If it's any help, programs that I use regularly and are essential to my work are the following - Holdem Manger 2, Placemint, Black Chip Poker, RunBetterPoker Mergekeys Beta, HHSmithy Downloader, Notecaddy 2, and TableScan Turbo.
Thanks for your help, if you need any extra info let me know as I'm new to the forums.
---------------------------
OTL logfile created on: 5/8/2012 4:18:21 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Justin\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
6.00 Gb Total Physical Memory | 3.59 Gb Available Physical Memory | 59.79% Memory free
12.11 Gb Paging File | 9.34 Gb Available in Paging File | 77.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.04 Gb Total Space | 80.14 Gb Free Space | 27.82% Space Free | Partition Type: NTFS
Drive D: | 10.05 Gb Total Space | 1.39 Gb Free Space | 13.85% Space Free | Partition Type: NTFS
Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/08 04:17:07 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
PRC - [2012/04/01 19:53:37 | 002,024,960 | ---- | M] (HHSmithy) -- C:\Program Files (x86)\hhSmithy\hhSmithy Downloader\HHSmithyDownloader.exe
PRC - [2011/06/28 23:17:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 17:00:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/04 12:22:49 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/04/12 20:30:27 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/03/13 05:48:48 | 003,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 14:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2007/05/29 17:19:06 | 000,198,240 | ---- | M] () -- c:\hp\HPEZBTN\HPBtnSrv.exe
PRC - [2007/02/16 20:08:14 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\AstSrv.exe
PRC - [2006/09/24 16:20:58 | 000,086,016 | ---- | M] (Realtime Soft) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
========== Modules (No Company Name) ==========
MOD - [2012/04/11 13:13:05 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll
MOD - [2012/04/11 13:12:54 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll
MOD - [2012/02/15 05:48:08 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a4b9d424cd4509b6b76fba81f347f561\System.Runtime.Serialization.ni.dll
MOD - [2012/02/15 05:48:06 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\696e2d9a6491947cd89ead8cc4cc658a\SMDiagnostics.ni.dll
MOD - [2012/02/15 05:48:04 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\effa6ad5369cea835146937a5635275b\System.ServiceModel.ni.dll
MOD - [2012/02/15 05:47:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/15 05:27:01 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/15 05:26:24 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\30fe25ea2dd3b99aafe164fb198eed2e\System.Core.ni.dll
MOD - [2012/02/15 05:26:21 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll
MOD - [2012/02/15 05:25:38 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/12/30 04:24:46 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2009/03/30 00:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/03/11 17:13:23 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/01/20 22:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 22:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/04 22:30:13 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/06/28 23:17:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 17:00:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/12 20:30:27 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/13 05:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/05/29 17:19:06 | 000,198,240 | ---- | M] () [Auto | Running] -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2007/02/16 20:08:14 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Windows\SysWow64\\AstSrv.exe -- (Ast Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/28 23:17:11 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 23:17:11 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/17 12:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 12:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 12:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 12:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb)
DRV:64bit: - [2008/10/04 21:29:46 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2007/09/07 10:43:24 | 000,204,672 | ---- | M] (ViXS Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\xcbdax64.sys -- (xcbdaNtsc) ViXS Tuner Card (NTSC)
DRV:64bit: - [2007/08/21 04:43:26 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\point64k.sys -- (Point64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F34A90F9-0CD3-4BDB-91B0-D4B926FAE58B}
IE:64bit: - HKLM\..\SearchScopes\{F34A90F9-0CD3-4BDB-91B0-D4B926FAE58B}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE:64bit: - HKLM\..\SearchScopes\{FED6E1EA-BFAE-4E20-B35F-66200C055F42}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\..\SearchScopes,DefaultScope = ComcastSearch
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{713E7E2E-31F1-4DFA-82ED-4F261B5B243D}: "URL" = http://www.searchino...s={searchTerms}
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKLM\..\SearchScopes\{F34A90F9-0CD3-4BDB-91B0-D4B926FAE58B}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{FED6E1EA-BFAE-4E20-B35F-66200C055F42}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\ComcastSearch: "URL" = http://search.comcas...cat=Web&con=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {124D4966-AD3A-45A9-BE9A-F2111FA7B6FE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{124D4966-AD3A-45A9-BE9A-F2111FA7B6FE}: "URL" = http://www.google.co...&rlz=1I7ADBR_en
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKCU\..\SearchScopes\{F34A90F9-0CD3-4BDB-91B0-D4B926FAE58B}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{FD511088-776F-4893-B28D-8FB100254730}: "URL" = http://www.searchino...s={searchTerms}
IE - HKCU\..\SearchScopes\{FED6E1EA-BFAE-4E20-B35F-66200C055F42}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\ComcastSearch: "URL" = http://search.comcas...cat=Web&con=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/27 20:24:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/10 14:13:11 | 000,000,000 | ---D | M]
[2009/04/08 00:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2012/05/02 05:02:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ggjljoqk.default\extensions
[2010/07/02 22:14:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ggjljoqk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/27 20:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/27 20:24:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/25 12:25:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/19 04:48:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/19 04:48:31 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2009/10/25 02:12:28 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pandora.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cardrunners.com ([www] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} https://www.lojackfo...mweb/testoc.cab (Recovery ActiveX Control Module)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {BB608966-BC14-4875-9F63-853E5851A2B6} http://download.micr...93/pmupd806.exe (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25CBA512-57F0-40D0-BEFD-9206DCE0E889}: DhcpNameServer = 68.87.74.166 68.87.68.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52B50FBE-9F45-4CB1-94D4-EE4C4CE6EA26}: DhcpNameServer = 68.87.74.166 68.87.68.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61C4256E-4F19-4DCB-BC58-58DE5CB6AFDD}: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7556351C-DA97-4638-9D60-3A474BE28E5D}: DhcpNameServer = 68.87.74.166 68.87.68.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{858454BE-0028-491B-AE29-6E7487D554C7}: DhcpNameServer = 68.87.74.166 68.87.68.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C979B43-92ED-4D2B-BC44-2462EDFE68E1}: DhcpNameServer = 68.87.74.166 68.87.68.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6F42EE0-E86E-4517-8D95-CC43A27DDDF0}: DhcpNameServer = 68.87.74.166 68.87.68.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E503D4FB-24EF-4A3F-87E9-214C284506F7}: DhcpNameServer = 68.87.74.166 68.87.68.166
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Justin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Justin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{23d571a4-36fc-11dd-84ab-001fc66f3d57}\Shell\AutoRun\command - "" = L:\setupSNK.exe
O33 - MountPoints2\{a89f2f92-928c-11dd-8b64-001fc66f3d57}\Shell - "" = AutoRun
O33 - MountPoints2\{a89f2f92-928c-11dd-8b64-001fc66f3d57}\Shell\AutoRun\command - "" = M:\Installer.exe
O34 - HKLM BootExecute: (autocheck autochk /r \??\L:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/08 04:17:00 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2012/05/08 04:08:10 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/05/08 04:08:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJackThis
[2012/04/27 20:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/16 22:46:10 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\OpenOffice.org
[2012/04/16 22:42:55 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012/04/16 22:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/04/16 22:34:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Open Office
[2012/04/15 12:47:35 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\Unused
[2012/04/13 20:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RunBetterPoker.com MergeKeys Beta
[2012/04/13 20:13:59 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RunBetterPoker.com MergeKeys Beta
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Justin\AppData\Local\*.tmp files -> C:\Users\Justin\AppData\Local\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/08 04:36:56 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2012/05/08 04:36:54 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2012/05/08 04:35:49 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\agremove.exe
