Error
Failed to get temp file name
Access is denied.
(Error Code: 5)
Could not open scratch file because the file is locked, you do not have necessary access permissions, or another program is using the file. Use the properties command in the Windows Explorer to unlock the file.
Also, SOMETHING keeps changing my search engine from Google to Yahoo Search in Chrome and I DON'T LIKE THAT!
OTL logfile created on: 10/15/2013 3:21:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\papa\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.95 Gb Total Physical Memory | 3.35 Gb Available Physical Memory | 56.35% Memory free
11.90 Gb Paging File | 8.67 Gb Available in Paging File | 72.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 663.18 Gb Total Space | 351.47 Gb Free Space | 53.00% Space Free | Partition Type: NTFS
Drive D: | 20.06 Gb Total Space | 2.17 Gb Free Space | 10.82% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.11% Space Free | Partition Type: FAT32
Drive F: | 2.85 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive Z: | 11.23 Gb Total Space | 11.14 Gb Free Space | 99.17% Space Free | Partition Type: NTFS
Computer Name: PAPA_LAPTOP | User Name: papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/10/15 15:20:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\papa\Downloads\OTL.exe
PRC - [2013/09/05 10:04:16 | 003,478,392 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2013/08/27 15:04:54 | 005,903,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
PRC - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/08/26 17:31:10 | 004,851,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/08/09 06:57:57 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2011/11/03 17:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2011/09/28 19:42:14 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/09/10 16:12:38 | 009,378,592 | ---- | M] (VSO Software SARL) -- C:\Program Files (x86)\vso\ConvertX\4\ConvertXtoDvd.exe
PRC - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2010/06/10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/06 09:27:24 | 000,857,600 | ---- | M] () -- c:\Program Files (x86)\Ss.Helper\psupport.dll
MOD - [2013/10/03 02:03:05 | 000,415,184 | ---- | M] () -- C:\Users\papa\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 02:03:04 | 013,611,984 | ---- | M] () -- C:\Users\papa\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
MOD - [2013/10/03 02:03:03 | 004,055,504 | ---- | M] () -- C:\Users\papa\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 02:02:12 | 000,698,832 | ---- | M] () -- C:\Users\papa\AppData\Local\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 02:02:11 | 000,099,792 | ---- | M] () -- C:\Users\papa\AppData\Local\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 02:02:09 | 001,604,560 | ---- | M] () -- C:\Users\papa\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/08/07 15:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/11/03 17:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011/11/03 17:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011/11/03 17:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/23 16:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/09/20 15:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/09/08 09:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/09 10:01:43 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/07/09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/02 14:48:18 | 000,905,307 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysWOW64\lnsecsl.exe -- (Adobe Licensing Console)
SRV - [2011/09/01 01:11:00 | 002,425,960 | ---- | M] (Realsil Microelectronics Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/08/19 09:44:30 | 000,260,424 | ---- | M] (HP) [Disabled | Stopped] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/07/11 17:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/04/30 04:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/02/24 04:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/01 17:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 17:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/08/22 23:25:44 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/08/22 23:08:14 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/08/22 22:55:04 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/08/22 22:54:54 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/08/20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/08/01 16:06:28 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/08/01 16:04:56 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/05/13 15:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/03/25 14:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/12/19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/12 04:38:18 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/11/03 04:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/10/29 23:04:01 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/29 23:04:01 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/20 21:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/09/20 21:36:50 | 000,133,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2011/09/20 21:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/09/20 21:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/09/20 21:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/09/20 21:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/09/20 21:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/09/08 09:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/09/02 15:46:00 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/08/26 15:54:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/08/26 15:53:52 