[Datastream]

Operating system Windows7 64BIT

I have some virus and even in safe mode it crashes the taskbar and just puts explorer into a continuous loop.
When i tried to boot in normal mode it took a while to start windows as it was stuck at the loading screen

This process 202fbh.exe i think is the cause of explorer.exe to loop and just sends back a windows error report all the time,
202fbh.exe is located in appdata. i am able to use windows without any problem by killing explorer.exe and this one, but i not sure if it is safe to connect to the internet.

I uploaded a clip of what it does in safe mode
View My Video

I have tried running Malwarebytes with no success did not find anything at all full/quick/flash -
latest definitions from this week. rkill did not do anything

When i was getting system logs from gmer came back with
c:\windows\system32\config\system: The System cannot find the file specified.

although i was still able to run it partially half way through a scan it said -
Runtime Error!
Program c:\windows\SyWOW64\DllHost.exe


Any help in removing this would be greatly appreaciated.
i just hope it hasnt completly damaged any files which would require a reformat

Thank you.

Attached Files

•  Attach.txt   17.93KB   8192 downloads

Edited by Datastream, 11 September 2010 - 04:24 AM.

[Advertisements]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:38:08, on 11/09/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\hjt\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://shop.thefreevpn.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.0.0.1:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Plusmedia uk Toolbar - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files (x86)\Celebrity Toolbar\tbhelper.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Plusmedia uk Toolbar - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\fgiebar.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Celebrity Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Plusmedia uk Toolbar - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKLM\..\Policies\Explorer\Run: [a5x3tq] C:\Users\Tom\AppData\Local\Temp\202fbh.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files (x86)\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O15 - Trusted Zone: http://software.kuaiche.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NetDrive Service (ndsvc) - MacroData Inc. - C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SCM_Service - Unknown owner - C:\Windows\SysWOW64\WinService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Users\Tom\AppData\Local\TVersity\Media Server\MediaServer.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware vCenter Converter Agent (vmware-converter-agent) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
O23 - Service: VMware vCenter Converter Server (vmware-converter-server) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16561 bytes

[Datastream]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:38:08, on 11/09/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\hjt\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://shop.thefreevpn.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.0.0.1:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Plusmedia uk Toolbar - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files (x86)\Celebrity Toolbar\tbhelper.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Plusmedia uk Toolbar - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\fgiebar.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Celebrity Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Plusmedia uk Toolbar - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKLM\..\Policies\Explorer\Run: [a5x3tq] C:\Users\Tom\AppData\Local\Temp\202fbh.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files (x86)\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O15 - Trusted Zone: http://software.kuaiche.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NetDrive Service (ndsvc) - MacroData Inc. - C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SCM_Service - Unknown owner - C:\Windows\SysWOW64\WinService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Users\Tom\AppData\Local\TVersity\Media Server\MediaServer.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware vCenter Converter Agent (vmware-converter-agent) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
O23 - Service: VMware vCenter Converter Server (vmware-converter-server) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16561 bytes

[Essexboy]

I can see where it is but I would like to run OTL to ensure that I get it all and it does not respawn

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click on Minimal Output at the top
• Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
• Double click inside the Custom Scan box at the bottom
• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

[Datastream]

Thank you for responding to my thread Essexboy. I will run OTL now.

Also after i closed explorer.exe and reopened, it just started looping and crashing again.
That strange process 202fbh.exe (located in appdata) came back after i did though.

Edited by Datastream, 11 September 2010 - 08:22 AM.

[Datastream]

I'm pretty sure its something to do with C:\Windows\SysWOW64
OTL logfile created on: 11/09/2010 15:41:35 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = K:\
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 136.81 Gb Free Space | 45.90% Space Free | Partition Type: NTFS
Drive D: | 372.60 Gb Total Space | 5.25 Gb Free Space | 1.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 137.53 Gb Free Space | 29.53% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 64.00 Gb Free Space | 27.48% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 931.41 Gb Total Space | 691.23 Gb Free Space | 74.21% Space Free | Partition Type: NTFS
Drive K: | 3.74 Gb Total Space | 3.55 Gb Free Space | 95.03% Space Free | Partition Type: FAT32
Drive Y: | 465.76 Gb Total Space | 137.53 Gb Free Space | 29.53% Space Free | Partition Type: NTFS

