This topic is locked
Hi,
I installed Camstudio free screen recording software the other day in the hopes of using it to create a tutorial, and along the way it appears to have given me a case of the adwares.
Specifically, it has installed a Stormfall -- adware that opens an unwanted window in Chrome. I'm sure you're familiar.
I thought I would ask the knowledgeable people here for assistance before mucking it up myself. There may be other unwanted things I haven't noticed yet.
I have several start up programs I run intentionally, including Pushbullet, PhraseExpress, and Garmin software. I am running
avast! antivirus.
Thank you for any help you might be able to provide.
-James
Here is the quick scan log from OTL:
OTL logfile created on: 9/25/2014 6:30:33 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\James\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
11.98 Gb Total Physical Memory | 3.67 Gb Available Physical Memory | 30.62% Memory free
23.96 Gb Paging File | 9.64 Gb Available in Paging File | 40.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 460.33 Gb Free Space | 49.42% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 138.05 Gb Free Space | 59.28% Space Free | Partition Type: NTFS
Computer Name: EDO | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/09/25 06:06:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe
PRC - [2014/09/23 23:30:48 | 006,621,752 | ---- | M] (Spotify Ltd) -- C:\Users\James\AppData\Roaming\Spotify\spotify.exe
PRC - [2014/09/23 23:30:45 | 000,610,872 | ---- | M] () -- C:\Users\James\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
PRC - [2014/09/13 13:49:29 | 001,465,616 | ---- | M] (SanDisk Corporation) -- C:\Users\James\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2014/09/12 20:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/09/08 03:40:53 | 000,156,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Zotero Standalone\zotero.exe
PRC - [2014/08/28 14:53:44 | 000,822,320 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\pushbullet_app.exe
PRC - [2014/08/28 11:06:02 | 000,043,336 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2014/08/26 16:47:14 | 001,110,880 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2014/08/14 16:48:01 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/08/14 16:47:46 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/08/07 08:52:52 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2014/07/31 12:15:54 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2014/07/29 14:24:46 | 000,043,336 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2014/07/22 18:23:04 | 007,631,872 | ---- | M] (Google Inc.) -- C:\Users\James\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2014/07/22 16:46:06 | 003,356,480 | ---- | M] () -- C:\Users\James\AppData\Local\Amazon Music\Amazon Music Helper.exe
PRC - [2014/07/22 16:39:51 | 009,449,280 | ---- | M] (Amazon) -- C:\Users\James\AppData\Local\Amazon Music\Amazon Music.exe
PRC - [2014/07/17 21:04:38 | 000,051,016 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
PRC - [2014/06/21 12:34:14 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014/06/17 17:56:02 | 000,242,216 | ---- | M] (Foxit Corporation) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
PRC - [2014/04/08 13:47:10 | 000,096,320 | ---- | M] (Foxit Corporation) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe
PRC - [2013/12/21 02:04:50 | 003,478,392 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/09 16:01:58 | 000,881,440 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
PRC - [2013/10/15 19:06:12 | 001,016,712 | ---- | M] (Flux Software LLC) -- C:\Users\James\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2013/06/14 11:42:16 | 014,125,776 | ---- | M] (Bartels Media GmbH) -- C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
PRC - [2012/12/20 03:24:24 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/16 20:09:04 | 000,046,080 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Camtasia Studio 8\TscHelp.exe
PRC - [2012/02/20 15:54:08 | 001,666,560 | ---- | M] (AimerSoft) -- C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
PRC - [2011/10/27 18:56:35 | 000,470,528 | ---- | M] (Livescribe) -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2010/09/15 15:01:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
PRC - [2010/04/12 13:46:14 | 009,520,472 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2009/11/30 18:04:48 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\FarStone\TotalRecovery\Client\CBP\DCSchdler.exe
PRC - [2009/11/26 18:24:12 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\FarStone\TotalRecovery\Client\DCNTranProc.exe
PRC - [2009/06/30 21:24:46 | 000,762,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
========== Modules (No Company Name) ==========
MOD - [2014/09/23 23:30:48 | 036,966,968 | ---- | M] () -- C:\Users\James\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2014/09/23 23:30:47 | 000,108,600 | ---- | M] () -- C:\Users\James\AppData\Roaming\Spotify\Data\libEGL.dll
MOD - [2014/09/23 23:30:46 | 000,886,840 | ---- | M] () -- C:\Users\James\AppData\Roaming\Spotify\Data\libGLESv2.dll
MOD - [2014/09/23 23:30:46 | 000,867,896 | ---- | M] () -- C:\Users\James\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
MOD - [2014/09/23 23:30:45 | 000,610,872 | ---- | M] () -- C:\Users\James\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
MOD - [2014/09/17 22:52:34 | 000,043,008 | ---- | M] () -- c:\Users\James\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxn8vh2.dll
MOD - [2014/09/12 20:20:58 | 003,610,624 | ---- | M] () -- C:\Users\James\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/09/08 03:40:55 | 003,711,392 | ---- | M] () -- C:\Program Files (x86)\Zotero Standalone\xulrunner\mozjs.dll
MOD - [2014/08/28 14:53:44 | 000,822,320 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\pushbullet_app.exe
MOD - [2014/08/26 16:47:16 | 000,436,576 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2014/08/26 16:47:16 | 000,318,304 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2014/08/14 16:47:46 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/08/14 16:47:46 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/07/22 18:02:06 | 000,253,440 | ---- | M] () -- C:\Users\James\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2014/07/22 18:01:32 | 000,231,936 | ---- | M] () -- C:\Users\James\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2014/07/22 18:01:28 | 000,117,248 | ---- | M] () -- C:\Users\James\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2014/07/22 18:01:24 | 000,344,064 | ---- | M] () -- C:\Users\James\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2014/07/22 16:46:06 | 003,356,480 | ---- | M] () -- C:\Users\James\AppData\Local\Amazon Music\Amazon Music Helper.exe
MOD - [2014/07/22 16:21:12 | 001,348,608 | ---- | M] () -- C:\Users\James\AppData\Local\Amazon Music\tag.dll
MOD - [2014/07/22 16:21:12 | 000,880,128 | ---- | M] () -- C:\Users\James\AppData\Local\Amazon Music\libGLESv2.dll
MOD - [2014/07/22 16:21:11 | 038,700,544 | ---- | M] () -- C:\Users\James\AppData\Local\Amazon Music\libcef.dll
MOD - [2014/07/22 16:21:11 | 000,102,400 | ---- | M] () -- C:\Users\James\AppData\Local\Amazon Music\libEGL.dll
MOD - [2014/07/12 14:10:22 | 000,026,624 | ---- | M] () -- C:\Users\James\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2014/07/12 14:10:14 | 010,683,392 | ---- | M] () -- C:\Users\James\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2014/07/12 14:10:12 | 007,741,952 | ---- | M] () -- C:\Users\James\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2014/07/12 14:10:12 | 001,681,408 | ---- | M] () -- C:\Users\James\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2014/07/12 14:10:10 | 002,248,192 | ---- | M] () -- C:\Users\James\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2014/04/30 06:56:04 | 000,050,176 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\gevent._semaphore.pyd
MOD - [2014/04/30 06:55:56 | 000,208,384 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\gevent.core.pyd
MOD - [2014/01/26 09:49:20 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\win32gui.pyd
MOD - [2014/01/26 09:49:18 | 000,099,328 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\win32api.pyd
MOD - [2014/01/26 09:48:52 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\pywintypes27.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:40 | 000,237,384 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/07 08:09:08 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\greenlet.pyd
MOD - [2014/01/04 14:29:56 | 000,733,184 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\wx._misc_.pyd
MOD - [2014/01/04 14:29:48 | 001,067,520 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\wx._controls_.pyd
MOD - [2014/01/04 14:29:38 | 000,815,616 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\wx._windows_.pyd
MOD - [2014/01/04 14:29:30 | 000,806,400 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\wx._gdi_.pyd
MOD - [2014/01/04 14:29:10 | 001,176,576 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\wx._core_.pyd
MOD - [2013/12/21 02:04:26 | 003,989,888 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2013/11/10 19:24:54 | 000,899,584 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\_ssl.pyd
MOD - [2013/11/10 19:24:52 | 000,358,400 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\_hashlib.pyd
MOD - [2013/11/10 19:24:34 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\select.pyd
MOD - [2013/11/10 19:24:32 | 000,087,552 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\_ctypes.pyd
MOD - [2013/11/10 19:24:28 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\_sqlite3.pyd
MOD - [2013/11/10 19:24:26 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\_socket.pyd
MOD - [2013/11/10 19:24:24 | 000,686,080 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\unicodedata.pyd
MOD - [2013/11/10 19:23:44 | 000,426,496 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\sqlite3.dll
MOD - [2013/08/23 15:01:44 | 025,100,288 | ---- | M] () -- C:\Users\James\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/08/07 15:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2013/07/10 19:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2013/06/14 11:42:12 | 000,442,064 | ---- | M] () -- C:\Program Files (x86)\PhraseExpress\pexlang.dll
MOD - [2012/06/04 11:03:48 | 000,603,136 | ---- | M] () -- C:\Program Files (x86)\Pushbullet\pysqlite2._sqlite.pyd
========== Services (SafeList) ==========
SRV:64bit: - [2014/08/14 16:47:46 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/19 15:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/12/16 07:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011/06/29 07:34:16 | 000,311,296 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/09/24 01:44:08 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/08/25 01:04:38 | 002,175,264 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/08/22 20:06:42 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/08/10 16:37:03 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/08/07 08:52:52 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2014/07/17 21:04:38 | 000,051,016 | ---- | M] (Google Inc.) [Auto | Running] -- C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe -- (chromoting)
SRV - [2014/06/17 17:56:02 | 000,242,216 | ---- | M] (Foxit Corporation) [Auto | Running] -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/09 16:01:58 | 000,881,440 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/12/20 03:24:24 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/27 18:56:35 | 000,470,528 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2010/11/20 23:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 23:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 23:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/15 15:01:20 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe -- (BRA_Scheduler)
SRV - [2010/01/11 15:13:20 | 000,086,016 | ---- | M] (Farstone Technology Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\FarStone\TotalRecovery\Client\Efb\FBPAgent.exe -- (FBAgent)
SRV - [2009/11/26 18:24:30 | 000,104,976 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\FarStone\TotalRecovery\Client\CBP\DCSchdlerSRVC.exe -- (DCScheduler)
SRV - [2009/11/26 18:24:12 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\FarStone\TotalRecovery\Client\DCNTranProc.exe -- (Tran_Process_Proc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/08/14 16:47:59 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/08/14 16:47:48 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/08/14 16:47:48 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/08/14 16:47:48 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/08/14 16:47:48 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/08/14 16:47:48 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/08/14 16:47:48 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/08/14 16:47:48 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/07/28 14:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/11/25 13:03:00 | 000,413,888 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs5.sys -- (cbfs5)
DRV:64bit: - [2013/05/19 13:10:05 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013/02/06 07:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/02/06 07:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 15:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/12/16 07:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/12/15 09:02:34 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/12/15 09:02:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/12/15 09:02:34 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/11/06 07:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/15 14:32:10 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/08/11 18:04:17 | 000,026,112 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PulseUsb.sys -- (PulseUsb)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/07 12:01:44 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/03/07 12:01:44 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2011/01/26 14:53:12 | 000,052,304 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\megasas2.sys -- (megasas2)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 09:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 07:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 07:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010/11/20 07:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/18 08:10:00 | 000,090,296 | R--- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2010/11/15 07:05:02 | 000,364,520 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/11/15 07:05:00 | 000,121,832 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/10/25 23:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/08/27 13:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/06/14 17:09:18 | 000,465,488 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR1.sys -- (MegaSR1)
DRV:64bit: - [2010/04/26 21:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/26 21:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/04/13 16:08:00 | 000,340,008 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5)
DRV:64bit: - [2010/04/13 16:08:00 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2010/04/13 16:08:00 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009/11/26 18:26:16 | 000,023,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FarMntIo.sys -- (FARMNTIO)
DRV:64bit: - [2009/11/26 18:25:16 | 000,091,152 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dcsnap.sys -- (dcsnap)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/30 21:24:50 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/12/17 22:46:12 | 000,533,760 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\Ca1528av.sys -- (Ca1528av)
DRV:64bit: - [2008/06/28 23:43:02 | 000,014,848 | ---- | M] (SunPlus) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Bulk1528.sys -- (Bulk1528)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/12/19 17:44:44 | 000,209,424 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.velocitymicro.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20110823
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.velocitymicro.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {502F4341-15D2-4A62-BD9E-F45E914211BE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{502F4341-15D2-4A62-BD9E-F45E914211BE}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: zoteroWinWordIntegration%40zotero.org:3.1.16
FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.5
FF - prefs.js..extensions.enabledAddons: zotero%40chnm.gmu.edu:4.0.21.5
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20110823&q="
FF - user.js..extensions.enabledAddons: [email protected]:0.9.8.3
FF - user.js..extensions.enabledAddons: [email protected]:6.0.1367
FF - user.js..extensions.enabledAddons: [email protected]:3.0.3
FF - user.js..extensions.enabledAddons: [email protected]:3.1.6
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\James\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\James\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\James\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\James\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/08/14 16:47:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\citius@orbiscom: C:\Program Files (x86)\Virtual Account Numbers [2013/07/08 08:43:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/07/09 11:48:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014/03/24 21:33:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/08/10 16:36:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 18.0.1\extensions\\Components: C:\Program Files\\Waterfox\components [2014/07/19 20:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 18.0.1\extensions\\Plugins: C:\Program Files\\Waterfox\plugins [2014/07/19 20:19:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/08/10 16:36:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/09/03 12:47:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2011/09/03 12:47:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/08/19 16:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\89o7p0no.default\extensions
[2014/01/23 20:14:08 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\89o7p0no.default\extensions\[email protected]
[2012/12/14 10:53:29 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\89o7p0no.default\extensions\[email protected]
[2014/07/08 16:54:16 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\89o7p0no.default\extensions\[email protected]
[2014/06/22 11:09:25 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\89o7p0no.default\extensions\[email protected]
[2013/01/06 13:20:02 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\89o7p0no.default\extensions\[email protected]
[2014/08/19 16:55:23 | 004,221,812 | ---- | M] () (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\89o7p0no.default\extensions\[email protected]
[2014/07/08 16:54:16 | 005,564,713 | ---- | M] () (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\89o7p0no.default\extensions\[email protected]
[2011/01/31 03:03:10 | 000,011,787 | ---- | M] () (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\89o7p0no.default\zotero\storage\AG2A9WAZ\hdr.session-expired.gif@22
[2014/08/07 00:35:56 | 000,552,060 | ---- | M] () (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\89o7p0no.default\zotero\storage\H4MCH5WQ\Karp et al_2014_13 Rules That Expire.pdf
[2011/08/22 22:47:04 | 000,001,945 | ---- | M] () -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\89o7p0no.default\searchplugins\bing-zugo.xml
[2014/08/10 16:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/08/10 16:37:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.9.2_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.7.17_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.16_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj\3.0.2.2_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.826.0.6_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm\1.20_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdonhidhobjahdhlcegfakicbcgnkokh\1.3.2_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekbgkmeapobkbadclnkjfjdbpbcaobd\0.31_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.5_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\1.6.2_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd\112_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmfcdkambpljcndgdmaccaagladfnepa\0.1.0_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddpephnhacfpgcemhioaejgenlgadnnh\1.4.0_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkigkllnlkoblfbgfnfngfcnhmndonjm\10.1.2_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc\4.0.21_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.235.2_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.236.0_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\37.0.2062.61_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.4_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\hejjjnnbamjillkkomahknangbpjfdpd\1.0.2_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfkcobomkalfdlmkongnhnhahkmnaad\1.1.3_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdoplcnndgiblooccencgcggcoihigg\1.0.7_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha\17.4.16_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlkkjgfbfgdcdjnddamlmgbipgbhgppk\1.2_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14385.564_1\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.132_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk\0.7.8_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.7.0.1_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.3_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg\5.2.1_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\imlbbglginccpmlaekkdnleoachjadka\3.1_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab\0.9.8.14_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.18.15_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\0.2.7.32_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.5.1_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.4_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\kghdjdlccddmkepckhfgjdeohkcabahl\3.4_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg\4.74_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.5.5_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.5_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.9.45_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\3.1_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf\4.0.0.2_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllceaiaedaingchlgolnfiibippgkmj\0.7.1_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.10_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.910.433.1_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.9.3_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng\2.5.1109.21_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknebiagdodnminbdpflhpkgfpeijdbf\1.0_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocnieghejiknjhadhngmmnbfjocbbfpm\0.9.5.0_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\17.2.7_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg\6.7.1_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg\6.7_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ompiailgknfdndiefoaoiligalphfdae\2.6.7_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.6_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.2.4_0\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.2_0\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Virtual Account Numbers Helper) - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Virtual Account Numbers) - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Bitcasa] C:\Program Files\Bitcasa\BitcasaBoot.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Virtual Account Numbers] C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKCU..\Run: [Advanced SystemCare 7] C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Amazon Music] C:\Users\James\AppData\Local\Amazon Music\Amazon Music Helper.exe ()
O4 - HKCU..\Run: [DE24DAEE86D33FB70CF774307B0E31290C5D8D40._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [f.lux] C:\Users\James\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [Google+ Auto Backup] C:\Users\James\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_6B06BCEFC97BCF192292AD16DB5D7A73] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [MusicManager] C:\Users\James\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [Pushbullet] C:\Program Files (x86)\Pushbullet\pushbullet_app.exe ()
O4 - HKCU..\Run: [SansaDispatch] C:\Users\James\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\James\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [uTorrent] C:\Users\James\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iSyncr.lnk = C:\Users\James\AppData\Roaming\Microsoft\Installer\{8E1F956D-631A-4146-B893-185E150D5BBD}\_C1F574CEC66419C15C9588.exe ()
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vitamin D Video.exe - Shortcut.lnk = C:\Program Files (x86)\Vitamin D Video\Vitamin D Video.exe (Vitamin D Video, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.60.2)
O16 - DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_60)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_60)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69A6B4E3-74A8-4473-918A-F3483A973E48}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: EldosMountNotificator-cbfs5 - {F09F617B-6C64-47D1-92DF-E6D7F57DE3BA} - C:\Windows\SysNative\cbfsMntNtf5.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator-cbfs5 - {F09F617B-6C64-47D1-92DF-E6D7F57DE3BA} - C:\Windows\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {F09F617B-6C64-47D1-92DF-E6D7F57DE3BA} - Virtual Storage Mount Notification - C:\Windows\SysNative\cbfsMntNtf5.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {F09F617B-6C64-47D1-92DF-E6D7F57DE3BA} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e317eea8-c907-11e0-a778-f46d04259911}\Shell - "" = AutoRun
O33 - MountPoints2\{e317eea8-c907-11e0-a778-f46d04259911}\Shell\AutoRun\command - "" = J:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/09/25 06:31:02 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\oldotl
[2014/09/25 06:06:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe
[2014/09/24 00:07:28 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\My CamStudio Videos
[2014/09/24 00:07:18 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\My CamStudio Temp Files
[2014/09/24 00:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\374311380
[2014/09/24 00:02:46 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\StormFall
[2014/09/24 00:02:46 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall
[2014/09/24 00:02:45 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\StormFall
[2014/09/24 00:02:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
[2014/09/24 00:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio 2.7
[2014/09/22 15:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pushbullet
[2014/09/22 15:26:41 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\pushbullet
[2014/09/22 15:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pushbullet
[2014/09/22 04:15:07 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\013336075X_ppt
[2014/09/21 14:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2014/09/16 16:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gargoyle
[2014/09/16 16:46:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gargoyle
[2014/09/16 16:31:45 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\TADS
[2014/09/14 21:01:06 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\FlacSquisher
[2014/09/14 20:56:59 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlacSquisher
[2014/09/14 20:56:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlacSquisher
[2014/09/13 13:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2014/09/13 13:49:39 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk
[2014/09/13 13:49:10 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\SanDisk
[2014/09/11 20:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/09/11 11:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe
[2014/09/10 18:05:31 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{95C73209-B10A-4AE0-B660-034DD8C3E1ED}
[2014/08/26 23:12:00 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{56D22F07-14B4-4069-AD79-8272BB9E0895}
========== Files - Modified Within 30 Days ==========
[2014/09/25 06:19:52 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2304217476-3085346115-1509824866-1001UA.job
[2014/09/25 06:06:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe
[2014/09/25 05:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/25 05:39:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/24 16:19:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2304217476-3085346115-1509824866-1001Core.job
[2014/09/24 12:39:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/24 00:11:21 | 000,004,537 | ---- | M] () -- C:\Users\James\AppData\Roaming\CamStudio.cfg
[2014/09/24 00:11:21 | 000,000,408 | ---- | M] () -- C:\Users\James\AppData\Roaming\CamShapes.ini
[2014/09/24 00:11:21 | 000,000,408 | ---- | M] () -- C:\Users\James\AppData\Roaming\CamLayout.ini
[2014/09/24 00:11:21 | 000,000,103 | ---- | M] () -- C:\Users\James\AppData\Roaming\Camdata.ini
[2014/09/24 00:07:09 | 000,000,096 | ---- | M] () -- C:\Users\James\AppData\Roaming\version2.xml
[2014/09/24 00:02:46 | 000,002,454 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\StormFall.lnk
[2014/09/23 23:56:41 | 1122,731,520 | ---- | M] () -- C:\Users\James\Desktop\Piano.avi
[2014/09/22 06:28:58 | 000,111,979 | ---- | M] () -- C:\Users\James\Desktop\capture00.jpeg
[2014/09/17 22:52:35 | 000,001,044 | ---- | M] () -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/09/16 16:31:03 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/16 14:45:10 | 000,071,647 | ---- | M] () -- C:\Users\James\Desktop\Pearson_Account_Code.PNG
[2014/09/15 07:34:14 | 000,819,142 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/15 07:34:14 | 000,692,328 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/15 07:34:14 | 000,130,490 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/13 13:51:53 | 000,002,180 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2014/09/11 20:16:35 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/09/07 21:37:00 | 000,299,008 | ---- | M] () -- C:\Users\James\Documents\Database1.accdb