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/24 01:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/26 15:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 09:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 07:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 07:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/28 13:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/11/07 11:42:28 | 000,104,912 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{43B1F95C-FFCE-4013-A0F7-16CC4331A25D}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...D-B61CE273359E}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{43B1F95C-FFCE-4013-A0F7-16CC4331A25D}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...D-B61CE273359E}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {103D9286-AC8B-4FAC-A3F4-9AD31F8CEFC0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{103D9286-AC8B-4FAC-A3F4-9AD31F8CEFC0}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{43B1F95C-FFCE-4013-A0F7-16CC4331A25D}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...D-B61CE273359E}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\papa\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\papa\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\papa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013/03/13 09:36:53 | 000,000,000 | ---D | M]
[2012/02/27 10:14:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\papa\AppData\Roaming\Mozilla\Firefox\extensions
[2012/02/27 10:14:15 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\papa\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2013/06/12 11:16:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\papa\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.moondographics.com/kady.htm
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\papa\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\papa\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\papa\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmogjcijkfeahcajecmmegieipfbdcc\1.0_0\npwebsitelogon.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Users\papa\AppData\Local\Google\Chrome\Application\plugins\npdjvu.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\papa\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u00C3\u0192\u00C6\u2019\u00C3\u2020\u00E2\u20AC\u2122\u00C3\u0192\u00E2\u20AC\u0161\u00C3\u00A2\u00E2\u201A\u00AC\u00C5\u00A1\u00C3\u0192\u00C6\u2019\u00C3\u201A\u00C2\u00A2\u00C3\u0192\u00E2\u20AC\u0161\u00C3\u00A2\u00E2\u201A\u00AC\u00C5\u00BE\u00C3\u0192\u00E2\u20AC\u0161\u00C3\u201A\u00C2\u00A2 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\papa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - homepage: http://search.yahoo....r=spigot-yhp-ch
CHR - Extension: YouTube = C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: world of tanks = C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkebddcodbfbaekbcadjpdmbdoofmpl\2_0\
CHR - Extension: Gmail = C:\Users\papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013/02/25 14:53:49 | 000,002,302 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.newoa
O1 - Hosts: 127.0.0.1 practivate.adobe.ntp
O1 - Hosts: 127.0.0.1 practivate.adobe.ipp
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 wip.adobe.com
O1 - Hosts: 127.0.0.1 wip1.aobe.com
O1 - Hosts: 127.0.0.1 wip2.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.wip.adobe.com
O1 - Hosts: 127.0.0.1 www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com
O1 - Hosts: 127.0.0.1 www.wip3.adobe.com
O1 - Hosts: 127.0.0.1 www.wip4.adobe.com
O1 - Hosts: 19 more lines...
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (no name) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - No CLSID value found.
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (HDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\HughesNet Download Manager\iefdm2.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download all with HughesNet Download Manager - C:\Program Files (x86)\HughesNet Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with HughesNet Download Manager - C:\Program Files (x86)\HughesNet Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with HughesNet Download Manager - C:\Program Files (x86)\HughesNet Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with HughesNet Download Manager - C:\Program Files (x86)\HughesNet Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all with HughesNet Download Manager - C:\Program Files (x86)\HughesNet Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with HughesNet Download Manager - C:\Program Files (x86)\HughesNet Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with HughesNet Download Manager - C:\Program Files (x86)\HughesNet Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with HughesNet Download Manager - C:\Program Files (x86)\HughesNet Download Manager\dllink.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.6.251
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74216EA1-BBDD-41AD-A806-40BAD290E818}: DhcpNameServer = 192.168.6.251
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3B0520D-7518-4C62-B9FE-C86041D95E27}: DhcpNameServer = 10.33.1.202 10.33.1.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F17DBC19-8FAD-4024-8C21-A1E47A1632FA}: DhcpNameServer = 10.33.1.202 10.33.1.203
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\ssde96~1.hel\psupport.dll) - c:\Program Files (x86)\Ss.Helper\psupport.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5aa060d8-9b64-11e1-80c0-ec9a74563379}\Shell - "" = AutoRun
O33 - MountPoints2\{5aa060d8-9b64-11e1-80c0-ec9a74563379}\Shell\AutoRun\command - "" = H:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/15 14:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rovio