Computer Name: YTD2
Current User Name: Tom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/10 16:58:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
PRC - [2010/09/09 02:20:00 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/25 19:39:36 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2010/03/18 10:29:50 | 005,140,264 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/03/18 10:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/01/30 00:00:08 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/01/22 23:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/01/22 23:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/01/22 23:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010/01/22 22:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/12/31 00:24:34 | 000,703,488 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/08/29 07:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/05/14 16:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/04/17 21:59:38 | 000,428,592 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
PRC - [2009/04/17 21:42:56 | 000,428,592 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
PRC - [2007/07/17 15:48:16 | 000,180,224 | ---- | M] () -- C:\Windows\SysWOW64\WinService.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/09/10 16:58:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
MOD - [2010/06/30 07:21:47 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MOD - [2010/01/30 19:35:24 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
MOD - [2009/07/14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009/07/14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2009/07/14 02:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/07/14 02:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll
MOD - [2009/07/14 02:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StructuredQuery.dll
MOD - [2009/07/14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2009/07/14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll
MOD - [2009/07/14 02:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchFolder.dll
MOD - [2009/07/14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2009/07/14 02:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
MOD - [2009/07/14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll
MOD - [2009/07/14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll
MOD - [2009/07/14 02:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/06/10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/03/06 05:33:26 | 000,961,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2009/02/12 16:19:38 | 000,178,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2009/02/12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2008/10/25 12:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnat.exe -- (VMware NAT Service)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnetdhcp.exe -- (VMnetDHCP)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010/06/29 09:23:28 | 002,730,496 | ---- | M] (MacroData Inc.) [Auto | Running] -- C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe -- (ndsvc)
SRV:64bit: - [2010/02/03 05:17:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/01 13:39:22 | 000,051,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/31 16:33:22 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 02:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 02:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/05/14 16:54:26 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/05/14 16:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2006/11/29 12:57:36 | 000,566,192 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxcycoms.exe -- (lxcy_device)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/25 19:39:36 | 000,068,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/03/18 10:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/01 13:29:30 | 000,326,792 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/01/31 16:31:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/30 00:00:08 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/01/22 23:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/01/22 23:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/01/22 23:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/01/22 22:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/01/19 00:08:44 | 000,856,064 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Tom\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/12/31 00:24:34 | 000,703,488 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2009/10/20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/09/28 20:35:04 | 000,120,640 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2009/06/17 12:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/04/17 21:59:38 | 000,428,592 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -- (vmware-converter-server)
SRV - [2009/04/17 21:42:56 | 000,428,592 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe -- (vmware-converter-agent)
SRV - [2008/12/10 02:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/08/11 13:40:58 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2007/07/17 15:48:16 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\WinService.exe -- (SCM_Service)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/29 12:57:20 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysWow64\lxcycoms.exe -- (lxcy_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/04/23 01:57:00 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/26 20:07:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/03/23 12:37:08 | 000,012,096 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv2.sys -- (mv2)
DRV:64bit: - [2010/02/03 05:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/03 04:23:58 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/01 13:39:23 | 000,010,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2010/01/29 23:31:06 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/28 15:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/22 23:14:36 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/01/22 23:14:34 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/01/22 23:14:30 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/01/22 23:14:30 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/01/22 22:00:44 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/01/22 18:13:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010/01/22 18:12:58 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/01/22 18:12:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/11/23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/09 18:12:42 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2009/10/20 19:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/28 20:35:32 | 000,087,384 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 02:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 02:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 00:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 00:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 17:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009/06/17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 17:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 16:49:56 | 000,121,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/05/14 16:47:16 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/05/14 16:41:14 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/04/30 23:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2009/03/27 02:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/08/11 13:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/08/11 13:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2008/07/26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/03/13 08:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008/02/06 04:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/12/26 10:46:26 | 000,340,992 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v2.sys -- (RTL8187)
DRV:64bit: - [2007/01/19 03:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2009/12/23 12:03:22 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/10/12 15:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/04/17 21:42:56 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\bmdrvr.sys -- (bmdrvr)
DRV - [2009/04/17 21:42:48 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys -- (vstor2-mntapi10)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2008/08/11 13:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2004/05/05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\URLSearchHook: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://shop.thefreevpn.com/home.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 9A CC 05 B8 A2 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files (x86)\Celebrity Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.0.0.1:1080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://slumz.boxden....-1&prefixid=h7l | http://www.2dopeboyz.com | http://www.torrentleech.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071300000040
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.10
FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:2.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.42
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {cd617372-6743-4ee4-bac4-fbf60f35719e}:1.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.7.1.11048
FF - prefs.js..keyword.URL: "http://www.afodo.com...ls=twSUezfG&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8118

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "http://www.afodo.com...ls=twSUezfG&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/07 23:39:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/31 17:22:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/19 22:54:55 | 000,000,000 | ---D | M]

[2010/04/10 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2010/04/10 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/02/01 18:09:44 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/09/10 00:19:40 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{1483B687-8B6E-4bca-B85D-3CB02696DFC6}
[2010/06/24 23:49:09 | 000,000,000 | ---D | M] (Plusmedia uk Toolbar) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}
[2010/02/01 00:02:04 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/01 00:02:04 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 11:47:29 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/03/30 16:22:58 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010/02/01 00:02:05 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Live PageRank) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{8061ddcf-3632-4287-8d8a-133e219ae838}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (OperaView) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{87f54a61-c9b3-4138-a38a-33c31770bb9e}
[2010/02/01 00:02:05 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/02/01 00:02:05 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/02/01 00:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010/02/01 00:02:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
[2010/02/01 00:02:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/10 22:01:51 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/02/01 00:02:13 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/30 00:42:40 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/01/30 00:42:40 | 000,000,000 | ---D | M] (Autofill) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{F35B2DA4-CECE-D4E8-0BAD-CCD1DF7EE17A}
[2010/01/30 00:42:40 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/01/30 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/06/10 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 00:01:59 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/04/20 11:35:29 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 22:26:17 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 00:02:02 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/07/22 13:05:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2008/12/03 08:58:56 | 000,000,523 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\daemon-search.xml
[2010/08/18 22:40:11 | 000,002,197 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\google-search.xml
[2007/04/26 21:26:56 | 000,001,221 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\music-search-plus.xml
[2008/06/05 12:20:50 | 000,001,386 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\nzbindexnl.xml
[2010/09/10 00:19:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/18 22:40:11 | 000,002,197 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google-search.xml
[2010/02/03 18:59:06 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\MyHeritage.xml