[2014/09/03 22:11:17 | 000,001,387 | ---- | M] () -- C:\Users\James\Desktop\Student Work - Shortcut.lnk
[2014/08/31 15:36:26 | 000,022,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/31 15:36:26 | 000,022,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/30 09:29:32 | 000,002,283 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/08/30 09:13:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/30 09:13:26 | 1058,975,742 | -HS- | M] () -- C:\hiberfil.sys
========== Files Created - No Company Name ==========
[2014/09/24 00:05:47 | 000,004,537 | ---- | C] () -- C:\Users\James\AppData\Roaming\CamStudio.cfg
[2014/09/24 00:05:47 | 000,000,408 | ---- | C] () -- C:\Users\James\AppData\Roaming\CamShapes.ini
[2014/09/24 00:05:47 | 000,000,408 | ---- | C] () -- C:\Users\James\AppData\Roaming\CamLayout.ini
[2014/09/24 00:05:47 | 000,000,103 | ---- | C] () -- C:\Users\James\AppData\Roaming\Camdata.ini
[2014/09/24 00:03:23 | 000,000,096 | ---- | C] () -- C:\Users\James\AppData\Roaming\version2.xml
[2014/09/24 00:02:46 | 000,002,454 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\StormFall.lnk
[2014/09/23 23:57:06 | 1122,731,520 | ---- | C] () -- C:\Users\James\Desktop\Piano.avi
[2014/09/22 06:28:58 | 000,111,979 | ---- | C] () -- C:\Users\James\Desktop\capture00.jpeg
[2014/09/16 14:45:10 | 000,071,647 | ---- | C] () -- C:\Users\James\Desktop\Pearson_Account_Code.PNG
[2014/09/13 13:51:53 | 000,002,180 | ---- | C] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2014/09/11 11:40:54 | 000,001,107 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass.lnk
[2014/09/07 21:33:02 | 000,299,008 | ---- | C] () -- C:\Users\James\Documents\Database1.accdb
[2014/09/03 22:11:17 | 000,001,387 | ---- | C] () -- C:\Users\James\Desktop\Student Work - Shortcut.lnk
[2014/08/18 17:38:11 | 000,000,218 | ---- | C] () -- C:\Users\James\.recently-used.xbel
[2014/07/21 22:18:14 | 000,000,841 | ---- | C] () -- C:\Users\James\AppData\Local\recently-used.xbel
[2014/04/21 16:57:17 | 000,000,262 | ---- | C] () -- C:\Users\James\drmomentum.inkyp
[2013/11/27 20:47:08 | 000,000,059 | ---- | C] () -- C:\Users\James\.gitconfig
[2013/09/15 20:16:55 | 001,065,984 | ---- | C] () -- C:\Users\James\AppData\Local\file__0.localstorage
[2013/09/03 07:55:29 | 000,017,345 | ---- | C] () -- C:\Users\James\STEAM - receipt for your key subscription.pdf
[2013/08/28 10:27:37 | 000,108,378 | ---- | C] () -- C:\Users\James\cmd=file&file=chatFra.pdf
[2013/07/15 23:55:11 | 055,297,160 | ---- | C] () -- C:\Users\James\MyPencastPDF.pdf
[2013/07/15 23:10:13 | 055,138,765 | ---- | C] () -- C:\Users\James\1-Subject Notebook 1 pp. 17~20.pdf
[2013/06/21 10:58:25 | 000,000,167 | ---- | C] () -- C:\Users\James\AppData\Roaming\.ptbt0
[2013/04/04 20:16:00 | 000,000,051 | ---- | C] () -- C:\Users\James\AppData\Roaming\Fraction Bars Settings
[2012/12/20 03:24:26 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/20 03:24:24 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/12/19 21:47:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/25 18:35:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/05/23 07:48:52 | 000,001,526 | ---- | C] () -- C:\Users\James\AppData\Roaming\Sketchpad 5 Preferences.dat
[2011/09/21 09:38:24 | 000,008,704 | ---- | C] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/20 18:56:28 | 000,000,108 | ---- | C] () -- C:\Users\James\webct_upload_applet.properties
[2011/08/25 21:24:10 | 000,007,651 | ---- | C] () -- C:\Users\James\AppData\Local\Resmon.ResmonCfg
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/01/27 09:32:06 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\.minecraft
[2013/04/13 22:22:50 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\2BrightSparks
[2012/12/18 13:46:27 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\6Wunderkinder
[2012/08/09 09:41:19 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Amazon
[2014/07/19 18:29:36 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Audacity
[2013/12/02 15:40:49 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\AVAST Software
[2014/05/03 22:40:00 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Battle.net
[2014/05/07 10:01:25 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Bitcasa
[2012/09/10 18:26:36 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Canon
[2013/12/25 13:56:58 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\com.amazon.music.uploader
[2014/05/01 21:24:26 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\com.bitcasa.Bitcasa
[2013/08/29 14:27:58 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\com.focusboosterapp.focusbooster
[2013/03/06 19:47:03 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
[2011/09/13 03:25:22 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\com.livescribe.LivescribeConnect
[2013/07/24 20:06:59 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\com.webkinesis.PicasaUploaderDesktop
[2012/09/12 17:11:30 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Digiarty
[2014/09/17 22:52:37 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Dropbox
[2012/07/17 14:38:56 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\EndNote