[2013/10/15 10:34:42 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Roaming\Roxio Log Files
[2013/10/14 14:01:42 | 000,000,000 | ---D | C] -- C:\Users\papa\Desktop\New folder
[2013/10/14 14:00:45 | 000,000,000 | ---D | C] -- C:\temp
[2013/10/13 09:44:36 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Roaming\AVG2014
[2013/10/13 09:42:44 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Roaming\TuneUp Software
[2013/10/13 09:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/10/13 09:11:58 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\MFAData
[2013/10/13 09:11:58 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\Avg2014
[2013/10/12 11:12:33 | 000,000,000 | ---D | C] -- C:\Users\papa\Desktop\Bob movies
[2013/10/09 19:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SummerSoft
[2013/10/09 19:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ss.Helper
[2013/10/09 19:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Doownloadu koeeper
[2013/10/09 19:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/10/09 09:52:02 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Roaming\LSMGUIAIR.64AAB1E9DCCE40D96A4E881F8BD26884D826DB32.1
[2013/10/09 09:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Poser Pro
[2013/10/09 08:29:56 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Roaming\Poser Pro
[2013/10/09 08:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
[2013/10/09 08:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Smith Micro
[2013/10/09 08:24:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smith Micro
[2013/10/09 08:24:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Poser Pro 2010 Content
[2013/09/29 13:07:20 | 000,000,000 | ---D | C] -- C:\Users\papa\Desktop\finished torrents
[2013/09/29 12:30:32 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Roaming\SUPERAntiSpyware.com
[2013/09/29 12:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/09/29 12:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/09/29 12:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/09/29 11:07:59 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Roaming\BitTorrent
[2013/09/29 11:03:42 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Roaming\tixati
[2013/09/29 11:03:08 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
[2013/09/28 21:13:29 | 000,000,000 | ---D | C] -- C:\Users\papa\Desktop\From Mr Kitty
[2013/09/23 22:53:58 | 000,000,000 | ---D | C] -- C:\Users\papa\Desktop\new utorrent stuff
[2013/09/21 19:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2013/09/21 16:00:34 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Roaming\Worthless Bums
[2013/09/18 04:54:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/09/15 19:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2012/05/30 10:07:49 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\papa\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/10/15 15:18:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/15 15:18:27 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/15 15:17:42 | 000,782,680 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/15 15:17:42 | 000,664,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/15 15:17:42 | 000,122,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/15 15:16:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/15 14:35:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3191996425-1935779340-1019366156-1000UA.job
[2013/10/15 14:22:25 | 000,002,061 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2013/10/15 09:54:57 | 000,152,156 | ---- | M] () -- C:\Users\papa\Desktop\einar-mark borodino.bte
[2013/10/15 09:33:52 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3191996425-1935779340-1019366156-1000Core.job
[2013/10/15 09:27:03 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/14 20:23:40 | 000,036,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/14 20:23:40 | 000,036,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/14 19:17:05 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForpapa.job
[2013/10/14 14:05:29 | 000,001,189 | ---- | M] () -- C:\Users\papa\AppData\Roaming\vso_ts_preview.xml
[2013/10/14 14:03:49 | 000,001,370 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2012 CBE.lnk
[2013/10/14 12:38:16 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013/10/14 09:31:49 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/12 13:29:11 | 005,826,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/12 08:37:32 | 018,196,778 | ---- | M] () -- C:\Users\papa\Desktop\3DUnits100b template.psd
[2013/10/11 08:14:18 | 000,777,548 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/10 13:28:23 | 000,000,132 | ---- | M] () -- C:\Users\papa\AppData\Roaming\Adobe BMP Format CS6 Prefs
[2013/10/10 13:27:14 | 000,001,456 | ---- | M] () -- C:\Users\papa\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/10/09 08:29:02 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Poser Pro 2010 (x86).lnk
[2013/10/05 08:21:51 | 000,002,327 | ---- | M] () -- C:\Users\papa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/23 19:52:36 | 000,020,659 | ---- | M] () -- C:\Users\papa\Desktop\kady at blain's wedding.jpg
[2013/09/23 19:42:48 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPAPA_LAPTOP$.job
[2013/09/17 13:17:42 | 002,570,868 | ---- | M] () -- C:\Users\papa\Desktop\artillery.zip
[2013/09/17 12:49:18 | 000,046,166 | ---- | M] () -- C:\Users\papa\Desktop\arty template and guns.psd
[2013/09/17 12:46:05 | 000,164,809 | ---- | M] () -- C:\Users\papa\Desktop\artillery-positions.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/10/15 14:22:25 | 000,002,061 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2013/10/15 09:55:30 | 000,152,156 | ---- | C] () -- C:\Users\papa\Desktop\einar-mark borodino.bte
[2013/10/14 14:03:49 | 000,001,370 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2012 CBE.lnk
[2013/10/14 09:40:34 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013/10/12 08:37:13 | 018,196,778 | ---- | C] () -- C:\Users\papa\Desktop\3DUnits100b template.psd
[2013/10/09 08:29:02 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Poser Pro 2010 (x86).lnk
[2013/09/23 19:52:35 | 000,020,659 | ---- | C] () -- C:\Users\papa\Desktop\kady at blain's wedding.jpg
[2013/09/17 13:17:17 | 002,570,868 | ---- | C] () -- C:\Users\papa\Desktop\artillery.zip
[2013/09/17 12:49:16 | 000,046,166 | ---- | C] () -- C:\Users\papa\Desktop\arty template and guns.psd
[2013/09/17 12:45:13 | 000,164,809 | ---- | C] () -- C:\Users\papa\Desktop\artillery-positions.jpg
[2013/05/27 18:46:18 | 000,000,132 | ---- | C] () -- C:\Users\papa\AppData\Roaming\Adobe BMP Format CS6 Prefs
[2013/04/04 22:07:31 | 000,000,132 | ---- | C] () -- C:\Users\papa\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/03/05 20:34:04 | 000,001,456 | ---- | C] () -- C:\Users\papa\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/02/05 15:12:57 | 000,000,132 | ---- | C] () -- C:\Users\papa\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/10/20 09:48:40 | 000,777,548 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/07 12:57:58 | 000,069,316 | ---- | C] () -- C:\Windows\SysWow64\key.dat
[2012/06/02 14:49:04 | 000,001,189 | ---- | C] () -- C:\Users\papa\AppData\Roaming\vso_ts_preview.xml
[2012/06/02 14:48:18 | 000,905,307 | ---- | C] ( ) -- C:\Windows\SysWow64\lnsecsl.exe
[2012/05/30 10:07:49 | 000,099,384 | ---- | C] () -- C:\Users\papa\AppData\Roaming\inst.exe
[2012/05/30 10:07:49 | 000,007,859 | ---- | C] () -- C:\Users\papa\AppData\Roaming\pcouffin.cat
[2012/05/30 10:07:49 | 000,001,167 | ---- | C] () -- C:\Users\papa\AppData\Roaming\pcouffin.inf
[2012/05/05 11:58:01 | 000,000,268 | ---- | C] () -- C:\Windows\ui_mv32.ini
[2012/05/05 11:57:52 | 000,250,368 | ---- | C] () -- C:\Windows\SysWow64\imagxpr3.dll
[2012/04/26 13:49:17 | 000,000,132 | ---- | C] () -- C:\Users\papa\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/29 16:57:54 | 000,000,132 | ---- | C] () -- C:\Users\papa\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/03/20 13:24:20 | 000,001,456 | ---- | C] () -- C:\Users\papa\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/03/14 09:54:50 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2005/04/07 22:16:43 | 000,211,573 | -H-- | C] () -- C:\Users\papa\AppData\Roaming\papav1.18.0 - Trial versionlog.dat
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/06/17 13:20:41 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\APP_NAME_NON_STRING
[2012/03/24 14:18:03 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\Ashampoo
[2012/04/27 11:14:52 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\AVG
[2013/10/13 09:44:36 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\AVG2014
[2013/09/29 12:53:38 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\BitTorrent
[2012/08/31 16:47:51 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\calibre
[2013/03/13 11:18:40 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2013/10/14 09:26:30 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\FileZilla
[2012/04/11 07:59:45 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\HandBrake
[2012/06/14 14:41:31 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\HughesNet Download Manager
[2013/05/07 12:21:59 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\Leadertech
[2013/10/09 09:52:02 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\LSMGUIAIR.64AAB1E9DCCE40D96A4E881F8BD26884D826DB32.1
[2012/08/18 12:48:00 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\Nuance
[2012/03/23 14:51:46 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\OpenOffice.org
[2013/06/18 18:25:50 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\Opera
[2013/06/23 15:47:04 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\Oracle
[2013/02/25 21:25:34 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\PACE Anti-Piracy
[2013/06/17 13:22:13 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\PDF Software
[2013/08/05 15:01:29 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\PlayFirst
[2013/10/09 08:29:56 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\Poser Pro
[2013/02/11 20:30:04 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\Rovio
[2013/10/14 09:28:12 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\SoftGrid Client
[2013/05/02 16:42:35 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\Sony
[2012/02/26 21:43:10 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\Synaptics
[2012/03/24 14:42:05 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\Three Rings Design
[2012/11/04 20:43:42 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\TP
[2012/12/17 14:28:46 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\TS3Client
[2013/10/13 09:42:44 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\TuneUp Software
[2013/10/15 10:44:25 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\Vso
[2012/12/13 09:22:20 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\wargaming.net
[2012/12/11 11:21:41 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\Windows Live Writer
[2013/09/21 16:00:34 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\Worthless Bums
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0FF263E8
@Alternate Data Stream - 1130 bytes -> C:\Users\papa\AppData\Local\Temp:0Mzx7Mh2mMTkIXJVlH0J
@Alternate Data Stream - 1118 bytes -> C:\Users\papa\AppData\Local\feffgE4Etd9:pjju5gxBFRmCdKfY6SEKayS
< End of report >