O1 HOSTS File: ([2010/09/11 15:00:20 | 000,000,002 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
O2 - BHO: (Plusmedia uk Toolbar) - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\Jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\TEXTware\QUICKfind\PlugIns\IEHelp.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Plusmedia uk Toolbar) - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Plusmedia uk Toolbar) - {193D7001-BD9F-48C2-B5C7-69775AA2201D} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [lxcymon.exe] C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: a5x3tq = C:\Users\Tom\AppData\Local\Temp\202fbh.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/05 23:04:48 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{42cfb8ff-0d26-11df-8948-6cf04908190f}\Shell - "" = AutoRun
O33 - MountPoints2\{42cfb8ff-0d26-11df-8948-6cf04908190f}\Shell\AutoRun\command - "" = H:\Setup\oocdrun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/11 11:36:57 | 000,000,000 | ---D | C] -- C:\hjt
[2010/09/10 15:44:14 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/10 15:41:21 | 000,000,000 | ---D | C] -- C:\cf
[2010/09/10 15:37:15 | 000,000,000 | ---D | C] -- C:\New folder
[2010/09/10 15:03:38 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/10 15:03:34 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\AAE416E17857DF994CB5852EE8BD7BD9
[2010/09/09 14:58:31 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\hair
[2010/09/08 23:08:52 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Stickam Client - All Icons
[2010/09/08 23:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\proXPN
[2010/09/07 12:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeVPN
[2010/09/03 15:46:13 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Adobe Mini Bridge CS5
[2010/09/03 15:46:12 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/30 19:41:45 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\fltk.org
[2010/08/30 19:41:36 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\paulstretch_win32-2.0
[2010/08/26 10:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2010/08/25 18:42:04 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Redman_-_Reggie_-_2010
[2010/08/23 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/23 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/23 12:33:20 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2010/08/23 12:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZooskMessenger
[2010/08/18 11:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\lx_cats
[2010/08/18 11:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 3400 Series
[2010/08/18 11:57:06 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyinpa.dll
[2010/08/18 11:57:06 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyiesc.dll
[2010/08/18 11:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 3400 Series
[2010/08/18 11:57:05 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyserv.dll
[2010/08/18 11:57:05 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyusb1.dll
[2010/08/18 11:57:05 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypmui.dll
[2010/08/18 11:57:05 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcylmpm.dll
[2010/08/18 11:57:05 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyih.exe
[2010/08/18 11:57:05 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyppls.exe
[2010/08/18 11:57:05 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyprox.dll
[2010/08/18 11:57:05 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypplc.dll
[2010/08/18 11:57:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyhbn3.dll
[2010/08/18 11:57:04 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomc.dll
[2010/08/18 11:57:04 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycoms.exe
[2010/08/18 11:57:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomm.dll
[2010/08/18 11:57:04 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycfg.exe
[2010/08/18 11:57:04 | 000,077,824 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\lxcycfg.dll
[2010/08/18 11:56:56 | 001,417,728 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyserv.dll
[2010/08/18 11:56:56 | 001,099,264 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyusb1.dll
[2010/08/18 11:56:56 | 000,695,808 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycomc.dll
[2010/08/18 11:56:56 | 000,659,456 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyhbn3.dll
[2010/08/18 11:56:56 | 000,566,192 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycoms.exe
[2010/08/18 11:56:56 | 000,487,424 | ---- | C] ( ) -- C:\Windows\SysNative\lxcylmpm.dll
[2010/08/18 11:56:56 | 000,409,600 | ---- | C] ( ) -- C:\Windows\SysNative\lxcypmui.dll
[2010/08/18 11:56:56 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyhcp.dll
[2010/08/18 11:56:56 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycomm.dll
[2010/08/18 11:56:56 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyinpa.dll
[2010/08/18 11:56:56 | 000,235,952 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycfg.exe
[2010/08/18 11:56:56 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyih.exe
[2010/08/18 11:56:56 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyiesc.dll
[2010/08/18 11:56:56 | 000,064,512 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\lxcycfg.dll
[2010/08/18 11:56:56 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyprox.dll
[2010/08/18 11:56:56 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysNative\lxcypplc.dll
[2010/08/18 11:56:41 | 000,000,000 | ---D | C] -- C:\lexmark
[2010/08/01 14:14:52 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\BuildAGadget Content
[2010/07/21 09:12:49 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\NetDrive
[2010/07/21 01:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\MacroData Inc
[2010/07/21 00:35:02 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\ED94F68E3DA3E0F8A902F5D0AE37AC5C
[2010/07/19 21:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam 2.4
[2010/07/19 21:11:27 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\ManyCam
[2010/07/19 21:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010/07/12 16:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Video Converter
[2010/07/09 13:48:33 | 000,000,000 | ---D | C] -- C:\Windows Loader v1.8.3
[2010/07/05 17:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/07/05 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/05 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/07/03 20:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/07/03 20:08:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/03 20:02:58 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Windows Live
[2010/07/03 00:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010/06/25 22:41:30 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Nero
[2010/06/24 23:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plusmedia_uk
[2010/06/24 23:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/06/15 21:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2010/06/15 20:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2010/06/15 20:44:15 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\NeoSmart_Technologies
[2010/06/15 20:44:09 | 000,000,000 | ---D | C] -- C:\Boot
[2010/06/15 20:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoSmart Technologies
[2010/06/15 20:07:15 | 000,000,000 | ---D | C] -- C:\Windows Loader
[2010/06/15 14:26:31 | 000,000,000 | ---D | C] -- C:\hitachi
[2010/06/14 13:43:45 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\StreamTorrent
[2010/06/14 13:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamTorrent 1.0
[2010/06/14 13:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TVU Networks
[2010/06/14 13:41:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVUPlayer

========== Files - Modified Within 90 Days ==========

[2010/09/11 15:44:08 | 006,029,312 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT
[2010/09/11 15:42:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-598359188-3929195914-4074301146-1000UA.job
[2010/09/11 15:04:11 | 000,023,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/11 15:04:11 | 000,023,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/11 14:59:05 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2010/09/11 14:59:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/11 14:58:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/11 14:58:50 | 3117,015,040 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/11 11:36:58 | 000,002,933 | ---- | M] () -- C:\Users\Tom\Desktop\HiJackThis.lnk
[2010/09/09 19:22:32 | 000,036,352 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/09 17:41:49 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/09/09 16:05:09 | 000,239,623 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0235_2.jpg
[2010/09/09 15:49:47 | 001,223,970 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0235.JPG
[2010/09/09 15:32:55 | 000,437,515 | ---- | M] () -- C:\Users\Tom\Desktop\hair_front.jpg
[2010/09/09 15:31:53 | 000,474,944 | ---- | M] () -- C:\Users\Tom\Desktop\hair_side2.jpg
[2010/09/09 15:30:27 | 000,506,710 | ---- | M] () -- C:\Users\Tom\Desktop\hair_side1.jpg
[2010/09/09 15:29:43 | 001,148,662 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0213.JPG
[2010/09/09 15:25:31 | 001,313,169 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0231.JPG
[2010/09/09 15:24:35 | 001,221,183 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0240.JPG
[2010/09/08 23:08:29 | 000,241,507 | ---- | M] () -- C:\Users\Tom\Documents\Stickam Client - All Icons.rar
[2010/09/08 23:06:30 | 000,001,061 | ---- | M] () -- C:\Users\Tom\Desktop\proXPN.lnk
[2010/09/08 23:06:30 | 000,000,501 | ---- | M] () -- C:\Windows\win.ini
[2010/09/08 18:24:54 | 000,000,132 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/09/07 16:59:03 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2010/09/07 12:17:10 | 000,001,015 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeVPN.lnk
[2010/09/07 04:41:00 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-598359188-3929195914-4074301146-1000Core.job
[2010/09/07 02:52:30 | 000,000,958 | ---- | M] () -- C:\Users\Tom\AppData\Local\7F68A003.il
[2010/09/07 02:52:30 | 000,000,280 | ---- | M] () -- C:\Users\Tom\AppData\Local\IndexIE_7F68A003.il
[2010/09/06 21:59:11 | 003,923,248 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0186.MOV
[2010/09/05 01:01:19 | 000,000,132 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/09/02 18:54:41 | 000,001,456 | ---- | M] () -- C:\Users\Tom\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/09/01 15:03:43 | 004,997,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/31 22:26:46 | 000,115,056 | ---- | M] () -- C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/31 17:54:08 | 001,283,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/31 17:54:08 | 000,633,562 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/31 17:54:08 | 000,479,444 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2010/08/31 17:54:08 | 000,113,468 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/31 17:54:08 | 000,087,466 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2010/08/29 20:00:22 | 000,000,050 | ---- | M] () -- C:\Windows\MegaManager.INI
[2010/08/23 15:59:28 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/18 11:57:49 | 000,018,327 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/08/12 18:17:13 | 000,088,730 | ---- | M] () -- C:\Users\Tom\Documents\Tom6.pdf
[2010/08/12 16:47:58 | 000,088,583 | ---- | M] () -- C:\Users\Tom\Documents\Tom5.pdf
[2010/08/12 12:12:28 | 000,088,560 | ---- | M] () -- C:\Users\Tom\Documents\Tom4.pdf
[2010/08/12 12:10:55 | 000,088,511 | ---- | M] () -- C:\Users\Tom\Documents\Tom3.pdf
[2010/07/25 01:46:21 | 000,045,389 | ---- | M] () -- C:\Users\Tom\Documents\Untitled.wma
[2010/07/19 21:11:47 | 000,001,929 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam 2.4.lnk
[2010/07/12 16:37:31 | 000,001,008 | ---- | M] () -- C:\Users\Tom\Desktop\Total Video Converter.lnk
[2010/07/12 16:37:31 | 000,001,001 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk
[2010/07/09 13:49:46 | 000,331,521 | RHS- | M] () -- C:\KMWIU
[2010/07/09 13:49:46 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2010/07/05 17:10:38 | 000,002,515 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/30 20:37:28 | 008,144,532 | ---- | M] () -- C:\Users\Tom\Documents\ICE_CUBE-DRINK_THE_KOOLAID_@_PAIDDUES2010_(HQ).mp4
[2010/06/25 16:32:58 | 000,001,173 | ---- | M] () -- C:\Users\Tom\Desktop\IETester.lnk
[2010/06/15 22:56:28 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010/06/15 22:56:28 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/06/15 22:56:28 | 000,065,536 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TM.blf

========== Files Created - No Company Name ==========

[2010/09/11 11:36:58 | 000,002,933 | ---- | C] () -- C:\Users\Tom\Desktop\HiJackThis.lnk
[2010/09/09 16:05:09 | 000,239,623 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0235_2.jpg
[2010/09/09 15:49:54 | 001,223,970 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0235.JPG
[2010/09/09 15:31:52 | 000,474,944 | ---- | C] () -- C:\Users\Tom\Desktop\hair_side2.jpg
[2010/09/09 15:30:25 | 000,506,710 | ---- | C] () -- C:\Users\Tom\Desktop\hair_side1.jpg
[2010/09/09 15:29:26 | 000,437,515 | ---- | C] () -- C:\Users\Tom\Desktop\hair_front.jpg
[2010/09/09 15:27:23 | 001,148,662 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0213.JPG
[2010/09/09 15:25:22 | 001,313,169 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0231.JPG
[2010/09/09 15:24:23 | 001,221,183 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0240.JPG
[2010/09/08 23:08:10 | 000,241,507 | ---- | C] () -- C:\Users\Tom\Documents\Stickam Client - All Icons.rar
[2010/09/08 23:06:30 | 000,001,061 | ---- | C] () -- C:\Users\Tom\Desktop\proXPN.lnk
[2010/09/07 16:57:17 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2010/09/07 12:17:10 | 000,001,015 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeVPN.lnk
[2010/09/06 22:34:03 | 003,923,248 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0186.MOV
[2010/08/29 20:00:22 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2010/08/23 15:59:28 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/18 11:57:06 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcycomx.dll
[2010/08/18 11:57:06 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcyinst.dll
[2010/08/18 11:57:05 | 000,581,173 | ---- | C] () -- C:\Windows\SysWow64\lxcyhelp.chm
[2010/08/18 11:57:04 | 000,001,834 | ---- | C] () -- C:\Windows\SysWow64\lxcy.loc
[2010/08/18 11:56:56 | 000,581,173 | ---- | C] () -- C:\Windows\SysNative\lxcyhelp.chm
[2010/08/18 11:56:56 | 000,194,048 | ---- | C] () -- C:\Windows\SysNative\lxcyinst.dll
[2010/08/18 11:56:56 | 000,018,327 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/08/18 11:56:56 | 000,001,834 | ---- | C] () -- C:\Windows\SysNative\lxcy.loc
[2010/08/12 18:17:13 | 000,088,730 | ---- | C] () -- C:\Users\Tom\Documents\Tom6.pdf
[2010/08/12 16:47:53 | 000,088,583 | ---- | C] () -- C:\Users\Tom\Documents\Tom5.pdf
[2010/08/12 12:12:25 | 000,088,560 | ---- | C] () -- C:\Users\Tom\Documents\Tom4.pdf
[2010/08/12 12:10:49 | 000,088,511 | ---- | C] () -- C:\Users\Tom\Documents\Tom3.pdf
[2010/07/25 01:46:21 | 000,045,389 | ---- | C] () -- C:\Users\Tom\Documents\Untitled.wma
[2010/07/19 21:11:47 | 000,001,929 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam 2.4.lnk
[2010/07/12 16:37:31 | 000,001,008 | ---- | C] () -- C:\Users\Tom\Desktop\Total Video Converter.lnk
[2010/07/12 16:37:31 | 000,001,001 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk
[2010/07/09 13:49:46 | 000,331,521 | RHS- | C] () -- C:\KMWIU
[2010/07/09 13:49:46 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2010/06/30 20:36:16 | 008,144,532 | ---- | C] () -- C:\Users\Tom\Documents\ICE_CUBE-DRINK_THE_KOOLAID_@_PAIDDUES2010_(HQ).mp4
[2010/06/15 22:50:26 | 000,524,288 | -HS- | C] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010/06/15 22:50:26 | 000,524,288 | -HS- | C] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/06/15 22:50:26 | 000,065,536 | -HS- | C] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TM.blf
[2010/06/15 20:44:09 | 000,383,562 | ---- | C] () -- C:\bootmgr
[2010/06/15 14:27:39 | 000,102,400 | ---- | C] () -- C:\Windows\SysNative\ScsiOat.dll
[2010/06/08 16:31:10 | 000,001,456 | ---- | C] () -- C:\Users\Tom\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/06/06 22:18:24 | 000,000,601 | ---- | C] () -- C:\ProgramData\LmeUSB.log
[2010/06/06 22:18:24 | 000,000,600 | ---- | C] () -- C:\ProgramData\LSDmbTH.log
[2010/06/06 22:09:44 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll
[2010/06/06 20:58:58 | 000,000,600 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\PUTTY.RND
[2010/06/06 20:50:12 | 000,000,600 | ---- | C] () -- C:\Users\Tom\AppData\Local\PUTTY.RND
[2010/05/02 18:15:20 | 000,000,132 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/02 18:10:37 | 000,000,132 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/04/21 14:26:24 | 000,260,608 | ---- | C] () -- C:\Windows\SysWow64\TWAVBX32.DLL
[2010/04/21 14:26:23 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ILXTBS.DLL
[2010/04/18 12:07:03 | 000,000,017 | ---- | C] () -- C:\Users\Tom\AppData\Local\resmon.resmoncfg
[2010/04/18 11:55:44 | 000,003,235 | ---- | C] () -- C:\Users\Tom\AppData\Local\Temp19.html
[2010/04/18 11:55:33 | 000,000,778 | ---- | C] () -- C:\Users\Tom\AppData\Local\Temp1.html
[2010/04/06 18:54:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/04/02 15:21:07 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/03/24 21:48:22 | 000,000,609 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\AutoGK.ini
[2010/02/23 14:28:09 | 000,000,958 | ---- | C] () -- C:\Users\Tom\AppData\Local\7F68A003.il
[2010/02/23 14:28:09 | 000,000,280 | ---- | C] () -- C:\Users\Tom\AppData\Local\IndexIE_7F68A003.il
[2010/02/23 10:53:55 | 000,000,052 | ---- | C] () -- C:\Windows\SysWow64\windriver32.ini
[2010/02/19 10:31:32 | 000,036,352 | ---- | C] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/09 09:22:52 | 000,001,037 | ---- | C] () -- C:\Users\Tom\AppData\Local\Account.atomsvc
[2010/02/08 17:27:03 | 000,000,600 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\winscp.rnd
[2010/02/05 19:53:25 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/02/05 19:53:25 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/01/31 15:00:29 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/01/30 00:50:45 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\blackra1n.log
[2010/01/30 00:48:40 | 000,608,256 | ---- | C] () -- C:\Program Files (x86)\blackra1n.exe
[2010/01/30 00:01:01 | 000,740,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/20 19:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005/11/11 17:39:00 | 000,001,620 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2003/11/25 17:05:20 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\UNLHA32.DLL
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[1998/01/15 14:46:22 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\OatLHA.DLL

========== LOP Check ==========

[2010/03/31 17:28:16 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\.purple
[2010/09/10 15:03:36 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\AAE416E17857DF994CB5852EE8BD7BD9
[2010/09/08 19:39:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Audacity
[2010/02/08 23:14:41 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Bioshock2
[2010/01/31 15:00:37 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\BITS
[2010/05/02 18:03:00 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/23 12:33:20 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2010/01/30 00:24:34 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DAEMON Tools Lite
[2010/08/31 16:19:35 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ED94F68E3DA3E0F8A902F5D0AE37AC5C
[2010/01/31 23:33:34 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\FlashFXP
[2010/02/01 12:54:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\FlashGet
[2010/01/31 15:00:14 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\FlashGetBHO
[2010/08/30 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\fltk.org
[2010/04/05 19:55:53 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\GrabPro
[2010/01/30 00:33:28 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\gtopala
[2010/08/11 18:36:45 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\IMVU
[2010/04/25 20:19:02 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\IMVU Previewer
[2010/07/21 23:56:50 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\IMVUClient
[2010/01/31 16:28:35 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Leadertech
[2010/07/19 21:33:09 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ManyCam
[2010/03/30 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Megaupload
[2010/05/14 12:57:20 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\MySQL
[2010/07/21 20:23:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\NetDrive
[2010/02/23 14:28:46 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\NewsLeecher
[2010/06/02 23:15:23 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Orbit
[2010/02/01 18:09:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Songbird2
[2010/06/10 19:22:04 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Spotify
[2010/09/03 15:46:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/14 13:43:45 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\StreamTorrent
[2010/02/21 16:13:47 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\SystemRequirementsLab
[2010/04/10 22:54:43 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TeamViewer
[2010/09/11 15:40:20 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\uTorrent
[2010/04/10 20:26:29 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Vivox
[2010/06/07 19:09:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\WinAVI
[2010/05/11 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\WinFF
[2010/06/03 09:18:27 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Xilisoft Corporation
[2010/03/09 13:53:56 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Youtube Downloader HD
[2010/07/23 14:09:03 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/03/23 13:05:32 | 000,001,024 | ---- | M] () -- C:\.rnd
[2001/09/19 13:00:00 | 000,037,710 | ---- | M] () -- C:\76BE.SET
[2009/07/14 02:38:58 | 000,383,562 | ---- | M] () -- C:\bootmgr
[2010/05/03 17:17:39 | 000,019,908 | ---- | M] () -- C:\Driver.txt
[2010/05/03 17:17:47 | 004,448,992 | ---- | M] () -- C:\Event.txt
[2010/09/11 14:58:50 | 3117,015,040 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/09 13:49:46 | 000,331,521 | RHS- | M] () -- C:\KMWIU
[2010/09/11 15:33:36 | 000,026,492 | ---- | M] () -- C:\lxcy.log
[2010/09/11 14:59:06 | 000,051,399 | ---- | M] () -- C:\ndsvc.log
[2010/09/11 14:58:53 | 4156,022,784 | -HS- | M] () -- C:\pagefile.sys
[2010/09/11 11:31:28 | 000,000,339 | ---- | M] () -- C:\rkill.log
[2010/05/03 17:17:37 | 002,898,952 | ---- | M] () -- C:\System.nfo
[2010/05/03 17:18:18 | 011,266,081 | ---- | M] () -- C:\System.txt
[2010/07/09 13:49:46 | 000,000,020 | RHS- | M] () -- C:\win7.ld

< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/01/15 00:07:19 | 000,608,256 | ---- | M] () -- C:\Program Files (x86)\blackra1n.exe
[2010/01/30 00:50:45 | 000,000,000 | ---- | M] () -- C:\Program Files (x86)\blackra1n.log
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/01/31 15:54:32 | 000,000,221 | -HS- | M] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/04 02:33:06 | 000,000,402 | -HS- | M] () -- C:\Users\Tom\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/06/12 16:34:09 | 000,000,601 | ---- | M] () -- C:\ProgramData\LmeUSB.log
[2010/06/12 16:34:10 | 000,000,600 | ---- | M] () -- C:\ProgramData\LSDmbTH.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2009/06/10 22:17:19 | 000,116,288 | ---- | M] () -- C:\Windows\SysWOW64\PerfCenterCpl.ico

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

[Datastream]

OTL Extras logfile created on: 11/09/2010 15:41:35 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = K:\
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 136.81 Gb Free Space | 45.90% Space Free | Partition Type: NTFS
Drive D: | 372.60 Gb Total Space | 5.25 Gb Free Space | 1.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 137.53 Gb Free Space | 29.53% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 64.00 Gb Free Space | 27.48% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 931.41 Gb Total Space | 691.23 Gb Free Space | 74.21% Space Free | Partition Type: NTFS
Drive K: | 3.74 Gb Total Space | 3.55 Gb Free Space | 95.03% Space Free | Partition Type: FAT32
Drive Y: | 465.76 Gb Total Space | 137.53 Gb Free Space | 29.53% Space Free | Partition Type: NTFS

Computer Name: YTD2
Current User Name: Tom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Users\Tom\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Users\Tom\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55C09FC1-D2D8-495A-BD80-D6725F0DCA58}" = Logitech GamePanel Software 3.04.137
"{5F67177B-77D9-4E19-B98A-514C45C9CF6D}" = O&O PartitionManager Professional
"{5F94D3B9-2B02-9C37-740B-A59C7B8D17CC}" = ATI Catalyst Install Manager
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{66F644DA-4ED8-4D03-83D2-A7156AA562BC}" = ESET NOD32 Antivirus
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A792E67C-FDA4-A301-0C3C-53BA86EFBB5A}" = ccc-utility64
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.1
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"Lexmark 3400 Series" = Lexmark 3400 Series
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"NodEnabler" = NodEnabler 3.0
"WhoCrashed_is1" = WhoCrashed 2.10
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05580173-6EF3-419A-84BE-C4D12EA6661A}" = iPhoneModem
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D6A24EA-A543-6C84-351E-D7646E7AB86E}" = Catalyst Control Center InstallProxy
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E981E45-833E-44C4-AB75-3668AA77F8EC}" = Adobe Flash Media Live Encoder 3
"{3F50DB28-EE74-4C81-A3C6-3543D8B9BB31}" = MyDesktopHelp.Com's Hosts Editor
"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{41BB38A4-ED84-4682-8329-042FEBD8C30B}" = Mega Manager
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47CAFF95-C3D8-ABF2-70BC-89DE00D8FB19}" = Catalyst Control Center Graphics Light
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4962EBAC-AE7C-1B22-1EA0-0916A7E40954}" = Catalyst Control Center Graphics Full Existing
"{49A62E2B-B35C-941D-DF48-601207CF14C0}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{561D28C5-9468-45F1-A567-FFB770322E66}" = EZPhone Cam
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64F8B9AF-983F-48CE-ABBB-F62BEC02C5A0}" = System Requirements Lab
"{66CFECBB-36FE-EE88-5623-BC7A29A91C3C}" = Zoosk Messenger
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A490E11-6C8A-777C-4E00-43F3CC16A1EC}" = CCC Help English
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77919701-C3E7-09AA-D2F7-DBF42CD7C13D}" = Catalyst Control Center HydraVision Full
"{78B2F09F-BDC7-7865-CF4C-233B64A3BE51}" = Catalyst Control Center Graphics Full New
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8B90B77D-3520-4C14-83DF-1CC1B2451F57}" = Windows Live Messenger Translator Add-In
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADE9794-F65D-11BE-051B-B6E52B5CDD04}" = Adobe Community Help
"{9E88FCF0-8413-4451-870A-621762E2B1CD}" = ZoomCam M1598
"{A0B0BCE9-2994-36F2-BE66-D23C884372E8}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9DCC49B-E188-4A4D-8125-5E66121CBA53}" = Gabtastik
"{AA2EBBCC-4E3B-3442-865E-7BB3E9F45F0C}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_934" = Adobe Acrobat 9.3.4 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7618997-1B89-4680-A39B-342BBEF8E0D6}_is1" = FreeVPN v3.22
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5344219-9988-480B-8D1F-EFAB0EEF3F3C}" = VMware vCenter Converter Standalone
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D241BBEC-B1C7-7953-EDDE-D90A654A8D2C}" = ccc-core-static
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D5C24E77-099E-9B84-5BE2-708E70B938A9}" = Catalyst Control Center Core Implementation
"{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC4757E2-BAE3-0BFE-C6E5-576CB911FF52}" = Catalyst Control Center Graphics Previews Vista
"{DCB4E1D9-B187-4B54-971E-1478485C9A53}" = Live Mesh
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EB5BA578-FF7F-3863-8E53-7A003222B7FC}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{EB6C11E5-449C-3BA3-9086-80B18BCFF947}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F92AB933-9FE7-4335-92BD-D1C3BA27613C}" = 3ds max 7
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}" = MySQL Tools for 5.0
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"BlazeDTV 6.0_is1" = BlazeDTV 6.0
"Cain & Abel v4.9.35" = Cain & Abel v4.9.35
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"Celebrity Toolbar" = Celebrity Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1" = Zoosk Messenger
"Crysis WARHEAD®" = Crysis WARHEAD®
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDAuthorGUI" = DVDAuthorGUI (remove only)
"EA Download Manager" = EA Download Manager
"EasyBCD" = EasyBCD 1.7.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExtractNow_is1" = ExtractNow
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"FileZilla Server" = FileZilla Server (remove only)
"FlashGet" = FlashGet 1.9.6.1073
"FlashGet(JetCar)" = FlashGet(JetCar)
"Foxit PDF Editor" = Foxit PDF Editor
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HaaliMkx" = Haali Media Splitter
"HardwareOC Crysis Warhead Benchmark v1.0.0.0_is1" = HardwareOC Crysis Warhead Benchmark v1.0.0.0
"HiDownload Platinum_is1" = HiDownloadPlatinum
"IETester" = IETester v0.4.4 (remove only)
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"JSMS 4.3.5" = JSMS
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Messenger Plus! Live" = Messenger Plus! Live
"mIRC" = mIRC
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NetDrive" = NetDrive
"NewsLeecher_is1" = NewsLeecher v3.9 Final
"Orbit_is1" = Orbit Downloader
"Pidgin" = Pidgin
"Plusmedia_uk Toolbar" = Plusmedia_uk Toolbar
"Polipo" = Polipo 1.0.4.1
"Politikens Engelsk-Dansk QUICKfind-Ordbog" = Politikens Engelsk-Dansk QUICKfind-Ordbog
"proXPN" = proXPN 2.2.7
"PunkBusterSvc" = PunkBuster Services
"ReNamer_is1" = ReNamer
"Songbird-release-1438" = Songbird 1.4.3 (Build 1438)
"Spotify" = Spotify
"ST6UNST #1" = OGT-Diagnostic Tool
"ST6UNST #2" = OGT-Diagnostic Tool (C:\Analysis\)
"StreamTorrent 1.0" = StreamTorrent 1.0
"TeamViewer 5" = TeamViewer 5
"TNod User & Password Finder 1.0.0" = TNod User & Password Finder 1.0.0
"Tor" = Tor 0.2.1.25
"Total Video Converter 3.70_is1" = Total Video Converter 3.70 100621
"TransMac_is1" = TransMac version 9.1
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server" = TVersity Media Server 1.7.4.1 Beta
"TVUPlayer" = TVUPlayer 2.5.3.1
"uTorrent" = µTorrent
"Vidalia" = Vidalia 0.2.7
"VLC media player" = VLC media player 1.0.5
"VMware_Workstation" = VMware Workstation
"VobSub" = VobSub v2.23 (Remove Only)
"WampServer 2_is1" = WampServer 2.0
"WinAVI Video Converter 10.1_is1" = WinAVI Video Converter
"WinFF_is1" = WinFF 1.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"winscp3_is1" = WinSCP 4.2.5
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 1.8.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"IMVU Previewer" = IMVU Tools

