start createrestorepoint: HKU\S-1-5-21-2448385805-1358340357-1453317947-1001\...\Run: [] => [X] HKU\S-1-5-21-2448385805-1358340357-1453317947-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2014-12-15] (Nokia) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File S0 raeehd; No ImagePath 2013-12-19 20:31 - 2013-12-19 20:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\adtschema.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dxtmsft.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\EncDump.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Faultrep.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msaudite.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ntvdm64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\TSWbPrxy.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WerFault.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WerFaultSecure.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\adtschema.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\Faultrep.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\instnm.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msaudite.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ntvdm64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\scesrv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\setup16.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\user.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\werdiagcontroller.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFault.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFaultSecure.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wow32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\pccsmcfdx64.sys:$CmdTcID AlternateDataStreams: C:\Users\username\SkyDrive:ms-properties AlternateDataStreams: C:\Users\username\Desktop\OTL.exe:$CmdTcID AlternateDataStreams: C:\Users\username\Desktop\OTL.exe:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\1.mp4:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\1.mp4:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\2.mp4:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\2.mp4:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\3.mp4:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\3.mp4:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\4.mp4:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\4.mp4:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\5.mp4:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\BG2_Artworks.zip:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\BG2_Avatars.zip:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\BG2_manuals.zip:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\BG2_Map.zip:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\BG2_soundtrack.zip:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\BG2_TOB_refcard.zip:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\BG2_Wallpapers.zip:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\FRST64(1).exe:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\FRST64(1).exe:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\Nokia_Suite_webinstaller_ALL.exe:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\Nokia_Suite_webinstaller_ALL.exe:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\OTL(1).exe:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\OTL(1).exe:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\sdfghj.jpg:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\sdfghj.jpg:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\setup_baldurs_gate2_2.0.0.12-1.bin:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\setup_baldurs_gate2_2.0.0.12-2.bin:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\setup_baldurs_gate2_2.0.0.12.exe:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\setup_caesar3_2.0.0.9.exe:$CmdTcID emptytemp: