Scan has been running for 2hours22minutes and still only 39% complete.
It found some traces of trojan droppers in some location.
Edited by Datastream, 11 September 2010 - 07:05 PM.
> Virus crashing system (even in safe mode)
Started by
Datastream
, Sep 11 2010 02:35 AM
-
This topic is locked
#16
Posted 11 September 2010 - 04:43 PM
Datastream
- Topic Starter
-
- Member
-
- 20 posts
Member
Scan has been running for 2hours22minutes and still only 39% complete.
It found some traces of trojan droppers in some location.
#17
Posted 12 September 2010 - 03:29 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
This is a thorugh scan so it wil take a while 
#18
Posted 12 September 2010 - 04:54 AM
Datastream
- Topic Starter
-
- Member
-
- 20 posts
Member
It finished scanning but i accidently forgot to save the log.
I looked at the report though and the only maliciuous file it found was a trojan dropper, which was quarantined & deleted.
After windows rebooted, antimalwarebytes protection said it found some spyware in windows/temp.
The process Explorer.exe is still crashing/looping
I looked at the report though and the only maliciuous file it found was a trojan dropper, which was quarantined & deleted.
After windows rebooted, antimalwarebytes protection said it found some spyware in windows/temp.
The process Explorer.exe is still crashing/looping
Edited by Datastream, 12 September 2010 - 04:55 AM.
#19
Posted 12 September 2010 - 04:59 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Lets try OTL again now and see if it works this time
Run OTL
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: a5x3tq = C:\Users\Tom\AppData\Local\Temp\202fbh.exe ()
:Files
C:\Users\Tom\AppData\Local\Temp\202fbh.exe
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again Select All Users and click the Quick Scan button. Post the log it produces in your next reply.
#20
Posted 12 September 2010 - 05:26 AM
Datastream
- Topic Starter
-
- Member
-
- 20 posts
Member
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\a5x3tq deleted successfully.
File C:\Users\Tom\AppData\Local\Temp\202fbh.exe not found.
========== FILES ==========
File\Folder C:\Users\Tom\AppData\Local\Temp\202fbh.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Tom
->Temp folder emptied: 7188 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 264788 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1330217 bytes
Total Files Cleaned = 2.00 mb
[EMPTYFLASH]
User: All Users
User: AppData
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: Tom
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.11.0 log created on 09122010_121103
Files\Folders moved on Reboot...
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1296.log moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
Registry entries deleted on Reboot...
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\a5x3tq deleted successfully.
File C:\Users\Tom\AppData\Local\Temp\202fbh.exe not found.
========== FILES ==========
File\Folder C:\Users\Tom\AppData\Local\Temp\202fbh.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Tom
->Temp folder emptied: 7188 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 264788 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1330217 bytes
Total Files Cleaned = 2.00 mb
[EMPTYFLASH]
User: All Users
User: AppData
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: Tom
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.11.0 log created on 09122010_121103
Files\Folders moved on Reboot...
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1296.log moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
Registry entries deleted on Reboot...
#21
Posted 12 September 2010 - 05:26 AM
Datastream
- Topic Starter
-
- Member
-
- 20 posts
Member
OTL logfile created on: 12/09/2010 12:15:35 - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = K:\
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 136.23 Gb Free Space | 45.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 3.74 Gb Total Space | 3.47 Gb Free Space | 92.88% Space Free | Partition Type: FAT32
Computer Name: YTD2
Current User Name: Tom
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/10 16:58:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
PRC - [2010/09/09 02:20:00 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/25 19:39:36 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2010/03/18 10:29:50 | 005,140,264 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/03/18 10:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/01/30 00:00:08 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/01/22 23:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/01/22 23:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/01/22 23:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010/01/22 22:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/12/31 00:24:34 | 000,703,488 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/08/29 07:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/05/14 16:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/05/01 13:54:44 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
PRC - [2009/04/17 21:59:38 | 000,428,592 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
PRC - [2009/04/17 21:42:56 | 000,428,592 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
PRC - [2007/07/17 15:48:16 | 000,180,224 | ---- | M] () -- C:\Windows\SysWOW64\WinService.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
========== Modules (SafeList) ==========
MOD - [2010/09/10 16:58:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnat.exe -- (VMware NAT Service)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnetdhcp.exe -- (VMnetDHCP)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010/06/29 09:23:28 | 002,730,496 | ---- | M] (MacroData Inc.) [Auto | Running] -- C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe -- (ndsvc)
SRV:64bit: - [2010/02/03 05:17:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/01 13:39:22 | 000,051,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/31 16:33:22 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 02:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 02:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/05/14 16:54:26 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/05/14 16:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2006/11/29 12:57:36 | 000,566,192 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxcycoms.exe -- (lxcy_device)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/25 19:39:36 | 000,068,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/03/18 10:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/01 13:29:30 | 000,326,792 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/01/31 16:31:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/30 00:00:08 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/01/22 23:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/01/22 23:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/01/22 23:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/01/22 22:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/01/19 00:08:44 | 000,856,064 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Tom\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/12/31 00:24:34 | 000,703,488 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2009/10/20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/09/28 20:35:04 | 000,120,640 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2009/06/17 12:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/04/17 21:59:38 | 000,428,592 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -- (vmware-converter-server)
SRV - [2009/04/17 21:42:56 | 000,428,592 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe -- (vmware-converter-agent)
SRV - [2008/12/10 02:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/08/11 13:40:58 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2007/07/17 15:48:16 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\WinService.exe -- (SCM_Service)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/29 12:57:20 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysWow64\lxcycoms.exe -- (lxcy_device)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\uziymty5.sys -- (uziymty5)
DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/04/23 01:57:00 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/26 20:07:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/03/23 12:37:08 | 000,012,096 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv2.sys -- (mv2)
DRV:64bit: - [2010/02/03 05:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/03 04:23:58 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/01 13:39:23 | 000,010,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2010/01/29 23:31:06 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/28 15:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/22 23:14:36 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/01/22 23:14:34 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/01/22 23:14:30 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/01/22 23:14:30 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/01/22 22:00:44 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/01/22 18:13:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010/01/22 18:12:58 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/01/22 18:12:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/11/23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/09 18:12:42 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2009/10/20 19:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/28 20:35:32 | 000,087,384 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 02:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 02:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 00:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 00:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 17:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009/06/17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 17:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 16:49:56 | 000,121,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/05/14 16:47:16 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/05/14 16:41:14 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/04/30 23:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2009/03/27 02:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/08/11 13:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/08/11 13:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2008/07/26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/03/13 08:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008/02/06 04:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/12/26 10:46:26 | 000,340,992 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v2.sys -- (RTL8187)
DRV:64bit: - [2007/01/19 03:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2010/09/11 18:57:01 | 000,011,264 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\uziymty5.sys -- (uziymty5)
DRV - [2009/12/23 12:03:22 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/10/12 15:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/04/17 21:42:56 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\bmdrvr.sys -- (bmdrvr)
DRV - [2009/04/17 21:42:48 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys -- (vstor2-mntapi10)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2008/08/11 13:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2004/05/05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\PQNTDRV.sys -- (PQNTDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\URLSearchHook: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://shop.thefreevpn.com/home.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 9A CC 05 B8 A2 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files (x86)\Celebrity Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://slumz.boxden....-1&prefixid=h7l | http://www.2dopeboyz.com | http://www.torrentleech.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071300000040
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.10
FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:2.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.42
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {cd617372-6743-4ee4-bac4-fbf60f35719e}:1.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.7.1.11048
FF - prefs.js..keyword.URL: "http://www.afodo.com...ls=twSUezfG&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: ""
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: ""
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/07 23:39:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/31 17:22:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/19 22:54:55 | 000,000,000 | ---D | M]
[2010/04/10 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2010/04/10 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/02/01 18:09:44 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/09/10 00:19:40 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{1483B687-8B6E-4bca-B85D-3CB02696DFC6}
[2010/06/24 23:49:09 | 000,000,000 | ---D | M] (Plusmedia uk Toolbar) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}
[2010/02/01 00:02:04 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/01 00:02:04 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 11:47:29 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/03/30 16:22:58 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010/02/01 00:02:05 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Live PageRank) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{8061ddcf-3632-4287-8d8a-133e219ae838}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (OperaView) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{87f54a61-c9b3-4138-a38a-33c31770bb9e}
[2010/02/01 00:02:05 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/02/01 00:02:05 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/02/01 00:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010/02/01 00:02:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
[2010/02/01 00:02:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/10 22:01:51 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/02/01 00:02:13 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/30 00:42:40 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/01/30 00:42:40 | 000,000,000 | ---D | M] (Autofill) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{F35B2DA4-CECE-D4E8-0BAD-CCD1DF7EE17A}
[2010/01/30 00:42:40 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/01/30 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/06/10 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 00:01:59 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/04/20 11:35:29 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 22:26:17 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 00:02:02 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/07/22 13:05:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2008/12/03 08:58:56 | 000,000,523 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\daemon-search.xml
[2010/08/18 22:40:11 | 000,002,197 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\google-search.xml
[2007/04/26 21:26:56 | 000,001,221 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\music-search-plus.xml
[2008/06/05 12:20:50 | 000,001,386 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\nzbindexnl.xml
[2010/09/10 00:19:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/18 22:40:11 | 000,002,197 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google-search.xml
[2010/02/03 18:59:06 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\MyHeritage.xml
O1 HOSTS File: ([2010/09/11 16:38:32 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
O2 - BHO: (Plusmedia uk Toolbar) - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\Jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\TEXTware\QUICKfind\PlugIns\IEHelp.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Plusmedia uk Toolbar) - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Plusmedia uk Toolbar) - {193D7001-BD9F-48C2-B5C7-69775AA2201D} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [lxcymon.exe] C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/09/11 23:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/09/11 16:50:46 | 000,000,000 | ---D | C] -- C:\avz4
[2010/09/11 11:36:57 | 000,000,000 | ---D | C] -- C:\hjt
[2010/09/10 15:44:14 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/10 15:41:21 | 000,000,000 | ---D | C] -- C:\cf
[2010/09/10 15:37:15 | 000,000,000 | ---D | C] -- C:\New folder
[2010/09/10 15:03:38 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/10 15:03:34 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\AAE416E17857DF994CB5852EE8BD7BD9
[2010/09/09 14:58:31 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\hair
[2010/09/08 23:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\proXPN
[2010/09/07 12:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeVPN
[2010/09/03 15:46:13 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Adobe Mini Bridge CS5
[2010/09/03 15:46:12 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/30 19:41:45 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\fltk.org
[2010/08/30 19:41:36 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\paulstretch_win32-2.0
[2010/08/26 10:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2010/08/25 18:42:04 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Redman_-_Reggie_-_2010
[2010/08/23 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/23 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/18 11:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\lx_cats
[2010/08/18 11:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 3400 Series
[2010/08/18 11:57:06 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyinpa.dll
[2010/08/18 11:57:06 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyiesc.dll
[2010/08/18 11:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 3400 Series
[2010/08/18 11:57:05 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyserv.dll
[2010/08/18 11:57:05 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyusb1.dll
[2010/08/18 11:57:05 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypmui.dll
[2010/08/18 11:57:05 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcylmpm.dll
[2010/08/18 11:57:05 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyih.exe
[2010/08/18 11:57:05 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyppls.exe
[2010/08/18 11:57:05 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyprox.dll
[2010/08/18 11:57:05 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypplc.dll
[2010/08/18 11:57:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyhbn3.dll
[2010/08/18 11:57:04 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomc.dll
[2010/08/18 11:57:04 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycoms.exe
[2010/08/18 11:57:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomm.dll
[2010/08/18 11:57:04 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycfg.exe
[2010/08/18 11:57:04 | 000,077,824 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\lxcycfg.dll
[2010/08/18 11:56:56 | 001,417,728 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyserv.dll
[2010/08/18 11:56:56 | 001,099,264 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyusb1.dll
[2010/08/18 11:56:56 | 000,695,808 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycomc.dll
[2010/08/18 11:56:56 | 000,659,456 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyhbn3.dll
[2010/08/18 11:56:56 | 000,566,192 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycoms.exe
[2010/08/18 11:56:56 | 000,487,424 | ---- | C] ( ) -- C:\Windows\SysNative\lxcylmpm.dll
[2010/08/18 11:56:56 | 000,409,600 | ---- | C] ( ) -- C:\Windows\SysNative\lxcypmui.dll
[2010/08/18 11:56:56 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyhcp.dll
[2010/08/18 11:56:56 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycomm.dll
[2010/08/18 11:56:56 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyinpa.dll
[2010/08/18 11:56:56 | 000,235,952 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycfg.exe
[2010/08/18 11:56:56 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyih.exe
[2010/08/18 11:56:56 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyiesc.dll
[2010/08/18 11:56:56 | 000,064,512 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\lxcycfg.dll
[2010/08/18 11:56:56 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyprox.dll
[2010/08/18 11:56:56 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysNative\lxcypplc.dll
[2010/08/18 11:56:41 | 000,000,000 | ---D | C] -- C:\lexmark
[2010/08/01 14:14:52 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\BuildAGadget Content
[2010/07/21 09:12:49 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\NetDrive
[2010/07/21 01:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\MacroData Inc
[2010/07/21 00:35:02 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\ED94F68E3DA3E0F8A902F5D0AE37AC5C
[2010/07/19 21:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam 2.4
[2010/07/19 21:11:27 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\ManyCam
[2010/07/19 21:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010/07/12 16:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Video Converter
[2010/07/09 13:48:33 | 000,000,000 | ---D | C] -- C:\Windows Loader v1.8.3
[2010/07/05 17:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/07/05 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/05 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/07/03 20:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/07/03 20:08:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/03 20:02:58 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Windows Live
[2010/07/03 00:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010/06/25 22:41:30 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Nero
[2010/06/24 23:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plusmedia_uk
[2010/06/24 23:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/06/15 21:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2010/06/15 20:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2010/06/15 20:44:15 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\NeoSmart_Technologies
[2010/06/15 20:44:09 | 000,000,000 | ---D | C] -- C:\Boot
[2010/06/15 20:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoSmart Technologies
[2010/06/15 20:07:15 | 000,000,000 | ---D | C] -- C:\Windows Loader
[2010/06/15 14:26:31 | 000,000,000 | ---D | C] -- C:\hitachi
[2010/06/14 13:43:45 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\StreamTorrent
[2010/06/14 13:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamTorrent 1.0
[2010/06/14 13:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TVU Networks
[2010/06/14 13:41:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVUPlayer
========== Files - Modified Within 90 Days ==========
[2010/09/12 12:17:33 | 000,023,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/12 12:17:33 | 000,023,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/12 12:13:10 | 006,029,312 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT
[2010/09/12 12:12:29 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2010/09/12 12:12:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/12 12:12:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/12 12:12:17 | 3117,015,040 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/12 11:48:14 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-598359188-3929195914-4074301146-1000UA.job
[2010/09/11 18:57:01 | 000,011,264 | ---- | M] () -- C:\Windows\SysWow64\drivers\uziymty5.sys
[2010/09/11 16:38:32 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/09/11 11:36:58 | 000,002,933 | ---- | M] () -- C:\Users\Tom\Desktop\HiJackThis.lnk
[2010/09/09 19:22:32 | 000,036,352 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/09 17:41:49 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/09/09 16:05:09 | 000,239,623 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0235_2.jpg
[2010/09/09 15:49:47 | 001,223,970 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0235.JPG
[2010/09/09 15:32:55 | 000,437,515 | ---- | M] () -- C:\Users\Tom\Desktop\hair_front.jpg
[2010/09/09 15:31:53 | 000,474,944 | ---- | M] () -- C:\Users\Tom\Desktop\hair_side2.jpg
[2010/09/09 15:30:27 | 000,506,710 | ---- | M] () -- C:\Users\Tom\Desktop\hair_side1.jpg
[2010/09/09 15:29:43 | 001,148,662 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0213.JPG
[2010/09/09 15:25:31 | 001,313,169 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0231.JPG
[2010/09/09 15:24:35 | 001,221,183 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0240.JPG
[2010/09/08 23:08:29 | 000,241,507 | ---- | M] () -- C:\Users\Tom\Documents\Stickam Client - All Icons.rar
[2010/09/08 23:06:30 | 000,001,061 | ---- | M] () -- C:\Users\Tom\Desktop\proXPN.lnk
[2010/09/08 23:06:30 | 000,000,501 | ---- | M] () -- C:\Windows\win.ini
[2010/09/08 18:24:54 | 000,000,132 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/09/07 16:59:03 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2010/09/07 12:17:10 | 000,001,015 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeVPN.lnk
[2010/09/07 04:41:00 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-598359188-3929195914-4074301146-1000Core.job
[2010/09/06 21:59:11 | 003,923,248 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0186.MOV
[2010/09/05 01:01:19 | 000,000,132 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/09/02 18:54:41 | 000,001,456 | ---- | M] () -- C:\Users\Tom\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/09/01 15:03:43 | 004,997,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/31 22:26:46 | 000,115,056 | ---- | M] () -- C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/31 17:54:08 | 001,283,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/31 17:54:08 | 000,633,562 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/31 17:54:08 | 000,479,444 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2010/08/31 17:54:08 | 000,113,468 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/31 17:54:08 | 000,087,466 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2010/08/29 20:00:22 | 000,000,050 | ---- | M] () -- C:\Windows\MegaManager.INI
[2010/08/26 10:53:13 | 000,001,305 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.msn
[2010/08/23 15:59:28 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/18 11:57:49 | 000,018,327 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/08/12 18:17:13 | 000,088,730 | ---- | M] () -- C:\Users\Tom\Documents\Tom6.pdf
[2010/08/12 16:47:58 | 000,088,583 | ---- | M] () -- C:\Users\Tom\Documents\Tom5.pdf
[2010/08/12 12:12:28 | 000,088,560 | ---- | M] () -- C:\Users\Tom\Documents\Tom4.pdf
[2010/08/12 12:10:55 | 000,088,511 | ---- | M] () -- C:\Users\Tom\Documents\Tom3.pdf
[2010/07/25 01:46:21 | 000,045,389 | ---- | M] () -- C:\Users\Tom\Documents\Untitled.wma
[2010/07/19 21:11:47 | 000,001,929 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam 2.4.lnk
[2010/07/12 16:37:31 | 000,001,008 | ---- | M] () -- C:\Users\Tom\Desktop\Total Video Converter.lnk
[2010/07/12 16:37:31 | 000,001,001 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk
[2010/07/09 13:49:46 | 000,331,521 | RHS- | M] () -- C:\KMWIU
[2010/07/09 13:49:46 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2010/06/25 16:32:58 | 000,001,173 | ---- | M] () -- C:\Users\Tom\Desktop\IETester.lnk
[2010/06/15 22:56:28 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010/06/15 22:56:28 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/06/15 22:56:28 | 000,065,536 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TM.blf
========== Files Created - No Company Name ==========
[2010/09/11 18:55:40 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\drivers\uziymty5.sys
[2010/09/11 11:36:58 | 000,002,933 | ---- | C] () -- C:\Users\Tom\Desktop\HiJackThis.lnk
[2010/09/09 16:05:09 | 000,239,623 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0235_2.jpg
[2010/09/09 15:49:54 | 001,223,970 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0235.JPG
[2010/09/09 15:31:52 | 000,474,944 | ---- | C] () -- C:\Users\Tom\Desktop\hair_side2.jpg
[2010/09/09 15:30:25 | 000,506,710 | ---- | C] () -- C:\Users\Tom\Desktop\hair_side1.jpg
[2010/09/09 15:29:26 | 000,437,515 | ---- | C] () -- C:\Users\Tom\Desktop\hair_front.jpg
[2010/09/09 15:27:23 | 001,148,662 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0213.JPG
[2010/09/09 15:25:22 | 001,313,169 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0231.JPG
[2010/09/09 15:24:23 | 001,221,183 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0240.JPG
[2010/09/08 23:08:10 | 000,241,507 | ---- | C] () -- C:\Users\Tom\Documents\Stickam Client - All Icons.rar
[2010/09/08 23:06:30 | 000,001,061 | ---- | C] () -- C:\Users\Tom\Desktop\proXPN.lnk
[2010/09/07 16:57:17 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2010/09/07 12:17:10 | 000,001,015 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeVPN.lnk
[2010/09/06 22:34:03 | 003,923,248 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0186.MOV
[2010/08/29 20:00:22 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2010/08/23 15:59:28 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/18 11:57:06 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcycomx.dll
[2010/08/18 11:57:06 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcyinst.dll
[2010/08/18 11:57:05 | 000,581,173 | ---- | C] () -- C:\Windows\SysWow64\lxcyhelp.chm
[2010/08/18 11:57:04 | 000,001,834 | ---- | C] () -- C:\Windows\SysWow64\lxcy.loc
[2010/08/18 11:56:56 | 000,581,173 | ---- | C] () -- C:\Windows\SysNative\lxcyhelp.chm
[2010/08/18 11:56:56 | 000,194,048 | ---- | C] () -- C:\Windows\SysNative\lxcyinst.dll
[2010/08/18 11:56:56 | 000,018,327 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/08/18 11:56:56 | 000,001,834 | ---- | C] () -- C:\Windows\SysNative\lxcy.loc
[2010/08/12 18:17:13 | 000,088,730 | ---- | C] () -- C:\Users\Tom\Documents\Tom6.pdf
[2010/08/12 16:47:53 | 000,088,583 | ---- | C] () -- C:\Users\Tom\Documents\Tom5.pdf
[2010/08/12 12:12:25 | 000,088,560 | ---- | C] () -- C:\Users\Tom\Documents\Tom4.pdf
[2010/08/12 12:10:49 | 000,088,511 | ---- | C] () -- C:\Users\Tom\Documents\Tom3.pdf
[2010/07/25 01:46:21 | 000,045,389 | ---- | C] () -- C:\Users\Tom\Documents\Untitled.wma
[2010/07/19 21:11:47 | 000,001,929 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam 2.4.lnk
[2010/07/12 16:37:31 | 000,001,008 | ---- | C] () -- C:\Users\Tom\Desktop\Total Video Converter.lnk
[2010/07/12 16:37:31 | 000,001,001 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk
[2010/07/09 13:49:46 | 000,331,521 | RHS- | C] () -- C:\KMWIU
[2010/07/09 13:49:46 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2010/06/15 22:50:26 | 000,524,288 | -HS- | C] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010/06/15 22:50:26 | 000,524,288 | -HS- | C] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/06/15 22:50:26 | 000,065,536 | -HS- | C] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TM.blf
[2010/06/15 20:44:09 | 000,383,562 | ---- | C] () -- C:\bootmgr
[2010/06/15 14:27:39 | 000,102,400 | ---- | C] () -- C:\Windows\SysNative\ScsiOat.dll
[2010/06/08 16:31:10 | 000,001,456 | ---- | C] () -- C:\Users\Tom\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/06/06 22:18:24 | 000,000,601 | ---- | C] () -- C:\ProgramData\LmeUSB.log
[2010/06/06 22:18:24 | 000,000,600 | ---- | C] () -- C:\ProgramData\LSDmbTH.log
[2010/06/06 22:09:44 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll
[2010/06/06 20:58:58 | 000,000,600 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\PUTTY.RND
[2010/06/06 20:50:12 | 000,000,600 | ---- | C] () -- C:\Users\Tom\AppData\Local\PUTTY.RND
[2010/05/02 18:15:20 | 000,000,132 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/02 18:10:37 | 000,000,132 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/04/21 14:26:24 | 000,260,608 | ---- | C] () -- C:\Windows\SysWow64\TWAVBX32.DLL
[2010/04/21 14:26:23 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ILXTBS.DLL
[2010/04/18 12:07:03 | 000,000,017 | ---- | C] () -- C:\Users\Tom\AppData\Local\resmon.resmoncfg
[2010/04/18 11:55:44 | 000,003,235 | ---- | C] () -- C:\Users\Tom\AppData\Local\Temp19.html
[2010/04/18 11:55:33 | 000,000,778 | ---- | C] () -- C:\Users\Tom\AppData\Local\Temp1.html
[2010/04/06 18:54:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/04/02 15:21:07 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/03/24 21:48:22 | 000,000,609 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\AutoGK.ini
[2010/02/23 10:53:55 | 000,000,052 | ---- | C] () -- C:\Windows\SysWow64\windriver32.ini
[2010/02/19 10:31:32 | 000,036,352 | ---- | C] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/09 09:22:52 | 000,001,037 | ---- | C] () -- C:\Users\Tom\AppData\Local\Account.atomsvc
[2010/02/08 17:27:03 | 000,000,600 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\winscp.rnd
[2010/02/05 19:53:25 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/02/05 19:53:25 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/01/31 15:00:29 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/01/30 00:50:45 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\blackra1n.log
[2010/01/30 00:48:40 | 000,608,256 | ---- | C] () -- C:\Program Files (x86)\blackra1n.exe
[2010/01/30 00:01:01 | 000,740,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/20 19:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005/11/11 17:39:00 | 000,001,620 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2003/11/25 17:05:20 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\UNLHA32.DLL
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[1998/01/15 14:46:22 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\OatLHA.DLL
========== LOP Check ==========
[2010/03/31 17:28:16 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\.purple
[2010/09/11 23:56:21 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\AAE416E17857DF994CB5852EE8BD7BD9
[2010/09/08 19:39:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Audacity
[2010/02/08 23:14:41 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Bioshock2
[2010/01/31 15:00:37 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\BITS
[2010/05/02 18:03:00 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/30 00:24:34 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DAEMON Tools Lite
[2010/08/31 16:19:35 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ED94F68E3DA3E0F8A902F5D0AE37AC5C
[2010/01/31 23:33:34 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\FlashFXP
[2010/02/01 12:54:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\FlashGet
[2010/01/31 15:00:14 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\FlashGetBHO
[2010/08/30 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\fltk.org
[2010/04/05 19:55:53 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\GrabPro
[2010/01/30 00:33:28 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\gtopala
[2010/01/31 16:28:35 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Leadertech
[2010/07/19 21:33:09 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ManyCam
[2010/03/30 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Megaupload
[2010/05/14 12:57:20 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\MySQL
[2010/07/21 20:23:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\NetDrive
[2010/02/23 14:28:46 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\NewsLeecher
[2010/06/02 23:15:23 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Orbit
[2010/02/01 18:09:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Songbird2
[2010/06/10 19:22:04 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Spotify
[2010/09/03 15:46:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/14 13:43:45 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\StreamTorrent
[2010/02/21 16:13:47 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\SystemRequirementsLab
[2010/04/10 22:54:43 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TeamViewer
[2010/09/12 12:13:44 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\uTorrent
[2010/04/10 20:26:29 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Vivox
[2010/06/07 19:09:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\WinAVI
[2010/05/11 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\WinFF
[2010/06/03 09:18:27 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Xilisoft Corporation
[2010/03/09 13:53:56 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Youtube Downloader HD
[2010/07/23 14:09:03 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
OTL by OldTimer - Version 3.2.11.0 Folder = K:\
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 136.23 Gb Free Space | 45.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 3.74 Gb Total Space | 3.47 Gb Free Space | 92.88% Space Free | Partition Type: FAT32
Computer Name: YTD2
Current User Name: Tom
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/10 16:58:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
PRC - [2010/09/09 02:20:00 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/25 19:39:36 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2010/03/18 10:29:50 | 005,140,264 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/03/18 10:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/01/30 00:00:08 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/01/22 23:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/01/22 23:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/01/22 23:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010/01/22 22:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/12/31 00:24:34 | 000,703,488 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/08/29 07:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/05/14 16:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/05/01 13:54:44 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
PRC - [2009/04/17 21:59:38 | 000,428,592 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
PRC - [2009/04/17 21:42:56 | 000,428,592 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
PRC - [2007/07/17 15:48:16 | 000,180,224 | ---- | M] () -- C:\Windows\SysWOW64\WinService.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
========== Modules (SafeList) ==========
MOD - [2010/09/10 16:58:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnat.exe -- (VMware NAT Service)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnetdhcp.exe -- (VMnetDHCP)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010/06/29 09:23:28 | 002,730,496 | ---- | M] (MacroData Inc.) [Auto | Running] -- C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe -- (ndsvc)
SRV:64bit: - [2010/02/03 05:17:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/01 13:39:22 | 000,051,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/31 16:33:22 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 02:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 02:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/05/14 16:54:26 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/05/14 16:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2006/11/29 12:57:36 | 000,566,192 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxcycoms.exe -- (lxcy_device)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/25 19:39:36 | 000,068,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/03/18 10:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/01 13:29:30 | 000,326,792 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/01/31 16:31:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/30 00:00:08 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/01/22 23:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/01/22 23:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/01/22 23:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/01/22 22:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/01/19 00:08:44 | 000,856,064 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Tom\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/12/31 00:24:34 | 000,703,488 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2009/10/20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/09/28 20:35:04 | 000,120,640 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2009/06/17 12:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/04/17 21:59:38 | 000,428,592 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -- (vmware-converter-server)
SRV - [2009/04/17 21:42:56 | 000,428,592 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe -- (vmware-converter-agent)
SRV - [2008/12/10 02:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/08/11 13:40:58 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2007/07/17 15:48:16 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\WinService.exe -- (SCM_Service)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/29 12:57:20 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysWow64\lxcycoms.exe -- (lxcy_device)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\uziymty5.sys -- (uziymty5)
DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/04/23 01:57:00 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/26 20:07:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/03/23 12:37:08 | 000,012,096 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv2.sys -- (mv2)
DRV:64bit: - [2010/02/03 05:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/03 04:23:58 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/01 13:39:23 | 000,010,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2010/01/29 23:31:06 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/28 15:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/22 23:14:36 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/01/22 23:14:34 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/01/22 23:14:30 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/01/22 23:14:30 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/01/22 22:00:44 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/01/22 18:13:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010/01/22 18:12:58 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/01/22 18:12:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/11/23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/09 18:12:42 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2009/10/20 19:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/28 20:35:32 | 000,087,384 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 02:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 02:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 00:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 00:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 17:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009/06/17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 17:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 16:49:56 | 000,121,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/05/14 16:47:16 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/05/14 16:41:14 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/04/30 23:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2009/03/27 02:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/08/11 13:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/08/11 13:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2008/07/26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/03/13 08:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008/02/06 04:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/12/26 10:46:26 | 000,340,992 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v2.sys -- (RTL8187)
DRV:64bit: - [2007/01/19 03:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2010/09/11 18:57:01 | 000,011,264 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\uziymty5.sys -- (uziymty5)
DRV - [2009/12/23 12:03:22 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/10/12 15:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/04/17 21:42:56 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\bmdrvr.sys -- (bmdrvr)
DRV - [2009/04/17 21:42:48 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys -- (vstor2-mntapi10)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2008/08/11 13:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2004/05/05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\PQNTDRV.sys -- (PQNTDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\URLSearchHook: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://shop.thefreevpn.com/home.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 9A CC 05 B8 A2 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files (x86)\Celebrity Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://slumz.boxden....-1&prefixid=h7l | http://www.2dopeboyz.com | http://www.torrentleech.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071300000040
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.10
FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:2.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.42
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {cd617372-6743-4ee4-bac4-fbf60f35719e}:1.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.7.1.11048
FF - prefs.js..keyword.URL: "http://www.afodo.com...ls=twSUezfG&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: ""
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: ""
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/07 23:39:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/31 17:22:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/19 22:54:55 | 000,000,000 | ---D | M]
[2010/04/10 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2010/04/10 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/02/01 18:09:44 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/09/10 00:19:40 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{1483B687-8B6E-4bca-B85D-3CB02696DFC6}
[2010/06/24 23:49:09 | 000,000,000 | ---D | M] (Plusmedia uk Toolbar) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}
[2010/02/01 00:02:04 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/01 00:02:04 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 11:47:29 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/03/30 16:22:58 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010/02/01 00:02:05 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Live PageRank) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{8061ddcf-3632-4287-8d8a-133e219ae838}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (OperaView) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{87f54a61-c9b3-4138-a38a-33c31770bb9e}
[2010/02/01 00:02:05 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/02/01 00:02:05 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/02/01 00:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010/02/01 00:02:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
[2010/02/01 00:02:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/10 22:01:51 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/02/01 00:02:13 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/30 00:42:40 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/01/30 00:42:40 | 000,000,000 | ---D | M] (Autofill) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{F35B2DA4-CECE-D4E8-0BAD-CCD1DF7EE17A}
[2010/01/30 00:42:40 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/01/30 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/06/10 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 00:01:59 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/04/20 11:35:29 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 22:26:17 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 00:02:02 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/07/22 13:05:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2008/12/03 08:58:56 | 000,000,523 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\daemon-search.xml
[2010/08/18 22:40:11 | 000,002,197 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\google-search.xml
[2007/04/26 21:26:56 | 000,001,221 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\music-search-plus.xml
[2008/06/05 12:20:50 | 000,001,386 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\nzbindexnl.xml
[2010/09/10 00:19:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/18 22:40:11 | 000,002,197 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google-search.xml
[2010/02/03 18:59:06 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\MyHeritage.xml
O1 HOSTS File: ([2010/09/11 16:38:32 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
O2 - BHO: (Plusmedia uk Toolbar) - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\Jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\TEXTware\QUICKfind\PlugIns\IEHelp.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Plusmedia uk Toolbar) - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Plusmedia uk Toolbar) - {193D7001-BD9F-48C2-B5C7-69775AA2201D} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [lxcymon.exe] C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/09/11 23:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/09/11 16:50:46 | 000,000,000 | ---D | C] -- C:\avz4
[2010/09/11 11:36:57 | 000,000,000 | ---D | C] -- C:\hjt
[2010/09/10 15:44:14 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/10 15:41:21 | 000,000,000 | ---D | C] -- C:\cf
[2010/09/10 15:37:15 | 000,000,000 | ---D | C] -- C:\New folder
[2010/09/10 15:03:38 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/10 15:03:34 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\AAE416E17857DF994CB5852EE8BD7BD9
[2010/09/09 14:58:31 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\hair
[2010/09/08 23:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\proXPN
[2010/09/07 12:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeVPN
[2010/09/03 15:46:13 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Adobe Mini Bridge CS5
[2010/09/03 15:46:12 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/30 19:41:45 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\fltk.org
[2010/08/30 19:41:36 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\paulstretch_win32-2.0
[2010/08/26 10:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2010/08/25 18:42:04 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Redman_-_Reggie_-_2010
[2010/08/23 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/23 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/18 11:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\lx_cats
[2010/08/18 11:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 3400 Series
[2010/08/18 11:57:06 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyinpa.dll
[2010/08/18 11:57:06 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyiesc.dll
[2010/08/18 11:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 3400 Series
[2010/08/18 11:57:05 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyserv.dll
[2010/08/18 11:57:05 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyusb1.dll
[2010/08/18 11:57:05 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypmui.dll
[2010/08/18 11:57:05 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcylmpm.dll
[2010/08/18 11:57:05 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyih.exe
[2010/08/18 11:57:05 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyppls.exe
[2010/08/18 11:57:05 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyprox.dll
[2010/08/18 11:57:05 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypplc.dll
[2010/08/18 11:57:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyhbn3.dll
[2010/08/18 11:57:04 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomc.dll
[2010/08/18 11:57:04 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycoms.exe
[2010/08/18 11:57:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomm.dll
[2010/08/18 11:57:04 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycfg.exe
[2010/08/18 11:57:04 | 000,077,824 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\lxcycfg.dll
[2010/08/18 11:56:56 | 001,417,728 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyserv.dll
[2010/08/18 11:56:56 | 001,099,264 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyusb1.dll
[2010/08/18 11:56:56 | 000,695,808 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycomc.dll
[2010/08/18 11:56:56 | 000,659,456 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyhbn3.dll
[2010/08/18 11:56:56 | 000,566,192 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycoms.exe
[2010/08/18 11:56:56 | 000,487,424 | ---- | C] ( ) -- C:\Windows\SysNative\lxcylmpm.dll
[2010/08/18 11:56:56 | 000,409,600 | ---- | C] ( ) -- C:\Windows\SysNative\lxcypmui.dll
[2010/08/18 11:56:56 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyhcp.dll
[2010/08/18 11:56:56 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycomm.dll
[2010/08/18 11:56:56 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyinpa.dll
[2010/08/18 11:56:56 | 000,235,952 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycfg.exe
[2010/08/18 11:56:56 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyih.exe
[2010/08/18 11:56:56 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyiesc.dll
[2010/08/18 11:56:56 | 000,064,512 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\lxcycfg.dll
[2010/08/18 11:56:56 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyprox.dll
[2010/08/18 11:56:56 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysNative\lxcypplc.dll
[2010/08/18 11:56:41 | 000,000,000 | ---D | C] -- C:\lexmark
[2010/08/01 14:14:52 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\BuildAGadget Content
[2010/07/21 09:12:49 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\NetDrive
[2010/07/21 01:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\MacroData Inc
[2010/07/21 00:35:02 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\ED94F68E3DA3E0F8A902F5D0AE37AC5C
[2010/07/19 21:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam 2.4
[2010/07/19 21:11:27 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\ManyCam
[2010/07/19 21:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010/07/12 16:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Video Converter
[2010/07/09 13:48:33 | 000,000,000 | ---D | C] -- C:\Windows Loader v1.8.3
[2010/07/05 17:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/07/05 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/05 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/07/03 20:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/07/03 20:08:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/03 20:02:58 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Windows Live
[2010/07/03 00:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010/06/25 22:41:30 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Nero
[2010/06/24 23:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plusmedia_uk
[2010/06/24 23:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/06/15 21:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2010/06/15 20:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2010/06/15 20:44:15 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\NeoSmart_Technologies
[2010/06/15 20:44:09 | 000,000,000 | ---D | C] -- C:\Boot
[2010/06/15 20:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoSmart Technologies
[2010/06/15 20:07:15 | 000,000,000 | ---D | C] -- C:\Windows Loader
[2010/06/15 14:26:31 | 000,000,000 | ---D | C] -- C:\hitachi
[2010/06/14 13:43:45 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\StreamTorrent
[2010/06/14 13:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamTorrent 1.0
[2010/06/14 13:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TVU Networks
[2010/06/14 13:41:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVUPlayer
========== Files - Modified Within 90 Days ==========
[2010/09/12 12:17:33 | 000,023,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/12 12:17:33 | 000,023,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/12 12:13:10 | 006,029,312 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT
[2010/09/12 12:12:29 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2010/09/12 12:12:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/12 12:12:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/12 12:12:17 | 3117,015,040 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/12 11:48:14 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-598359188-3929195914-4074301146-1000UA.job
[2010/09/11 18:57:01 | 000,011,264 | ---- | M] () -- C:\Windows\SysWow64\drivers\uziymty5.sys
[2010/09/11 16:38:32 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/09/11 11:36:58 | 000,002,933 | ---- | M] () -- C:\Users\Tom\Desktop\HiJackThis.lnk
[2010/09/09 19:22:32 | 000,036,352 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/09 17:41:49 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/09/09 16:05:09 | 000,239,623 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0235_2.jpg
[2010/09/09 15:49:47 | 001,223,970 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0235.JPG
[2010/09/09 15:32:55 | 000,437,515 | ---- | M] () -- C:\Users\Tom\Desktop\hair_front.jpg
[2010/09/09 15:31:53 | 000,474,944 | ---- | M] () -- C:\Users\Tom\Desktop\hair_side2.jpg
[2010/09/09 15:30:27 | 000,506,710 | ---- | M] () -- C:\Users\Tom\Desktop\hair_side1.jpg
[2010/09/09 15:29:43 | 001,148,662 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0213.JPG
[2010/09/09 15:25:31 | 001,313,169 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0231.JPG
[2010/09/09 15:24:35 | 001,221,183 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0240.JPG
[2010/09/08 23:08:29 | 000,241,507 | ---- | M] () -- C:\Users\Tom\Documents\Stickam Client - All Icons.rar
[2010/09/08 23:06:30 | 000,001,061 | ---- | M] () -- C:\Users\Tom\Desktop\proXPN.lnk
[2010/09/08 23:06:30 | 000,000,501 | ---- | M] () -- C:\Windows\win.ini
[2010/09/08 18:24:54 | 000,000,132 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/09/07 16:59:03 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2010/09/07 12:17:10 | 000,001,015 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeVPN.lnk
[2010/09/07 04:41:00 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-598359188-3929195914-4074301146-1000Core.job
[2010/09/06 21:59:11 | 003,923,248 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0186.MOV
[2010/09/05 01:01:19 | 000,000,132 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/09/02 18:54:41 | 000,001,456 | ---- | M] () -- C:\Users\Tom\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/09/01 15:03:43 | 004,997,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/31 22:26:46 | 000,115,056 | ---- | M] () -- C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/31 17:54:08 | 001,283,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/31 17:54:08 | 000,633,562 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/31 17:54:08 | 000,479,444 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2010/08/31 17:54:08 | 000,113,468 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/31 17:54:08 | 000,087,466 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2010/08/29 20:00:22 | 000,000,050 | ---- | M] () -- C:\Windows\MegaManager.INI
[2010/08/26 10:53:13 | 000,001,305 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.msn
[2010/08/23 15:59:28 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/18 11:57:49 | 000,018,327 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/08/12 18:17:13 | 000,088,730 | ---- | M] () -- C:\Users\Tom\Documents\Tom6.pdf
[2010/08/12 16:47:58 | 000,088,583 | ---- | M] () -- C:\Users\Tom\Documents\Tom5.pdf
[2010/08/12 12:12:28 | 000,088,560 | ---- | M] () -- C:\Users\Tom\Documents\Tom4.pdf
[2010/08/12 12:10:55 | 000,088,511 | ---- | M] () -- C:\Users\Tom\Documents\Tom3.pdf
[2010/07/25 01:46:21 | 000,045,389 | ---- | M] () -- C:\Users\Tom\Documents\Untitled.wma
[2010/07/19 21:11:47 | 000,001,929 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam 2.4.lnk
[2010/07/12 16:37:31 | 000,001,008 | ---- | M] () -- C:\Users\Tom\Desktop\Total Video Converter.lnk
[2010/07/12 16:37:31 | 000,001,001 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk
[2010/07/09 13:49:46 | 000,331,521 | RHS- | M] () -- C:\KMWIU
[2010/07/09 13:49:46 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2010/06/25 16:32:58 | 000,001,173 | ---- | M] () -- C:\Users\Tom\Desktop\IETester.lnk
[2010/06/15 22:56:28 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010/06/15 22:56:28 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/06/15 22:56:28 | 000,065,536 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TM.blf
========== Files Created - No Company Name ==========
[2010/09/11 18:55:40 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\drivers\uziymty5.sys
[2010/09/11 11:36:58 | 000,002,933 | ---- | C] () -- C:\Users\Tom\Desktop\HiJackThis.lnk
[2010/09/09 16:05:09 | 000,239,623 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0235_2.jpg
[2010/09/09 15:49:54 | 001,223,970 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0235.JPG
[2010/09/09 15:31:52 | 000,474,944 | ---- | C] () -- C:\Users\Tom\Desktop\hair_side2.jpg
[2010/09/09 15:30:25 | 000,506,710 | ---- | C] () -- C:\Users\Tom\Desktop\hair_side1.jpg
[2010/09/09 15:29:26 | 000,437,515 | ---- | C] () -- C:\Users\Tom\Desktop\hair_front.jpg
[2010/09/09 15:27:23 | 001,148,662 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0213.JPG
[2010/09/09 15:25:22 | 001,313,169 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0231.JPG
[2010/09/09 15:24:23 | 001,221,183 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0240.JPG
[2010/09/08 23:08:10 | 000,241,507 | ---- | C] () -- C:\Users\Tom\Documents\Stickam Client - All Icons.rar
[2010/09/08 23:06:30 | 000,001,061 | ---- | C] () -- C:\Users\Tom\Desktop\proXPN.lnk
[2010/09/07 16:57:17 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2010/09/07 12:17:10 | 000,001,015 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeVPN.lnk
[2010/09/06 22:34:03 | 003,923,248 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0186.MOV
[2010/08/29 20:00:22 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2010/08/23 15:59:28 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/18 11:57:06 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcycomx.dll
[2010/08/18 11:57:06 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcyinst.dll
[2010/08/18 11:57:05 | 000,581,173 | ---- | C] () -- C:\Windows\SysWow64\lxcyhelp.chm
[2010/08/18 11:57:04 | 000,001,834 | ---- | C] () -- C:\Windows\SysWow64\lxcy.loc
[2010/08/18 11:56:56 | 000,581,173 | ---- | C] () -- C:\Windows\SysNative\lxcyhelp.chm
[2010/08/18 11:56:56 | 000,194,048 | ---- | C] () -- C:\Windows\SysNative\lxcyinst.dll
[2010/08/18 11:56:56 | 000,018,327 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/08/18 11:56:56 | 000,001,834 | ---- | C] () -- C:\Windows\SysNative\lxcy.loc
[2010/08/12 18:17:13 | 000,088,730 | ---- | C] () -- C:\Users\Tom\Documents\Tom6.pdf
[2010/08/12 16:47:53 | 000,088,583 | ---- | C] () -- C:\Users\Tom\Documents\Tom5.pdf
[2010/08/12 12:12:25 | 000,088,560 | ---- | C] () -- C:\Users\Tom\Documents\Tom4.pdf
[2010/08/12 12:10:49 | 000,088,511 | ---- | C] () -- C:\Users\Tom\Documents\Tom3.pdf
[2010/07/25 01:46:21 | 000,045,389 | ---- | C] () -- C:\Users\Tom\Documents\Untitled.wma
[2010/07/19 21:11:47 | 000,001,929 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam 2.4.lnk
[2010/07/12 16:37:31 | 000,001,008 | ---- | C] () -- C:\Users\Tom\Desktop\Total Video Converter.lnk
[2010/07/12 16:37:31 | 000,001,001 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk
[2010/07/09 13:49:46 | 000,331,521 | RHS- | C] () -- C:\KMWIU
[2010/07/09 13:49:46 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2010/06/15 22:50:26 | 000,524,288 | -HS- | C] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010/06/15 22:50:26 | 000,524,288 | -HS- | C] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/06/15 22:50:26 | 000,065,536 | -HS- | C] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TM.blf
[2010/06/15 20:44:09 | 000,383,562 | ---- | C] () -- C:\bootmgr
[2010/06/15 14:27:39 | 000,102,400 | ---- | C] () -- C:\Windows\SysNative\ScsiOat.dll
[2010/06/08 16:31:10 | 000,001,456 | ---- | C] () -- C:\Users\Tom\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/06/06 22:18:24 | 000,000,601 | ---- | C] () -- C:\ProgramData\LmeUSB.log
[2010/06/06 22:18:24 | 000,000,600 | ---- | C] () -- C:\ProgramData\LSDmbTH.log
[2010/06/06 22:09:44 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll
[2010/06/06 20:58:58 | 000,000,600 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\PUTTY.RND
[2010/06/06 20:50:12 | 000,000,600 | ---- | C] () -- C:\Users\Tom\AppData\Local\PUTTY.RND
[2010/05/02 18:15:20 | 000,000,132 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/02 18:10:37 | 000,000,132 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/04/21 14:26:24 | 000,260,608 | ---- | C] () -- C:\Windows\SysWow64\TWAVBX32.DLL
[2010/04/21 14:26:23 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ILXTBS.DLL
[2010/04/18 12:07:03 | 000,000,017 | ---- | C] () -- C:\Users\Tom\AppData\Local\resmon.resmoncfg
[2010/04/18 11:55:44 | 000,003,235 | ---- | C] () -- C:\Users\Tom\AppData\Local\Temp19.html
[2010/04/18 11:55:33 | 000,000,778 | ---- | C] () -- C:\Users\Tom\AppData\Local\Temp1.html
[2010/04/06 18:54:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/04/02 15:21:07 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/03/24 21:48:22 | 000,000,609 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\AutoGK.ini
[2010/02/23 10:53:55 | 000,000,052 | ---- | C] () -- C:\Windows\SysWow64\windriver32.ini
[2010/02/19 10:31:32 | 000,036,352 | ---- | C] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/09 09:22:52 | 000,001,037 | ---- | C] () -- C:\Users\Tom\AppData\Local\Account.atomsvc
[2010/02/08 17:27:03 | 000,000,600 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\winscp.rnd
[2010/02/05 19:53:25 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/02/05 19:53:25 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/01/31 15:00:29 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/01/30 00:50:45 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\blackra1n.log
[2010/01/30 00:48:40 | 000,608,256 | ---- | C] () -- C:\Program Files (x86)\blackra1n.exe
[2010/01/30 00:01:01 | 000,740,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/20 19:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005/11/11 17:39:00 | 000,001,620 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2003/11/25 17:05:20 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\UNLHA32.DLL
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[1998/01/15 14:46:22 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\OatLHA.DLL
========== LOP Check ==========
[2010/03/31 17:28:16 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\.purple
[2010/09/11 23:56:21 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\AAE416E17857DF994CB5852EE8BD7BD9
[2010/09/08 19:39:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Audacity
[2010/02/08 23:14:41 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Bioshock2
[2010/01/31 15:00:37 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\BITS
[2010/05/02 18:03:00 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/30 00:24:34 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DAEMON Tools Lite
[2010/08/31 16:19:35 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ED94F68E3DA3E0F8A902F5D0AE37AC5C
[2010/01/31 23:33:34 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\FlashFXP
[2010/02/01 12:54:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\FlashGet
[2010/01/31 15:00:14 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\FlashGetBHO
[2010/08/30 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\fltk.org
[2010/04/05 19:55:53 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\GrabPro
[2010/01/30 00:33:28 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\gtopala
[2010/01/31 16:28:35 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Leadertech
[2010/07/19 21:33:09 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ManyCam
[2010/03/30 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Megaupload
[2010/05/14 12:57:20 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\MySQL
[2010/07/21 20:23:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\NetDrive
[2010/02/23 14:28:46 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\NewsLeecher
[2010/06/02 23:15:23 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Orbit
[2010/02/01 18:09:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Songbird2
[2010/06/10 19:22:04 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Spotify
[2010/09/03 15:46:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/14 13:43:45 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\StreamTorrent
[2010/02/21 16:13:47 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\SystemRequirementsLab
[2010/04/10 22:54:43 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TeamViewer
[2010/09/12 12:13:44 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\uTorrent
[2010/04/10 20:26:29 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Vivox
[2010/06/07 19:09:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\WinAVI
[2010/05/11 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\WinFF
[2010/06/03 09:18:27 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Xilisoft Corporation
[2010/03/09 13:53:56 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Youtube Downloader HD
[2010/07/23 14:09:03 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
#22
Posted 12 September 2010 - 05:33 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Could you now reboot and let me know if the loop has ceased
Run OTL
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
#23
Posted 12 September 2010 - 05:38 AM
Datastream
- Topic Starter
-
- Member
-
- 20 posts
Member
A window from malwarebytes antimalware just opened up again - c:\windows\temp\nod1.tmp (spyware.onlinegames) so i chose to qurantine.