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/09/2010 10:44:44 | Computer Name = YTD2 | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2e
Faulting
process id: 0xd38 Faulting application start time: 0x01cb51bfdba54f26 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 1d373a99-bdb3-11df-9402-005056c00008

Error - 11/09/2010 10:44:56 | Computer Name = YTD2 | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2e
Faulting
process id: 0x131c Faulting application start time: 0x01cb51bfe34ebd08 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 24cb3c18-bdb3-11df-9402-005056c00008

Error - 11/09/2010 10:45:26 | Computer Name = YTD2 | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2e
Faulting
process id: 0x758 Faulting application start time: 0x01cb51bff4a160a6 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 362e8959-bdb3-11df-9402-005056c00008

Error - 11/09/2010 10:45:38 | Computer Name = YTD2 | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2e
Faulting
process id: 0x16c Faulting application start time: 0x01cb51bffc460bc7 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 3dc28ad8-bdb3-11df-9402-005056c00008

Error - 11/09/2010 10:45:51 | Computer Name = YTD2 | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2e
Faulting
process id: 0xe18 Faulting application start time: 0x01cb51c003da0d47 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 455db078-bdb3-11df-9402-005056c00008

Error - 11/09/2010 10:46:05 | Computer Name = YTD2 | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2e
Faulting
process id: 0x137c Faulting application start time: 0x01cb51c00b7532e7 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 4dccb090-bdb3-11df-9402-005056c00008

Error - 11/09/2010 10:46:18 | Computer Name = YTD2 | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2e
Faulting
process id: 0x10d0 Faulting application start time: 0x01cb51c013e1d19f Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 55631370-bdb3-11df-9402-005056c00008

Error - 11/09/2010 10:46:47 | Computer Name = YTD2 | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2e
Faulting
process id: 0x65c Faulting application start time: 0x01cb51c0254ea460 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 66d4a8f2-bdb3-11df-9402-005056c00008

Error - 11/09/2010 10:47:00 | Computer Name = YTD2 | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2e
Faulting
process id: 0x13a0 Faulting application start time: 0x01cb51c02cec2b61 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 6e6d6d32-bdb3-11df-9402-005056c00008

Error - 11/09/2010 10:47:13 | Computer Name = YTD2 | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Exception code: 0xc000041d Fault offset: 0x000000000002cc2e
Faulting
process id: 0x1220 Faulting application start time: 0x01cb51c034828e40 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\explorer.exe Report
Id: 760892d2-bdb3-11df-9402-005056c00008

[ Media Center Events ]
Error - 25/03/2010 04:11:27 | Computer Name = Tom-PC | Source = MCUpdate | ID = 0
Description = 08:11:20 - Error connecting to the internet. 08:11:20 - Unable
to contact server..

Error - 30/03/2010 03:16:09 | Computer Name = Tom-PC | Source = MCUpdate | ID = 0
Description = 08:16:04 - Error connecting to the internet. 08:16:04 - Unable
to contact server..

Error - 04/07/2010 09:03:43 | Computer Name = Tom-PC | Source = MCUpdate | ID = 0
Description = 14:03:43 - Error connecting to the internet. 14:03:43 - Unable
to contact server..

Error - 04/07/2010 09:06:55 | Computer Name = Tom-PC | Source = MCUpdate | ID = 0
Description = 14:06:48 - Error connecting to the internet. 14:06:48 - Unable
to contact server..

Error - 22/07/2010 07:22:17 | Computer Name = YTD2 | Source = MCUpdate | ID = 0
Description = 12:22:16 - Error connecting to the internet. 12:22:17 - Unable
to contact server..

Error - 22/07/2010 07:22:50 | Computer Name = YTD2 | Source = MCUpdate | ID = 0
Description = 12:22:46 - Error connecting to the internet. 12:22:46 - Unable
to contact server..

Error - 22/07/2010 08:24:12 | Computer Name = YTD2 | Source = MCUpdate | ID = 0
Description = 13:24:12 - Error connecting to the internet. 13:24:12 - Unable
to contact server..

Error - 22/07/2010 08:24:20 | Computer Name = YTD2 | Source = MCUpdate | ID = 0
Description = 13:24:17 - Error connecting to the internet. 13:24:17 - Unable
to contact server..

Error - 12/08/2010 04:39:40 | Computer Name = YTD2 | Source = MCUpdate | ID = 0
Description = 09:39:40 - Error connecting to the internet. 09:39:40 - Unable
to contact server..

Error - 12/08/2010 04:40:11 | Computer Name = YTD2 | Source = MCUpdate | ID = 0
Description = 09:40:10 - Error connecting to the internet. 09:40:10 - Unable
to contact server..

[ System Events ]
Error - 10/09/2010 12:44:50 | Computer Name = YTD2 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/09/2010 12:44:50 | Computer Name = YTD2 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/09/2010 12:44:57 | Computer Name = YTD2 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/09/2010 12:44:57 | Computer Name = YTD2 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/09/2010 06:08:22 | Computer Name = YTD2 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 17:44:36 on ?10/?09/?2010 was unexpected.

Error - 11/09/2010 06:08:07 | Computer Name = YTD2 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 11/09/2010 09:58:57 | Computer Name = YTD2 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:40:07 on ?11/?09/?2010 was unexpected.

