: &Register in BitKinex - C:\Program Files (x86)\BitKinex\ieext_reg.htm () O8:[b]64bit:[/b] - Extra context menu item: Append Link Target to Existing PDF - Reg Error: Value error. File not found O8:[b]64bit:[/b] - Extra context menu item: Append to Existing PDF - Reg Error: Value error. File not found O8:[b]64bit:[/b] - Extra context menu item: Convert Link Target to Adobe PDF - Reg Error: Value error. File not found O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - Reg Error: Value error. File not found O8:[b]64bit:[/b] - Extra context menu item: Se&nd to OneNote - Reg Error: Value error. File not found O8:[b]64bit:[/b] - Extra context menu item: Send To &Bluetooth - Reg Error: Value error. File not found O8 - Extra context menu item: &Download with BitKinex - C:\Program Files (x86)\BitKinex\ieext_cp.htm () O8 - Extra context menu item: &Register in BitKinex - C:\Program Files (x86)\BitKinex\ieext_reg.htm () O8 - Extra context menu item: Append Link Target to Existing PDF - Reg Error: Value error. File not found O8 - Extra context menu item: Append to Existing PDF - Reg Error: Value error. File not found O8 - Extra context menu item: Convert Link Target to Adobe PDF - Reg Error: Value error. File not found O8 - Extra context menu item: Convert to Adobe PDF - Reg Error: Value error. File not found O8 - Extra context menu item: Se&nd to OneNote - Reg Error: Value error. File not found O8 - Extra context menu item: Send To &Bluetooth - Reg Error: Value error. File not found O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\..Trusted Domains: dell.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\..Trusted Domains: stanford.edu ([]https in Local intranet) O15 - HKU\S-1-5-21-1235320012-531206643-3524170785-1000\..Trusted Ranges: Range1 ([https] in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 10.51.2) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.51.2) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1081 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.118.165.22 69.65.41.30 209.18.47.61 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AC062A7-886E-4C9E-91A9-BE571BF5CA1C}: DhcpNameServer = 66.118.165.22 69.65.41.30 209.18.47.61 O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:[b]64bit:[/b] - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O27 - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014/05/25 17:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2014/05/25 17:31:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2014/05/25 16:05:56 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2014/05/25 14:54:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2014/05/25 13:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2014/05/25 12:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2014/05/24 22:34:11 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information [2014/05/24 21:36:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014/05/24 12:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2014/05/24 12:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro [2014/05/24 12:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2014/05/23 22:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2014/05/23 22:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2014/05/23 22:08:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2014/05/23 21:48:32 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\PC Tech Hotline [2014/05/23 21:14:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/05/23 20:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCTechHotline [2014/05/23 20:50:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller_AdwCleaner_1548942 [2014/05/22 18:42:51 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\PAR Buddy [2014/05/22 18:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PAR Buddy [2014/05/22 18:11:31 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\MultiPar [2014/05/22 18:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParNRar [2014/05/22 18:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MultiPar [2014/05/21 20:16:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Program Files (x86) [2014/05/15 18:37:56 | 000,000,000 | ---D | C] -- C:\Users\robert\Documents\Native Instruments [2014/05/15 18:32:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5D7D8554-ADF2-463E-B6AC-7A857B390410} [2014/05/15 18:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments [2014/05/15 18:31:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E70FDE50-4AB8-4AF6-8E82-A7B843A3AD92} [2014/05/15 18:30:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F2610326-6A40-4BBC-9FBC-7F05356A912A} [2014/05/15 18:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments [2014/05/15 18:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments [2014/05/15 18:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments [2014/05/15 03:05:26 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2014/05/15 03:05:26 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2014/05/15 03:05:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2014/05/14 03:17:37 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll [2014/05/14 03:17:37 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll [2014/05/14 03:16:57 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2014/05/14 03:16:56 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2014/05/14 03:16:56 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2014/05/14 03:16:56 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2014/05/14 03:16:56 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll [2014/05/14 03:16:56 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll [2014/05/14 03:16:56 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2014/05/14 03:16:56 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2014/05/14 03:16:56 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll [2014/05/14 03:16:56 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll [2014/05/14 03:16:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll [2014/05/14 03:16:56 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll [2014/05/14 03:16:55 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2014/05/14 03:16:55 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll [2014/05/14 03:16:55 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll [2014/05/14 03:16:55 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll [2014/05/14 03:16:55 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll [2014/05/14 03:16:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll [2014/05/14 03:16:55 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll [2014/05/14 03:16:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll [2014/05/14 03:16:55 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll [2014/05/14 03:16:55 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2014/05/14 03:16:55 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2014/05/03 21:25:06 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elevayta Extra Boy v4.91d [2014/05/03 21:25:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elevayta Creativity Tools [2014/05/03 18:02:34 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\Audacity [2014/05/03 18:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2014/05/02 00:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2014/04/30 14:54:57 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\MPlayer [2014/04/30 14:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM Links [2014/04/30 14:54:07 | 000,000,000 | ---D | C] -- C:\MININT [2014/04/30 03:00:20 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel [2014/04/29 16:16:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2014/04/29 15:31:52 | 000,000,000 | -HSD | C] -- C:\Users\robert\AppData\Local\EmieUserList [2014/04/29 15:31:52 | 000,000,000 | -HSD | C] -- C:\Users\robert\AppData\Local\EmieSiteList [2013/09/13 20:49:29 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\robert\AppData\Roaming\pcouffin.sys [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014/05/27 14:49:02 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2014/05/27 14:26:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1235320012-531206643-3524170785-1000UA.job [2014/05/27 14:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/05/27 13:59:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/05/27 13:36:27 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/05/27 13:36:27 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/05/27 13:35:08 | 000,786,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/05/27 13:35:08 | 000,665,106 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/05/27 13:35:08 | 000,123,500 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/05/27 13:32:59 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/05/27 13:29:11 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2014/05/27 13:29:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/05/27 13:29:03 | 4262,785,022 | -HS- | M] () -- C:\hiberfil.sys [2014/05/26 23:26:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1235320012-531206643-3524170785-1000Core.job [2014/05/26 14:14:46 | 000,107,368 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll [2014/05/26 14:14:45 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll [2014/05/26 14:14:45 | 000,035,656 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll [2014/05/26 00:18:22 | 000,002,400 | ---- | M] () -- C:\Users\robert\Desktop\Google Chrome.lnk [2014/05/26 00:18:22 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2014/05/25 17:56:48 | 000,004,341 | ---- | M] () -- C:\Windows\wininit.ini [2014/05/25 17:35:45 | 000,001,249 | ---- | M] () -- C:\Users\robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2014/05/25 17:35:45 | 000,001,225 | ---- | M] () -- C:\Users\robert\Desktop\Spybot - Search & Destroy.lnk [2014/05/25 16:06:47 | 000,000,331 | ---- | M] () -- C:\Start_.cmd [2014/05/25 15:15:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2014/05/25 14:33:36 | 000,001,086 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2014/05/22 18:42:47 | 000,000,939 | ---- | M] () -- C:\Users\robert\Application Data\Microsoft\Internet Explorer\Quick Launch\PAR Buddy.lnk [2014/05/22 18:42:47 | 000,000,915 | ---- | M] () -- C:\Users\robert\Desktop\PAR Buddy.lnk [2014/05/22 18:25:53 | 000,030,208 | ---- | M] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/05/22 18:11:15 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\MultiPar.lnk [2014/05/22 18:07:28 | 000,000,958 | ---- | M] () -- C:\Users\robert\Desktop\ParNRar.lnk [2014/05/19 00:13:41 | 000,101,184 | ---- | M] (Amazon.com, Inc.) -- C:\Windows\SysNative\stkMonitor.dll [2014/05/19 00:12:42 | 000,001,062 | ---- | M] () -- C:\Users\robert\Desktop\Galaxy NexusCDMA 2 - Shortcut.lnk [2014/05/18 14:08:13 | 000,001,066 | ---- | M] () -- C:\Users\robert\Desktop\LG HBS730 - Shortcut.lnk [2014/05/18 14:07:00 | 000,001,078 | ---- | M] () -- C:\Users\robert\Desktop\Avantree Saturn - Shortcut.lnk [2014/05/15 18:32:10 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Traktor 2.lnk [2014/05/15 18:31:13 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Controller Editor.lnk [2014/05/15 18:30:58 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Service Center.lnk [2014/05/14 20:32:00 | 002,462,170 | ---- | M] () -- C:\TMP78.tmp.jpg [2014/05/14 20:13:20 | 000,003,839 | ---- | M] () -- C:\Users\robert\Documents\AutoHotkey.ahk [2014/05/14 01:13:08 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014/05/14 01:13:08 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014/05/14 01:13:03 | 017,938,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2014/05/13 22:31:26 | 000,057,439 | ---- | M] () -- C:\TMP9B.tmp.jpg [2014/05/13 20:35:21 | 000,621,679 | ---- | M] () -- C:\TMP76.tmp.jpg [2014/05/09 02:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll [2014/05/09 02:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll [2014/05/05 23:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2014/05/05 22:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2014/05/03 18:02:30 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk [2014/04/30 17:37:49 | 000,002,110 | ---- | M] () -- C:\Users\robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2014/04/30 14:52:33 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2014/04/29 00:09:33 | 000,001,456 | ---- | M] () -- C:\Users\robert\AppData\Local\Adobe Save for Web 13.0 Prefs [2014/04/28 22:18:23 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014/05/26 14:15:12 | 000,000,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk [2014/05/25 17:35:45 | 000,001,249 | ---- | C] () -- C:\Users\robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2014/05/25 17:35:45 | 000,001,225 | ---- | C] () -- C:\Users\robert\Desktop\Spybot - Search & Destroy.lnk [2014/05/25 16:06:47 | 000,000,331 | ---- | C] () -- C:\Start_.cmd [2014/05/25 14:33:36 | 000,001,086 | ---- | C] () -- C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2014/05/25 14:05:28 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2014/05/24 22:34:09 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2014/05/24 00:33:54 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk [2014/05/23 23:05:36 | 000,004,341 | ---- | C] () -- C:\Windows\wininit.ini [2014/05/22 18:42:47 | 000,000,939 | ---- | C] () -- C:\Users\robert\Application Data\Microsoft\Internet Explorer\Quick Launch\PAR Buddy.lnk [2014/05/22 18:42:47 | 000,000,915 | ---- | C] () -- C:\Users\robert\Desktop\PAR Buddy.lnk [2014/05/22 18:11:15 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\MultiPar.lnk [2014/05/22 18:07:28 | 000,000,958 | ---- | C] () -- C:\Users\robert\Desktop\ParNRar.lnk [2014/05/19 00:12:42 | 000,001,062 | ---- | C] () -- C:\Users\robert\Desktop\Galaxy NexusCDMA 2 - Shortcut.lnk [2014/05/18 14:08:13 | 000,001,066 | ---- | C] () -- C:\Users\robert\Desktop\LG HBS730 - Shortcut.lnk [2014/05/18 