#24
Posted 12 September 2010 - 05:42 AM
Datastream
- Topic Starter
-
- Member
-
- 20 posts
Member
OTL finished scanning, explorer is still crashing and looping.
#25
Posted 12 September 2010 - 06:18 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Could you run another OTL for me please
#26
Posted 12 September 2010 - 06:34 AM
Datastream
- Topic Starter
-
- Member
-
- 20 posts
Member
Is it possible that the malware is still undetectable.
or could this have just corrupted system files?
zOTL logfile created on: 12/09/2010 13:26:22 - Run 3
OTL by OldTimer - Version 3.2.11.0 Folder = K:\
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 136.15 Gb Free Space | 45.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 3.74 Gb Total Space | 3.47 Gb Free Space | 92.87% Space Free | Partition Type: FAT32
Computer Name: YTD2
Current User Name: Tom
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/10 16:58:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
PRC - [2010/09/09 02:20:00 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/25 19:39:36 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2010/03/18 10:29:50 | 005,140,264 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/03/18 10:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/01/30 00:00:08 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/01/22 23:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/01/22 23:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/01/22 23:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010/01/22 22:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/12/31 00:24:34 | 000,703,488 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/08/29 07:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/05/14 16:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/04/17 21:59:38 | 000,428,592 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
PRC - [2009/04/17 21:42:56 | 000,428,592 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
PRC - [2007/07/17 15:48:16 | 000,180,224 | ---- | M] () -- C:\Windows\SysWOW64\WinService.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
========== Modules (SafeList) ==========
MOD - [2010/09/10 16:58:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnat.exe -- (VMware NAT Service)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnetdhcp.exe -- (VMnetDHCP)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010/06/29 09:23:28 | 002,730,496 | ---- | M] (MacroData Inc.) [Auto | Running] -- C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe -- (ndsvc)
SRV:64bit: - [2010/02/03 05:17:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/01 13:39:22 | 000,051,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/31 16:33:22 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 02:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 02:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/05/14 16:54:26 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/05/14 16:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2006/11/29 12:57:36 | 000,566,192 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxcycoms.exe -- (lxcy_device)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/25 19:39:36 | 000,068,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/03/18 10:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/01 13:29:30 | 000,326,792 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/01/31 16:31:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/30 00:00:08 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/01/22 23:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/01/22 23:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/01/22 23:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/01/22 22:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/01/19 00:08:44 | 000,856,064 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Tom\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/12/31 00:24:34 | 000,703,488 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2009/10/20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/09/28 20:35:04 | 000,120,640 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2009/06/17 12:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/04/17 21:59:38 | 000,428,592 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -- (vmware-converter-server)
SRV - [2009/04/17 21:42:56 | 000,428,592 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe -- (vmware-converter-agent)
SRV - [2008/12/10 02:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/08/11 13:40:58 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2007/07/17 15:48:16 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\WinService.exe -- (SCM_Service)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/29 12:57:20 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysWow64\lxcycoms.exe -- (lxcy_device)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\uziymty5.sys -- (uziymty5)
DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/04/23 01:57:00 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/26 20:07:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/03/23 12:37:08 | 000,012,096 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv2.sys -- (mv2)
DRV:64bit: - [2010/02/03 05:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/03 04:23:58 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/01 13:39:23 | 000,010,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2010/01/29 23:31:06 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/28 15:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/22 23:14:36 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/01/22 23:14:34 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/01/22 23:14:30 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/01/22 23:14:30 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/01/22 22:00:44 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/01/22 18:13:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010/01/22 18:12:58 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/01/22 18:12:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/11/23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/09 18:12:42 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2009/10/20 19:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/28 20:35:32 | 000,087,384 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 02:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 02:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 00:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 00:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 17:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009/06/17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 17:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 16:49:56 | 000,121,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/05/14 16:47:16 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/05/14 16:41:14 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/04/30 23:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2009/03/27 02:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/08/11 13:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/08/11 13:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2008/07/26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/03/13 08:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008/02/06 04:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/12/26 10:46:26 | 000,340,992 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v2.sys -- (RTL8187)
DRV:64bit: - [2007/01/19 03:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2010/09/11 18:57:01 | 000,011,264 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\uziymty5.sys -- (uziymty5)
DRV - [2009/12/23 12:03:22 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/10/12 15:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/04/17 21:42:56 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\bmdrvr.sys -- (bmdrvr)
DRV - [2009/04/17 21:42:48 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys -- (vstor2-mntapi10)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2008/08/11 13:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2004/05/05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\PQNTDRV.sys -- (PQNTDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\URLSearchHook: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://shop.thefreevpn.com/home.php
IE - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 9A CC 05 B8 A2 CA 01 [binary data]
IE - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\..\URLSearchHook: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files (x86)\Celebrity Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://slumz.boxden....-1&prefixid=h7l | http://www.2dopeboyz.com | http://www.torrentleech.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071300000040
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.10
FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:2.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.42
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {cd617372-6743-4ee4-bac4-fbf60f35719e}:1.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.7.1.11048
FF - prefs.js..keyword.URL: "http://www.afodo.com...ls=twSUezfG&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: ""
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: ""
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/07 23:39:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/31 17:22:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/19 22:54:55 | 000,000,000 | ---D | M]
[2010/04/10 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2010/04/10 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/02/01 18:09:44 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/09/10 00:19:40 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{1483B687-8B6E-4bca-B85D-3CB02696DFC6}
[2010/06/24 23:49:09 | 000,000,000 | ---D | M] (Plusmedia uk Toolbar) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}
[2010/02/01 00:02:04 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/01 00:02:04 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 11:47:29 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/03/30 16:22:58 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010/02/01 00:02:05 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Live PageRank) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{8061ddcf-3632-4287-8d8a-133e219ae838}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (OperaView) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{87f54a61-c9b3-4138-a38a-33c31770bb9e}
[2010/02/01 00:02:05 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/02/01 00:02:05 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/02/01 00:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010/02/01 00:02:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
[2010/02/01 00:02:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/10 22:01:51 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/02/01 00:02:13 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/30 00:42:40 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/01/30 00:42:40 | 000,000,000 | ---D | M] (Autofill) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{F35B2DA4-CECE-D4E8-0BAD-CCD1DF7EE17A}
[2010/01/30 00:42:40 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/01/30 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/06/10 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 00:01:59 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/04/20 11:35:29 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 22:26:17 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 00:02:02 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/07/22 13:05:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2008/12/03 08:58:56 | 000,000,523 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\daemon-search.xml
[2010/08/18 22:40:11 | 000,002,197 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\google-search.xml
[2007/04/26 21:26:56 | 000,001,221 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\music-search-plus.xml
[2008/06/05 12:20:50 | 000,001,386 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\nzbindexnl.xml
[2010/09/10 00:19:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/18 22:40:11 | 000,002,197 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google-search.xml
[2010/02/03 18:59:06 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\MyHeritage.xml
O1 HOSTS File: ([2010/09/11 16:38:32 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
O2 - BHO: (Plusmedia uk Toolbar) - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\Jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\TEXTware\QUICKfind\PlugIns\IEHelp.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Plusmedia uk Toolbar) - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\..\Toolbar\WebBrowser: (Plusmedia uk Toolbar) - {193D7001-BD9F-48C2-B5C7-69775AA2201D} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [lxcymon.exe] C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/09/11 23:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/09/11 16:50:46 | 000,000,000 | ---D | C] -- C:\avz4
[2010/09/11 11:36:57 | 000,000,000 | ---D | C] -- C:\hjt
[2010/09/10 15:44:14 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/10 15:41:21 | 000,000,000 | ---D | C] -- C:\cf
[2010/09/10 15:37:15 | 000,000,000 | ---D | C] -- C:\New folder
[2010/09/10 15:03:38 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/10 15:03:34 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\AAE416E17857DF994CB5852EE8BD7BD9
[2010/09/09 14:58:31 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\hair
[2010/09/08 23:08:52 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Stickam Client - All Icons
[2010/09/08 23:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\proXPN
[2010/09/07 12:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeVPN
[2010/09/03 15:46:13 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Adobe Mini Bridge CS5
[2010/09/03 15:46:12 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/30 19:41:45 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\fltk.org
[2010/08/30 19:41:36 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\paulstretch_win32-2.0
[2010/08/26 10:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2010/08/25 18:42:04 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Redman_-_Reggie_-_2010
[2010/08/23 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/23 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/18 11:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\lx_cats
[2010/08/18 11:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 3400 Series
[2010/08/18 11:57:06 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyinpa.dll
[2010/08/18 11:57:06 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyiesc.dll
[2010/08/18 11:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 3400 Series
[2010/08/18 11:57:05 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyserv.dll
[2010/08/18 11:57:05 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyusb1.dll
[2010/08/18 11:57:05 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypmui.dll
[2010/08/18 11:57:05 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcylmpm.dll
[2010/08/18 11:57:05 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyih.exe
[2010/08/18 11:57:05 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyppls.exe
[2010/08/18 11:57:05 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyprox.dll
[2010/08/18 11:57:05 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypplc.dll
[2010/08/18 11:57:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyhbn3.dll
[2010/08/18 11:57:04 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomc.dll
[2010/08/18 11:57:04 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycoms.exe
[2010/08/18 11:57:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomm.dll
[2010/08/18 11:57:04 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycfg.exe
[2010/08/18 11:57:04 | 000,077,824 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\lxcycfg.dll
[2010/08/18 11:56:56 | 001,417,728 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyserv.dll
[2010/08/18 11:56:56 | 001,099,264 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyusb1.dll
[2010/08/18 11:56:56 | 000,695,808 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycomc.dll
[2010/08/18 11:56:56 | 000,659,456 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyhbn3.dll
[2010/08/18 11:56:56 | 000,566,192 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycoms.exe
[2010/08/18 11:56:56 | 000,487,424 | ---- | C] ( ) -- C:\Windows\SysNative\lxcylmpm.dll
[2010/08/18 11:56:56 | 000,409,600 | ---- | C] ( ) -- C:\Windows\SysNative\lxcypmui.dll
[2010/08/18 11:56:56 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyhcp.dll
[2010/08/18 11:56:56 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycomm.dll
[2010/08/18 11:56:56 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyinpa.dll
[2010/08/18 11:56:56 | 000,235,952 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycfg.exe
[2010/08/18 11:56:56 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyih.exe
[2010/08/18 11:56:56 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyiesc.dll
[2010/08/18 11:56:56 | 000,064,512 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\lxcycfg.dll
[2010/08/18 11:56:56 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyprox.dll
[2010/08/18 11:56:56 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysNative\lxcypplc.dll
[2010/08/18 11:56:41 | 000,000,000 | ---D | C] -- C:\lexmark
[2010/08/01 14:14:52 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\BuildAGadget Content
[2010/07/21 09:12:49 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\NetDrive
[2010/07/21 01:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\MacroData Inc
[2010/07/21 00:35:02 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\ED94F68E3DA3E0F8A902F5D0AE37AC5C
[2010/07/19 21:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam 2.4
[2010/07/19 21:11:27 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\ManyCam
[2010/07/19 21:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010/07/12 16:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Video Converter
[2010/07/09 13:48:33 | 000,000,000 | ---D | C] -- C:\Windows Loader v1.8.3
[2010/07/05 17:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/07/05 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/05 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/07/03 20:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/07/03 20:08:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/03 20:02:58 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Windows Live
[2010/07/03 00:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010/06/25 22:41:30 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Nero
[2010/06/24 23:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plusmedia_uk
[2010/06/24 23:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/06/15 21:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2010/06/15 20:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2010/06/15 20:44:15 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\NeoSmart_Technologies
[2010/06/15 20:44:09 | 000,000,000 | ---D | C] -- C:\Boot
[2010/06/15 20:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoSmart Technologies
[2010/06/15 20:07:15 | 000,000,000 | ---D | C] -- C:\Windows Loader
[2010/06/15 14:26:31 | 000,000,000 | ---D | C] -- C:\hitachi
[2010/06/14 13:43:45 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\StreamTorrent
[2010/06/14 13:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamTorrent 1.0
[2010/06/14 13:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TVU Networks
[2010/06/14 13:41:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVUPlayer
========== Files - Modified Within 90 Days ==========
[2010/09/12 13:28:46 | 006,029,312 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT
[2010/09/12 12:46:50 | 000,023,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/12 12:46:50 | 000,023,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/12 12:41:47 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2010/09/12 12:41:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/12 12:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/12 12:41:34 | 3117,015,040 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/12 12:41:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-598359188-3929195914-4074301146-1000UA.job
[2010/09/11 18:57:01 | 000,011,264 | ---- | M] () -- C:\Windows\SysWow64\drivers\uziymty5.sys
[2010/09/11 16:38:32 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/09/11 11:36:58 | 000,002,933 | ---- | M] () -- C:\Users\Tom\Desktop\HiJackThis.lnk
[2010/09/09 19:22:32 | 000,036,352 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/09 17:41:49 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/09/09 16:05:09 | 000,239,623 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0235_2.jpg
[2010/09/09 15:49:47 | 001,223,970 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0235.JPG
[2010/09/09 15:32:55 | 000,437,515 | ---- | M] () -- C:\Users\Tom\Desktop\hair_front.jpg
[2010/09/09 15:31:53 | 000,474,944 | ---- | M] () -- C:\Users\Tom\Desktop\hair_side2.jpg
[2010/09/09 15:30:27 | 000,506,710 | ---- | M] () -- C:\Users\Tom\Desktop\hair_side1.jpg
[2010/09/09 15:29:43 | 001,148,662 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0213.JPG
[2010/09/09 15:25:31 | 001,313,169 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0231.JPG
[2010/09/09 15:24:35 | 001,221,183 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0240.JPG
[2010/09/08 23:08:29 | 000,241,507 | ---- | M] () -- C:\Users\Tom\Documents\Stickam Client - All Icons.rar
[2010/09/08 23:06:30 | 000,001,061 | ---- | M] () -- C:\Users\Tom\Desktop\proXPN.lnk
[2010/09/08 23:06:30 | 000,000,501 | ---- | M] () -- C:\Windows\win.ini
[2010/09/08 18:24:54 | 000,000,132 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/09/07 16:59:03 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2010/09/07 12:17:10 | 000,001,015 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeVPN.lnk
[2010/09/07 04:41:00 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-598359188-3929195914-4074301146-1000Core.job
[2010/09/06 21:59:11 | 003,923,248 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0186.MOV
[2010/09/05 01:01:19 | 000,000,132 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/09/02 18:54:41 | 000,001,456 | ---- | M] () -- C:\Users\Tom\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/09/01 15:03:43 | 004,997,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/31 22:26:46 | 000,115,056 | ---- | M] () -- C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/31 17:54:08 | 001,283,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/31 17:54:08 | 000,633,562 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/31 17:54:08 | 000,479,444 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2010/08/31 17:54:08 | 000,113,468 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/31 17:54:08 | 000,087,466 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2010/08/29 20:00:22 | 000,000,050 | ---- | M] () -- C:\Windows\MegaManager.INI
[2010/08/26 10:53:13 | 000,001,305 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.msn
[2010/08/23 15:59:28 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/18 11:57:49 | 000,018,327 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/08/12 18:17:13 | 000,088,730 | ---- | M] () -- C:\Users\Tom\Documents\Tom6.pdf
[2010/08/12 16:47:58 | 000,088,583 | ---- | M] () -- C:\Users\Tom\Documents\Tom5.pdf
[2010/08/12 12:12:28 | 000,088,560 | ---- | M] () -- C:\Users\Tom\Documents\Tom4.pdf
[2010/08/12 12:10:55 | 000,088,511 | ---- | M] () -- C:\Users\Tom\Documents\Tom3.pdf
