OTL logfile created on: 6/17/2011 3:14:19 PM - Run 4 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Kenn\Pictures\Uploads\Blog Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.25 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 42.19% Memory free 8.06 Gb Paging File | 6.26 Gb Available in Paging File | 77.71% Paging File free Paging file location(s): c:\pagefile.sys 5000 5000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 581.48 Gb Total Space | 185.98 Gb Free Space | 31.98% Space Free | Partition Type: NTFS Drive D: | 14.65 Gb Total Space | 14.54 Gb Free Space | 99.28% Space Free | Partition Type: NTFS Computer Name: KENN-PC | User Name: Kenn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/06/17 15:12:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Pictures\Uploads\Blog\OTL.exe PRC - [2011/05/18 09:25:46 | 022,631,608 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2011/04/29 03:59:52 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/01/20 05:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe PRC - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe PRC - [2011/01/10 10:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009/06/23 17:37:22 | 000,098,304 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe PRC - [2009/06/23 17:37:22 | 000,036,864 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTV7Rec.exe PRC - [2009/06/23 17:31:16 | 000,307,200 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe PRC - [2009/06/23 17:31:10 | 000,434,176 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe PRC - [2009/04/17 11:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/02/27 16:10:16 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe PRC - [2009/01/30 01:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Users\Kenn\Documents\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2008/01/20 22:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011/06/17 15:12:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Pictures\Uploads\Blog\OTL.exe MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (ShowAnalyzerMaster) SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2009/07/08 13:50:51 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2009/06/23 17:31:10 | 000,434,176 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer) SRV - [2009/04/17 11:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Users\Kenn\Documents\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008/11/03 19:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters) SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011/06/17 15:04:03 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/05/10 07:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010/06/24 14:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP) DRV - [2010/06/24 14:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand) DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\62832842.sys -- (62832842) DRV - [2009/10/09 23:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\6283284.sys -- (setup_9.0.0.722_04.06.2011_22-45drv) DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\62832841.sys -- (62832841) DRV - [2009/08/14 09:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2009/08/14 09:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2009/06/09 14:33:56 | 001,442,816 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA) DRV - [2009/02/24 00:49:54 | 003,847,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2009/02/24 00:49:54 | 003,847,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/11/04 19:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104}) DRV - [2008/06/10 16:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2008/03/10 22:42:24 | 000,074,240 | ---- | M] (Monsoon Multimedia Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\havair.sys -- (smscir) DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl) DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMDUSB.sys -- (NETMDUSB) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 03:59:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/27 15:04:49 | 000,000,000 | ---D | M] [2009/08/01 00:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Extensions [2011/03/14 12:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\asv8bq5u.default\extensions [2011/03/14 12:49:02 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\asv8bq5u.default\extensions\plugin@yontoo.com [2011/03/14 12:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\n0x1p1ro.default\extensions [2011/03/14 12:49:02 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\n0x1p1ro.default\extensions\plugin@yontoo.com [2011/06/17 10:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions [2009/08/30 01:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [2011/06/17 10:37:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/03/23 19:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/05/15 00:40:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/10 12:45:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/17 16:03:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/04/29 03:59:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2009/07/17 04:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2005/04/05 05:38:20 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPJinit13122.dll [2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC) O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_04.06.2011_22-45.lnk = File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254 O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (maliprog @ Geekstogo) O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{567408ed-77dd-11de-ad66-0024e80c1292}\Shell - "" = AutoRun O33 - MountPoints2\{567408ed-77dd-11de-ad66-0024e80c1292}\Shell\AutoRun\command - "" = K:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/06/17 15:16:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011/06/17 15:16:37 | 000,000,000 | ---D | C] -- C:\862d86b74cd492741e26ebe28a0bc5 [2011/06/17 15:04:03 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2011/06/16 18:54:18 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\6283284.sys [2011/06/16 18:54:18 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\62832841.sys [2011/06/16 18:54:18 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\62832842.sys [2011/06/07 18:18:48 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\MPEG2Cut [2011/06/05 05:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar [2011/06/05 05:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2011/06/05 05:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2011/06/02 20:26:14 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\NRAS Mods_Sims 3 [2010/02/04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll [2009/07/31 09:44:04 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Kenn\AppData\Roaming\DataSafeDotNet.exe [3 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/06/17 15:10:09 | 000,014,336 | ---- | M] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/17 15:09:05 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3147919181-1169093923-3288007742-1000UA.job [2011/06/17 15:08:38 | 000,639,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/06/17 15:08:38 | 000,118,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/06/17 15:04:03 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2011/06/17 14:49:24 | 000,000,300 | -HS- | M] () -- C:\Windows\tasks\ubnypvssq.job [2011/06/17 14:49:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/06/17 14:49:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/06/17 14:49:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/06/17 11:50:16 | 000,711,728 | ---- | M] () -- C:\Windows\is-VP4RR.exe [2011/06/17 11:50:16 | 000,010,498 | ---- | M] () -- C:\Windows\is-VP4RR.msg [2011/06/17 11:50:16 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/17 11:50:16 | 000,000,374 | ---- | M] () -- C:\Windows\is-VP4RR.lst [2011/06/17 08:46:45 | 000,011,084 | -HS- | M] () -- C:\Users\Kenn\AppData\Local\g5m6ob75g5s1l11u55n4i [2011/06/17 08:46:45 | 000,011,084 | -HS- | M] () -- C:\ProgramData\g5m6ob75g5s1l11u55n4i [2011/06/17 04:09:13 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3147919181-1169093923-3288007742-1000Core.job [2011/06/16 18:55:11 | 000,002,148 | ---- | M] () -- C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_04.06.2011_22-45.lnk [2011/06/16 18:41:26 | 000,322,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/06/09 16:53:33 | 000,464,415 | ---- | M] () -- C:\Users\Kenn\Documents\20.jpg [2011/06/06 12:30:18 | 002,705,019 | ---- | M] () -- C:\Users\Kenn\Documents\Insider_Journal_III.pdf [2011/06/04 14:38:02 | 000,011,770 | -HS- | M] () -- C:\Users\Kenn\AppData\Local\8q885oc37xa8y12v5 [2011/06/04 14:38:02 | 000,011,770 | -HS- | M] () -- C:\ProgramData\8q885oc37xa8y12v5 [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/05/22 14:38:55 | 000,421,767 | ---- | M] () -- C:\Users\Kenn\Documents\SecretSix-13.jpg [2011/05/22 14:38:46 | 000,341,669 | ---- | M] () -- C:\Users\Kenn\Documents\SecretSix-12.jpg [2011/05/22 14:38:37 | 000,386,698 | ---- | M] () -- C:\Users\Kenn\Documents\SecretSix-11.jpg [2011/05/22 14:38:28 | 000,367,931 | ---- | M] () -- C:\Users\Kenn\Documents\SecretSix-10.jpg [3 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/06/17 11:50:16 | 000,711,728 | ---- | C] () -- C:\Windows\is-VP4RR.exe [2011/06/17 11:50:16 | 000,010,498 | ---- | C] () -- C:\Windows\is-VP4RR.msg [2011/06/17 11:50:16 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/17 11:50:16 | 000,000,374 | ---- | C] () -- C:\Windows\is-VP4RR.lst [2011/06/16 18:55:11 | 000,002,148 | ---- | C] () -- C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_04.06.2011_22-45.lnk [2011/06/16 11:20:03 | 000,011,084 | -HS- | C] () -- C:\Users\Kenn\AppData\Local\g5m6ob75g5s1l11u55n4i [2011/06/16 11:20:03 | 000,011,084 | -HS- | C] () -- C:\ProgramData\g5m6ob75g5s1l11u55n4i [2011/06/09 16:53:33 | 000,464,415 | ---- | C] () -- C:\Users\Kenn\Documents\20.jpg [2011/06/06 12:30:18 | 002,705,019 | ---- | C] () -- C:\Users\Kenn\Documents\Insider_Journal_III.pdf [2011/06/04 14:18:06 | 000,011,770 | -HS- | C] () -- C:\Users\Kenn\AppData\Local\8q885oc37xa8y12v5 [2011/06/04 14:18:06 | 000,011,770 | -HS- | C] () -- C:\ProgramData\8q885oc37xa8y12v5 [2011/05/22 14:38:54 | 000,421,767 | ---- | C] () -- C:\Users\Kenn\Documents\SecretSix-13.jpg [2011/05/22 14:38:46 | 000,341,669 | ---- | C] () -- C:\Users\Kenn\Documents\SecretSix-12.jpg [2011/05/22 14:38:37 | 000,386,698 | ---- | C] () -- C:\Users\Kenn\Documents\SecretSix-11.jpg [2011/05/22 14:38:27 | 000,367,931 | ---- | C] () -- C:\Users\Kenn\Documents\SecretSix-10.jpg [2011/05/03 10:13:47 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011/04/18 14:34:21 | 000,009,170 | -HS- | C] () -- C:\Users\Kenn\AppData\Local\23p2ct64n5i40 [2011/04/18 14:34:21 | 000,009,170 | -HS- | C] () -- C:\ProgramData\23p2ct64n5i40 [2011/03/30 06:41:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011/03/30 06:41:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/03/30 06:41:48 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011/03/30 06:41:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/03/30 06:41:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/03/29 14:55:39 | 000,000,120 | ---- | C] () -- C:\Users\Kenn\AppData\Local\Gdinovoxa.dat [2011/03/29 14:55:39 | 000,000,000 | ---- | C] () -- C:\Users\Kenn\AppData\Local\Wtipejivulu.bin [2011/03/24 19:46:55 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll [2011/02/10 17:51:58 | 003,075,072 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2010/11/04 19:45:49 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini [2010/11/04 19:45:46 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini [2010/08/29 17:34:05 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010/06/30 09:19:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010/06/30 09:19:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010/06/30 08:30:42 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010/06/07 03:33:27 | 000,000,297 | ---- | C] () -- C:\Windows\wininit.ini [2010/03/15 05:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009/11/07 01:04:20 | 000,036,962 | ---- | C] () -- C:\Windows\System32\ActPanel.dll [2009/08/23 11:06:44 | 000,638,976 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009/08/23 10:43:46 | 000,163,840 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009/08/10 14:04:00 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009/08/10 14:04:00 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2009/08/10 14:03:54 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe [2009/08/10 13:56:02 | 000,004,134 | ---- | C] () -- C:\Windows\HCWPNP.INI [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/07/23 19:08:18 | 000,007,512 | ---- | C] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat [2009/07/19 21:07:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009/07/16 21:46:32 | 000,000,528 | ---- | C] () -- C:\Windows\_delis32.ini [2009/07/16 20:51:37 | 000,262,416 | ---- | C] () -- C:\Windows\System32\ASFV2.DLL [2009/07/16 20:49:35 | 000,524,288 | ---- | C] () -- C:\Windows\System32\TDI-SonyOMG.dll [2009/07/16 00:51:56 | 000,014,336 | ---- | C] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/16 00:33:51 | 000,157,768 | ---- | C] () -- C:\Windows\hpoins29.dat [2009/07/08 16:29:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll [2009/07/08 16:29:05 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2009/07/08 16:29:05 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009/07/08 16:29:05 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009/07/08 16:29:05 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2009/07/08 16:29:05 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009/07/08 16:29:05 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2009/07/08 16:29:01 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll [2009/07/08 08:33:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009/04/11 14:02:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/02/20 00:36:13 | 000,000,986 | ---- | C] () -- C:\Windows\hpomdl29.dat [2007/02/03 08:59:04 | 000,050,127 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:47:37 | 000,322,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:33:01 | 000,639,904 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,118,156 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/08/16 10:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\System32\fftw3.dll [1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll [1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll [color=#E56717]========== LOP Check ==========[/color] [2010/11/18 13:44:03 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\AnvSoft [2011/05/13 23:26:42 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\avidemux [2010/08/29 17:34:13 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Canneverbe Limited [2010/11/15 23:48:41 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\com.adobe.air.oev [2010/07/27 19:33:57 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009/09/02 12:13:08 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Cool Record Edit Pro [2009/07/23 19:10:59 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DAEMON Tools Lite [2010/04/28 13:14:09 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Desktopicon [2011/04/18 22:10:54 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Dream Aquarium [2009/09/02 12:24:57 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Free Sound Recorder [2010/06/19 12:47:03 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\GrabPro [2009/08/22 22:59:44 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\IcoFX [2010/11/10 02:16:45 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ImgBurn [2010/08/25 17:02:24 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\InterVideo [2010/11/04 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ooVoo Details [2011/03/07 22:20:24 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Orbit [2011/03/03 01:47:15 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Replay Media Catcher 4 [2011/01/11 15:32:04 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Rovio [2010/12/24 12:58:46 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\SanDisk [2011/04/11 00:15:58 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\TSRWorkshop [2011/06/16 11:23:03 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\uTorrent [2011/02/21 13:04:12 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\VistaCodecs [2011/02/26 21:34:30 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\WinAVI [2010/03/10 13:10:27 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Windows Live Writer [2011/06/17 14:48:23 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011/06/17 14:49:24 | 000,000,300 | -HS- | M] () -- C:\Windows\Tasks\ubnypvssq.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3 < End of report >