14:07:00 | 000,001,078 | ---- | C] () -- C:\Users\robert\Desktop\Avantree Saturn - Shortcut.lnk [2014/05/15 18:32:10 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Traktor 2.lnk [2014/05/15 18:31:13 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Controller Editor.lnk [2014/05/15 18:30:58 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk [2014/05/14 20:32:00 | 002,462,170 | ---- | C] () -- C:\TMP78.tmp.jpg [2014/05/13 22:31:26 | 000,057,439 | ---- | C] () -- C:\TMP9B.tmp.jpg [2014/05/13 20:35:21 | 000,621,679 | ---- | C] () -- C:\TMP76.tmp.jpg [2014/05/03 18:02:30 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk [2014/04/30 14:52:49 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe [2014/04/30 14:52:33 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014/03/06 14:10:31 | 000,002,391 | ---- | C] () -- C:\Users\robert\.kdiff3rc [2014/01/09 10:56:54 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll [2013/12/27 16:32:07 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2013/11/16 00:32:11 | 000,000,632 | ---- | C] () -- C:\Users\robert\_SCANNER_.LNK [2013/10/30 13:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013/10/30 13:06:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2013/10/30 13:06:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2013/10/30 13:06:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2013/10/30 13:06:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2013/10/29 20:31:28 | 000,000,858 | ---- | C] () -- C:\Windows\hpntwksetup.ini [2013/10/29 20:29:53 | 000,172,965 | ---- | C] () -- C:\Windows\hppins13.dat [2013/10/29 20:29:53 | 000,006,760 | ---- | C] () -- C:\Windows\hppmdl13.dat [2013/09/13 20:49:29 | 000,099,384 | ---- | C] () -- C:\Users\robert\AppData\Roaming\inst.exe [2013/09/13 20:49:29 | 000,007,859 | ---- | C] () -- C:\Users\robert\AppData\Roaming\pcouffin.cat [2013/09/13 20:49:29 | 000,001,167 | ---- | C] () -- C:\Users\robert\AppData\Roaming\pcouffin.inf [2013/08/14 18:46:30 | 035,215,160 | ---- | C] () -- C:\Users\robert\AppData\Roaming\automate_6_retail.exe [2013/08/14 13:49:15 | 000,000,117 | ---- | C] () -- C:\Users\robert\SciTE.session [2013/07/09 23:52:31 | 000,941,992 | ---- | C] () -- C:\Windows\SysWow64\WPShellExt64.dll [2013/05/16 22:24:43 | 000,000,000 | ---- | C] () -- C:\Windows\MusicEditor.INI [2013/05/08 13:41:20 | 000,036,363 | ---- | C] () -- C:\Windows\CSTBox.INI [2012/12/13 23:20:39 | 000,000,050 | ---- | C] () -- C:\Windows\IrisAPE.ini [2012/12/12 21:09:32 | 000,000,056 | ---- | C] () -- C:\Users\robert\AppData\Roaming\plane9config.xml [2012/12/12 10:41:20 | 000,000,291 | ---- | C] () -- C:\Users\robert\AppData\Local\custom_colors.cfg [2012/12/12 01:21:53 | 000,000,311 | ---- | C] () -- C:\Windows\SoundGraffiti.INI [2012/12/02 00:06:55 | 000,007,242 | ---- | C] () -- C:\Windows\POLYTRAN.INI [2012/12/01 22:44:13 | 000,252,416 | ---- | C] () -- C:\Windows\SysWow64\rjhExt.dll [2012/11/16 00:13:13 | 000,003,520 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini [2012/11/16 00:13:13 | 000,002,040 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini [2012/11/08 06:48:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012/11/07 22:02:23 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2012/11/07 22:01:54 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini [2012/09/24 23:46:14 | 000,000,403 | ---- | C] () -- C:\Windows\MAXLINK.INI [2012/09/23 23:12:04 | 000,001,882 | ---- | C] () -- C:\Windows\cftppro.INI [2012/08/01 23:04:42 | 000,000,132 | ---- | C] () -- C:\Users\robert\AppData\Roaming\Adobe Targa Format CS6 Prefs [2012/06/21 00:26:49 | 000,000,203 | ---- | C] () -- C:\Windows\MSUTIL.INI [2012/06/19 23:16:17 | 000,192,512 | -H-- | C] () -- C:\Windows\SysWow64\kgen.dll [2012/06/03 00:23:52 | 000,030,208 | ---- | C] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/05/30 17:45:11 | 000,001,456 | ---- | C] () -- C:\Users\robert\AppData\Local\Adobe Save for Web 13.0 Prefs [2012/05/25 02:11:52 | 000,000,024 | ---- | C] () -- C:\ProgramData\peeddy.ini [2012/05/25 02:07:45 | 000,000,071 | ---- | C] () -- C:\ProgramData\claude.ini [2012/05/23 14:24:22 | 000,000,019 | ---- | C] () -- C:\Users\robert\AppData\Local\llftool.license [2012/05/23 14:19:39 | 000,000,001 | ---- | C] () -- C:\Users\robert\AppData\Local\llftool.4.12.agreement [2012/05/16 16:40:37 | 000,000,058 | ---- | C] () -- C:\Users\robert\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2012/04/30 21:09:37 | 000,001,456 | ---- | C] () -- C:\Users\robert\AppData\Local\Adobe Save for Web 12.0 Prefs [2012/04/13 12:33:51 | 000,001,754 | ---- | C] () -- C:\Users\robert\AppData\Roaming\SAS7_000.DAT [2012/04/05 02:12:48 | 000,007,626 | ---- | C] () -- C:\Users\robert\AppData\Local\Resmon.ResmonCfg [2012/04/04 19:44:11 | 000,000,600 | ---- | C] () -- C:\Users\robert\AppData\Roaming\winscp.rnd [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012/04/04 14:20:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Forte [2014/05/24 22:36:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator.derr2\AppData\Roaming\Greenshot [2014/05/24 22:35:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator.derr2\AppData\Roaming\WinMount [2012/05/22 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\3BD52A89-62B6-4535-9262-3F502610EDF7 [2012/05/22 12:57:44 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\717DC8AF-B032-421E-B97E-16C01B6B31C4 [2012/05/28 01:25:21 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\AceBIT [2012/05/22 02:52:01 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Acronis [2013/09/12 22:36:15 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\AnvSoft [2014/05/12 21:31:19 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Audacity [2012/06/28 23:06:58 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Autodesk [2012/11/21 11:30:42 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Avid [2012/11/21 11:30:00 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Avid Technology Inc [2014/05/25 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Baocg [2013/09/03 16:27:34 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\BitKinex [2012/08/03 13:55:33 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Canon [2012/04/29 22:41:36 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012/05/28 02:24:02 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\CoreFTP [2012/05/13 15:47:31 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Digiarty [2012/11/21 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\DirectoryListPrintPro [2012/12/01 23:52:28 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\DisplayFusion [2012/05/16 16:40:37 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\DonationCoder [2012/06/03 16:49:49 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Downloaded Installations [2013/04/02 14:23:16 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\DVDVideoSoft [2014/05/25 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Easy Macro Recorder [2014/05/22 18:25:01 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\foobar2000 [2012/04/04 13:45:12 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Forte [2012/05/28 01:42:25 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\GlobalSCAPE [2013/07/10 15:53:29 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\GrabPro [2014/05/25 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Greenshot [2013/07/16 19:10:31 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Helios [2012/11/15 16:54:29 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\HideIP [2014/03/22 19:01:59 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Ibbiy [2012/11/08 08:32:29 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\ImgBurn [2013/04/11 01:49:58 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Inspyder Web2Disk [2014/03/13 20:42:57 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\IrfanView [2013/09/12 22:12:26 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Jubler [2012/11/22 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\KRKsoft [2012/04/23 20:36:48 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Leadertech [2012/11/08 08:43:54 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Leawo [2012/04/04 01:05:28 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Locate32 [2012/12/02 00:05:13 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Lunascape [2014/04/06 12:48:18 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\MPC-BE [2014/05/25 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\MultiPar [2013/02/09 14:57:55 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\MyPhoneExplorer [2014/01/07 01:39:25 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\NetDrive [2012/12/14 22:20:26 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Nitro PDF [2014/01/31 19:38:34 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Notepad++ [2012/04/13 02:24:41 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Nuance [2013/07/11 23:57:23 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Orbit [2014/01/20 01:43:54 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Overlook [2012/11/21 11:30:06 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\PACE Anti-Piracy [2012/08/22 16:50:03 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Pamela [2014/05/23 18:40:59 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\PAR Buddy [2014/05/23 21:48:32 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\PC Tech Hotline [2013/09/25 01:06:08 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\PDAppFlex [2012/05/26 19:43:29 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Pdplayer [2012/12/16 00:49:34 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Plane9 [2012/11/15 23:55:17 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\PlatinumHideIP [2014/03/28 21:35:35 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\PotPlayerMini64 [2013/07/10 15:53:31 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\ProgSense [2012/04/28 23:39:35 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Publish Providers [2014/02/11 01:23:51 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Samsung [2012/08/14 21:22:46 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\ScanSoft [2014/01/02 15:29:04 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\SolidDocuments [2012/04/29 00:36:57 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Sony [2012/12/13 23:54:12 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\SoundSpectrum [2012/05/30 21:17:11 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\SparkPDF [2012/11/04 22:08:56 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2014/05/26 13:29:44 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\stickies [2013/09/13 00:11:14 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Subtitle Edit [2012/06/02 21:44:18 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\SystemRequirementsLab [2013/01/17 13:49:35 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\TeamViewer [2012/12/16 16:06:37 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\TechSmith [2010/06/02 23:15:14 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Thunderbird [2012/11/08 08:44:44 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\tiger-k [2013/03/12 22:53:45 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\TomTom [2012/05/09 11:19:38 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\TypingMaster7 [2012/12/12 00:06:50 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Ultra Fractal 5 [2014/05/22 23:48:41 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\uTorrent [2013/09/17 14:22:34 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Vso [2012/06/06 23:27:00 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\WinAVI [2013/08/26 17:58:53 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\WinMount [2014/05/23 20:59:27 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Wondershare [2014/01/31 19:46:30 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Zeon [2012/04/05 01:51:27 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Zhorn Birthday Reminder [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 995 bytes -> C:\ProgramData\Microsoft:7t95RjwdUtIIV9cUq6UeQTB @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:3E7908F7 @Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:7BEAD6C2 @Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:15B79D44 @Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:1AAB2E68 @Alternate Data Stream - 16 bytes -> C:\Users\Public\Documents\Digital Film Tools:A4202B3E-9963-430d-8CF3-B14439F7FA6B @Alternate Data Stream - 16 bytes -> C:\Users\Public\Documents\Digital Film Tools:8AFD5FF3-1897-4f7a-BC14-08BFAAEC8893 @Alternate Data Stream - 16 bytes -> C:\Users\Public\Documents\Digital Film Tools:1EB7CD63-44F1-40d7-B9C7-38DFF5DB4F39 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:4FC01C57 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A303874F @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:7FFED16F @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:6A91BBD8 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4B1BA31B @Alternate Data Stream - 1222 bytes -> C:\ProgramData\Microsoft:r2gbnWwcedtfWou7YH @Alternate Data Stream - 1214 bytes -> C:\ProgramData\Microsoft:RsN2WTuC191VRGfu0Kg5g4l @Alternate Data Stream - 1198 bytes -> C:\Users\robert\AppData\Local\Temp:YnKpomhAEhu2qlNzJa2J @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A1EDB939 @Alternate Data Stream - 1181 bytes -> C:\Users\robert\AppData\Local\Temp:6wDqoGfEjoXNiPpgTagY @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720 @Alternate Data Stream - 1142 bytes -> C:\ProgramData\Microsoft:aCy6CLA2LFTNN3CWN @Alternate Data Stream - 1097 bytes -> C:\ProgramData\Microsoft:0Y1NdshzEdJrFRNHwOUI @Alternate Data Stream - 1066 bytes -> C:\ProgramData\Microsoft:SezB6jJqWYjaVQnosQOdCxq @Alternate Data Stream - 1024 bytes -> C:\ProgramData\Microsoft:xtx761xDM21vOLNTkPST4idJ03lN < End of report >