[2012/05/08 04:29:18 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/08 04:17:07 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2012/05/08 04:12:49 | 000,002,691 | ---- | M] () -- C:\Users\Justin\Desktop\HiJackThis.lnk
[2012/05/08 04:06:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/08 04:05:29 | 001,402,880 | ---- | M] () -- C:\Users\Justin\Desktop\HijackThis.msi
[2012/05/08 03:53:29 | 000,002,399 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
[2012/05/08 03:53:24 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 03:53:24 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 03:53:24 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/08 03:53:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/07 20:52:21 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\HoldemManager2.lnk
[2012/05/07 20:00:00 | 000,000,560 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Justin.job
[2012/05/07 07:17:56 | 000,204,800 | ---- | M] () -- C:\Users\Justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/06 08:13:03 | 000,000,680 | ---- | M] () -- C:\Users\Justin\AppData\Local\d3d9caps.dat
[2012/05/01 19:12:34 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/18 23:21:20 | 087,031,672 | ---- | M] () -- C:\Users\Justin\Desktop\avira_free_antivirus_en.exe
[2012/04/18 12:56:50 | 000,315,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/13 20:14:00 | 000,002,110 | ---- | M] () -- C:\Users\Justin\Desktop\RunBetterPoker.com MergeKeys Beta.lnk
[2012/04/13 12:44:12 | 000,000,220 | ---- | M] () -- C:\Users\Justin\Desktop\X-COM Terror from the Deep.url
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Justin\AppData\Local\*.tmp files -> C:\Users\Justin\AppData\Local\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/08 04:08:10 | 000,002,691 | ---- | C] () -- C:\Users\Justin\Desktop\HiJackThis.lnk
[2012/05/08 04:05:28 | 001,402,880 | ---- | C] () -- C:\Users\Justin\Desktop\HijackThis.msi
[2012/04/18 23:12:52 | 087,031,672 | ---- | C] () -- C:\Users\Justin\Desktop\avira_free_antivirus_en.exe
[2012/04/13 20:14:00 | 000,002,110 | ---- | C] () -- C:\Users\Justin\Desktop\RunBetterPoker.com MergeKeys Beta.lnk
[2012/04/13 12:44:12 | 000,000,220 | ---- | C] () -- C:\Users\Justin\Desktop\X-COM Terror from the Deep.url
[2010/09/10 01:59:33 | 000,000,680 | ---- | C] () -- C:\Users\Justin\AppData\Local\d3d9caps.dat
[2010/07/08 18:57:30 | 000,000,130 | ---- | C] () -- C:\Windows\cfplogvw.INI
[2010/05/29 21:57:15 | 000,004,866 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
========== LOP Check ==========
[2012/04/07 11:26:08 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\AppClient
[2010/04/09 20:55:25 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2008/10/04 21:29:12 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DAEMON Tools
[2008/08/20 07:28:57 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\GetRightToGo
[2011/05/11 23:03:00 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\HEM Data
[2012/02/11 01:48:20 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\hhSmithy
[2012/05/07 23:08:45 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\HoldemManager
[2009/11/16 18:40:29 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Leadertech
[2010/09/11 18:19:01 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\NesterSoft
[2008/08/19 22:11:24 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Nokia
[2008/08/19 22:15:12 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\NSeries
[2012/04/16 22:46:10 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\OpenOffice.org
[2008/08/01 13:30:09 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\PC Suite
[2010/12/23 04:36:28 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\PlayFirst
[2008/11/08 18:01:17 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\postgresql
[2012/02/09 09:10:09 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Roaming
[2010/03/25 15:55:30 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\TeamViewer
[2008/11/07 10:20:28 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Template
[2011/12/02 22:01:02 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\TS3Client
[2011/12/18 21:03:03 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\wargaming.net
[2008/06/10 15:37:05 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WildTangent
[2012/03/16 18:23:13 | 000,000,000 | -HSD | M] -- C:\Users\Justin\AppData\Roaming\wyUpdate AU
[2012/05/08 03:37:22 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:B0A96209
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:1CFFB598
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C05A8628
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
Edited by goatgoatgoat, 08 May 2012 - 03:41 AM.