Error - 11/09/2010 09:58:46 | Computer Name = YTD2 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 11/09/2010 10:05:09 | Computer Name = YTD2 | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 11/09/2010 10:05:09 | Computer Name = YTD2 | Source = VDS Basic Provider | ID = 33554433
Description =


< End of report >

[Essexboy]

OK lets shift what I can see then take a deeper look

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.0.0.1:1080
  FF - prefs.js..network.proxy.http_port: 8118
  FF - prefs.js..network.proxy.socks_port: 9050
  FF - prefs.js..network.proxy.ssl_port: 8118
  FF - user.js..keyword.URL: "http://www.afodo.com...ls=twSUezfG&q="
  O33 - MountPoints2\{42cfb8ff-0d26-11df-8948-6cf04908190f}\Shell\AutoRun\command - "" = H:\Setup\oocdrun.exe -- File not found
  [2010/09/07 02:52:30 | 000,000,958 | ---- | M] () -- C:\Users\Tom\AppData\Local\7F68A003.il
  [2010/09/07 02:52:30 | 000,000,280 | ---- | M] () -- C:\Users\Tom\AppData\Local\IndexIE_7F68A003.il
  [2010/02/23 14:28:09 | 000,000,958 | ---- | C] () -- C:\Users\Tom\AppData\Local\7F68A003.il
  [2010/02/23 14:28:09 | 000,000,280 | ---- | C] () -- C:\Users\Tom\AppData\Local\IndexIE_7F68A003.il
  
  :Reg
  [-HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\a5x3tq]
  
  :Files
  ipconfig /flushdns /c
  C:\Users\Tom\AppData\Local\Temp\202fbh.exe
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download avz4.zip from here

• Unzip it to your desktop to a folder named avz4
• Double click on AVZ.exe to run it.
• Run an update by clicking the Auto Update button on the Right of the Log window:
• Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

• Start AVZ.
  
• Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with Malware removal mode enabled " check box.
  
• Click on the “Execute selected scripts”.
• Automatic scanning, healing and system check will be executed.
• A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
• It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
• All applications will work properly after the system restart.

When restarted

• Start AVZ.
  
• Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis " check box.
  
• Click on the "Execute selected scripts".
• A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

[Datastream]

I will run that now.

Can you tell if it was botnet or some virus which sends logs of my personal data such as browser passwords to a server?

Edited by Datastream, 11 September 2010 - 09:33 AM.

[Essexboy]

Not at the moment I will need to see the data that AVZ gives me

After the reboot from OTL could you let me know what the current problems are

[Datastream]

AVZ Is still in the process of the first scan

OTL didnt do anything.
But it did flush my hosts file which i should have backed up : (

Also i accidently ran it from my flash drive - i think i may have disconected it as soon as i rebooted (or soon after) - will that have affected the cleaning process upon startup?

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: 8118 removed from network.proxy.http_port
Prefs.js: 9050 removed from network.proxy.socks_port
Prefs.js: 8118 removed from network.proxy.ssl_port
C:\Users\Tom\AppData\Roaming\Mozilla\FireFox\Profiles\qxgdwdt0.default\user.js moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42cfb8ff-0d26-11df-8948-6cf04908190f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42cfb8ff-0d26-11df-8948-6cf04908190f}\ not found.
File H:\Setup\oocdrun.exe not found.
C:\Users\Tom\AppData\Local\7F68A003.il moved successfully.
C:\Users\Tom\AppData\Local\IndexIE_7F68A003.il moved successfully.
File C:\Users\Tom\AppData\Local\7F68A003.il not found.
File C:\Users\Tom\AppData\Local\IndexIE_7F68A003.il not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\a5x3tq\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
K:\cmd.bat deleted successfully.
K:\cmd.txt deleted successfully.
C:\Users\Tom\AppData\Local\Temp\202fbh.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Tom
->Temp folder emptied: 55095581 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 4449654 bytes
->FireFox cache emptied: 49324723 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 65809 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 97499307 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 1971538 bytes

Total Files Cleaned = 199.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Tom
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.11.0 log created on 09112010_163827

Files\Folders moved on Reboot...
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1600.log moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Edited by Datastream, 11 September 2010 - 10:31 AM.

[Datastream]

Ah, well i have alot of password stored on firefox, but i've added a master password so i'm not sure if that could stop it?

I hope it didnt capture those or my ftp passwords.

Edited by Datastream, 11 September 2010 - 10:25 AM.

[Datastream]

Both scans with AVZ have completed
Just to be clear i am only scanning the C Drive (Windows) - since its the operating system that is infected right?
I have 4 STORAGE drives which are from 500GB-1TB. I just disconnected after scans.

Attached Files

•  virusinfo_syscheck.zip   64.14KB   194 downloads
•  virusinfo_syscure.zip   63.04KB   183 downloads

Edited by Datastream, 11 September 2010 - 11:03 AM.

[Essexboy]

This is quite stubborn - I will need to run an AVP scan to ensure that it goes. With this initially just check your C drive as a few TB would take forever to scan

AVZ FIX

• Double click on AVZ.exe
• Click File > Custom scripts
• Copy & paste the contents of the following codebox in the box in the program (start with begin and end with end )
  

  begin
  SetAVZPMStatus(True);
  SetAVZGuardStatus(True);
  SearchRootkit(true, true);
   RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','a5x3tq');
   BC_DeleteFile('C:\Users\Tom\AppData\Local\Temp\202fbh.exe');
   DeleteFile('C:\Users\Tom\AppData\Local\Temp\202fbh.exe');
  BC_ImportDeletedList;
  BC_ImportAll;
  ExecuteSysClean;
  BC_Activate;
  RebootWindows(true);
  end.

• Note: When you run the script, your PC will be restarted
• Click Run
• Restart your PC if it doesn't do it automatically.

ON COMPLETION

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• Accept the Licence agreement and click on next
• It will by default install it to your desktop folder.Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• Hidden Startup Objects
• System Memory
• Disk Boot Sectors.
• My Computer.
  

Leave the rest of the settings as they appear as default.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

[Datastream]

When i tried to run that custom script with AVZ it crashed the program.
I cannot copy the log so i will just type what i can see.

Function user32.dll:DefDlgProcW 1657 intercepted, method - procaddresshijack,getprocaddress ->76975f5 hook user32.dll.DefDlGProcA 1657 blocked

Should i continue and run the AVP Tool?

[Essexboy]

Yes as something stopped AVZ from deleting the registry key