[2014/01/23 19:50:27 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\FileZilla
[2014/09/14 21:01:06 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\FlacSquisher
[2011/09/03 12:47:49 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Flickr
[2012/11/08 19:32:57 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Fox Dgital Copy
[2014/04/14 22:54:58 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Foxit Software
[2012/10/29 20:12:33 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Freeplane
[2013/10/25 21:27:40 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\GARMIN
[2013/11/27 20:47:36 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\GitHub
[2014/07/11 00:45:48 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Goofball
[2013/07/04 18:34:00 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\gtk-2.0
[2014/02/26 13:33:58 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\HandBrake
[2012/09/14 15:40:30 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\ImgBurn
[2014/08/18 17:26:31 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\inkscape
[2011/09/07 17:18:11 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\InqScribe
[2014/01/23 20:10:05 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\IObit
[2012/10/01 18:27:30 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\IrfanView
[2013/05/26 08:34:50 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\JRT Studio
[2014/09/11 11:40:18 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\KeePass
[2012/06/26 16:24:10 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Leadertech
[2012/03/06 18:23:40 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\LOVE
[2014/04/18 00:10:43 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mark of the Old Ones
[2014/03/14 10:55:35 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\MPEG Streamclip
[2014/06/23 12:17:59 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Notepad++
[2014/05/29 14:01:10 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Oracle
[2011/12/14 15:41:14 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\PhotoScape
[2013/03/20 11:37:06 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\PhraseExpress
[2014/08/25 01:05:48 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\ProductData
[2014/09/22 15:26:56 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\pushbullet
[2014/08/03 11:06:23 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\QuickScan
[2014/09/13 13:49:41 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\SanDisk
[2012/10/05 12:54:30 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Scribus
[2012/09/10 20:03:25 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Skinux
[2013/08/28 17:04:17 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\SolidDocuments
[2013/11/02 19:41:11 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\SomePDF
[2014/09/25 06:35:53 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Spotify
[2014/09/24 00:02:46 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\StormFall
[2013/05/01 22:26:04 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Sublime Text 2
[2013/09/10 19:13:47 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\SumatraPDF
[2013/07/15 10:49:12 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\System
[2013/12/11 17:00:24 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\SYSTEMAX Software Development
[2014/08/22 21:38:47 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Talisman
[2012/10/05 13:09:38 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\TechSmith
[2012/09/30 22:22:38 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Titanium
[2014/07/22 04:30:46 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\TrueCrypt
[2013/10/08 05:25:30 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\TuneUpMedia
[2014/05/06 11:05:55 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Unity
[2014/09/15 10:24:29 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\uTorrent
[2012/09/10 20:03:11 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Vonage
[2013/01/30 14:11:51 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Waterfox Limited
[2013/08/14 23:15:33 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\WinPatrol
[2013/07/15 11:08:35 | 000,000,000 | -HSD | M] -- C:\Users\James\AppData\Roaming\wyUpdate AU
[2013/03/05 15:12:56 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\XMind
[2012/02/10 15:26:48 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Zotero
[2011/10/07 11:16:26 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\ZumoDrive
========== Purity Check ==========
< End of report >
Answered
![Laptop hangs often [Solved] - last post by DR M](https://www.geekstogo.com/forum/uploads/profile/photo-418842.gif?_r=1578338641)
![Google Chrome keeps getting the default search set to Yahoo [Closed] - last post by Gary R](https://www.geekstogo.com/forum/uploads/profile/photo-thumb-296954.jpg?_r=0)
![suffering with a bad case of malware :( HELP please [Closed] - last post by iMacg3](https://www.geekstogo.com/forum/uploads/profile/photo-thumb-423723.jpg?_r=1581638836)
Sign In
Create Account