[2010/07/25 01:46:21 | 000,045,389 | ---- | M] () -- C:\Users\Tom\Documents\Untitled.wma
[2010/07/19 21:11:47 | 000,001,929 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam 2.4.lnk
[2010/07/12 16:37:31 | 000,001,008 | ---- | M] () -- C:\Users\Tom\Desktop\Total Video Converter.lnk
[2010/07/12 16:37:31 | 000,001,001 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk
[2010/07/09 13:49:46 | 000,331,521 | RHS- | M] () -- C:\KMWIU
[2010/07/09 13:49:46 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2010/07/05 17:10:38 | 000,002,515 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/30 20:37:28 | 008,144,532 | ---- | M] () -- C:\Users\Tom\Documents\ICE_CUBE-DRINK_THE_KOOLAID_@_PAIDDUES2010_(HQ).mp4
[2010/06/25 16:32:58 | 000,001,173 | ---- | M] () -- C:\Users\Tom\Desktop\IETester.lnk
[2010/06/15 22:56:28 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010/06/15 22:56:28 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/06/15 22:56:28 | 000,065,536 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TM.blf
========== Files Created - No Company Name ==========
[2010/09/11 18:55:40 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\drivers\uziymty5.sys
[2010/09/11 11:36:58 | 000,002,933 | ---- | C] () -- C:\Users\Tom\Desktop\HiJackThis.lnk
[2010/09/09 16:05:09 | 000,239,623 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0235_2.jpg
[2010/09/09 15:49:54 | 001,223,970 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0235.JPG
[2010/09/09 15:31:52 | 000,474,944 | ---- | C] () -- C:\Users\Tom\Desktop\hair_side2.jpg
[2010/09/09 15:30:25 | 000,506,710 | ---- | C] () -- C:\Users\Tom\Desktop\hair_side1.jpg
[2010/09/09 15:29:26 | 000,437,515 | ---- | C] () -- C:\Users\Tom\Desktop\hair_front.jpg
[2010/09/09 15:27:23 | 001,148,662 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0213.JPG
[2010/09/09 15:25:22 | 001,313,169 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0231.JPG
[2010/09/09 15:24:23 | 001,221,183 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0240.JPG
[2010/09/08 23:08:10 | 000,241,507 | ---- | C] () -- C:\Users\Tom\Documents\Stickam Client - All Icons.rar
[2010/09/08 23:06:30 | 000,001,061 | ---- | C] () -- C:\Users\Tom\Desktop\proXPN.lnk
[2010/09/07 16:57:17 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2010/09/07 12:17:10 | 000,001,015 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeVPN.lnk
[2010/09/06 22:34:03 | 003,923,248 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0186.MOV
[2010/08/29 20:00:22 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2010/08/23 15:59:28 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/18 11:57:06 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcycomx.dll
[2010/08/18 11:57:06 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcyinst.dll
[2010/08/18 11:57:05 | 000,581,173 | ---- | C] () -- C:\Windows\SysWow64\lxcyhelp.chm
[2010/08/18 11:57:04 | 000,001,834 | ---- | C] () -- C:\Windows\SysWow64\lxcy.loc
[2010/08/18 11:56:56 | 000,581,173 | ---- | C] () -- C:\Windows\SysNative\lxcyhelp.chm
[2010/08/18 11:56:56 | 000,194,048 | ---- | C] () -- C:\Windows\SysNative\lxcyinst.dll
[2010/08/18 11:56:56 | 000,018,327 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/08/18 11:56:56 | 000,001,834 | ---- | C] () -- C:\Windows\SysNative\lxcy.loc
[2010/08/12 18:17:13 | 000,088,730 | ---- | C] () -- C:\Users\Tom\Documents\Tom6.pdf
[2010/08/12 16:47:53 | 000,088,583 | ---- | C] () -- C:\Users\Tom\Documents\Tom5.pdf
[2010/08/12 12:12:25 | 000,088,560 | ---- | C] () -- C:\Users\Tom\Documents\Tom4.pdf
[2010/08/12 12:10:49 | 000,088,511 | ---- | C] () -- C:\Users\Tom\Documents\Tom3.pdf
[2010/07/25 01:46:21 | 000,045,389 | ---- | C] () -- C:\Users\Tom\Documents\Untitled.wma
[2010/07/19 21:11:47 | 000,001,929 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam 2.4.lnk
[2010/07/12 16:37:31 | 000,001,008 | ---- | C] () -- C:\Users\Tom\Desktop\Total Video Converter.lnk
[2010/07/12 16:37:31 | 000,001,001 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk
[2010/07/09 13:49:46 | 000,331,521 | RHS- | C] () -- C:\KMWIU
[2010/07/09 13:49:46 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2010/06/30 20:36:16 | 008,144,532 | ---- | C] () -- C:\Users\Tom\Documents\ICE_CUBE-DRINK_THE_KOOLAID_@_PAIDDUES2010_(HQ).mp4
[2010/06/15 22:50:26 | 000,524,288 | -HS- | C] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010/06/15 22:50:26 | 000,524,288 | -HS- | C] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/06/15 22:50:26 | 000,065,536 | -HS- | C] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TM.blf
[2010/06/15 20:44:09 | 000,383,562 | ---- | C] () -- C:\bootmgr
[2010/06/15 14:27:39 | 000,102,400 | ---- | C] () -- C:\Windows\SysNative\ScsiOat.dll
[2010/06/08 16:31:10 | 000,001,456 | ---- | C] () -- C:\Users\Tom\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/06/06 22:18:24 | 000,000,601 | ---- | C] () -- C:\ProgramData\LmeUSB.log
[2010/06/06 22:18:24 | 000,000,600 | ---- | C] () -- C:\ProgramData\LSDmbTH.log
[2010/06/06 22:09:44 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll
[2010/06/06 20:58:58 | 000,000,600 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\PUTTY.RND
[2010/06/06 20:50:12 | 000,000,600 | ---- | C] () -- C:\Users\Tom\AppData\Local\PUTTY.RND
[2010/05/02 18:15:20 | 000,000,132 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/02 18:10:37 | 000,000,132 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/04/21 14:26:24 | 000,260,608 | ---- | C] () -- C:\Windows\SysWow64\TWAVBX32.DLL
[2010/04/21 14:26:23 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ILXTBS.DLL
[2010/04/18 12:07:03 | 000,000,017 | ---- | C] () -- C:\Users\Tom\AppData\Local\resmon.resmoncfg
[2010/04/18 11:55:44 | 000,003,235 | ---- | C] () -- C:\Users\Tom\AppData\Local\Temp19.html
[2010/04/18 11:55:33 | 000,000,778 | ---- | C] () -- C:\Users\Tom\AppData\Local\Temp1.html
[2010/04/06 18:54:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/04/02 15:21:07 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/03/24 21:48:22 | 000,000,609 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\AutoGK.ini
[2010/02/23 10:53:55 | 000,000,052 | ---- | C] () -- C:\Windows\SysWow64\windriver32.ini
[2010/02/19 10:31:32 | 000,036,352 | ---- | C] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/09 09:22:52 | 000,001,037 | ---- | C] () -- C:\Users\Tom\AppData\Local\Account.atomsvc
[2010/02/08 17:27:03 | 000,000,600 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\winscp.rnd
[2010/02/05 19:53:25 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/02/05 19:53:25 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/01/31 15:00:29 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/01/30 00:50:45 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\blackra1n.log
[2010/01/30 00:48:40 | 000,608,256 | ---- | C] () -- C:\Program Files (x86)\blackra1n.exe
[2010/01/30 00:01:01 | 000,740,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/20 19:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005/11/11 17:39:00 | 000,001,620 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2003/11/25 17:05:20 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\UNLHA32.DLL
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[1998/01/15 14:46:22 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\OatLHA.DLL
========== LOP Check ==========
[2010/03/31 17:28:16 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\.purple
[2010/09/11 23:56:21 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\AAE416E17857DF994CB5852EE8BD7BD9
[2010/09/08 19:39:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Audacity
[2010/02/08 23:14:41 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Bioshock2
[2010/01/31 15:00:37 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\BITS
[2010/05/02 18:03:00 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/30 00:24:34 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DAEMON Tools Lite
[2010/08/31 16:19:35 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ED94F68E3DA3E0F8A902F5D0AE37AC5C
[2010/01/31 23:33:34 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\FlashFXP
[2010/02/01 12:54:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\FlashGet
[2010/01/31 15:00:14 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\FlashGetBHO
[2010/08/30 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\fltk.org
[2010/04/05 19:55:53 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\GrabPro
[2010/01/30 00:33:28 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\gtopala
[2010/01/31 16:28:35 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Leadertech
[2010/07/19 21:33:09 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ManyCam
[2010/03/30 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Megaupload
[2010/05/14 12:57:20 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\MySQL
[2010/07/21 20:23:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\NetDrive
[2010/02/23 14:28:46 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\NewsLeecher
[2010/06/02 23:15:23 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Orbit
[2010/02/01 18:09:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Songbird2
[2010/06/10 19:22:04 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Spotify
[2010/09/03 15:46:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/14 13:43:45 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\StreamTorrent
[2010/02/21 16:13:47 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\SystemRequirementsLab
[2010/04/10 22:54:43 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TeamViewer
[2010/09/12 13:23:00 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\uTorrent
[2010/04/10 20:26:29 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Vivox
[2010/06/07 19:09:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\WinAVI
[2010/05/11 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\WinFF
[2010/06/03 09:18:27 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Xilisoft Corporation
[2010/03/09 13:53:56 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Youtube Downloader HD
[2010/07/23 14:09:03 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
or could this have just corrupted system files?
zOTL logfile created on: 12/09/2010 13:26:22 - Run 3
OTL by OldTimer - Version 3.2.11.0 Folder = K:\
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 136.15 Gb Free Space | 45.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 3.74 Gb Total Space | 3.47 Gb Free Space | 92.87% Space Free | Partition Type: FAT32
Computer Name: YTD2
Current User Name: Tom
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/10 16:58:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
PRC - [2010/09/09 02:20:00 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/25 19:39:36 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2010/03/18 10:29:50 | 005,140,264 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/03/18 10:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/01/30 00:00:08 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/01/22 23:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/01/22 23:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/01/22 23:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010/01/22 22:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/12/31 00:24:34 | 000,703,488 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/08/29 07:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/05/14 16:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/04/17 21:59:38 | 000,428,592 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
PRC - [2009/04/17 21:42:56 | 000,428,592 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
PRC - [2007/07/17 15:48:16 | 000,180,224 | ---- | M] () -- C:\Windows\SysWOW64\WinService.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
========== Modules (SafeList) ==========
MOD - [2010/09/10 16:58:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnat.exe -- (VMware NAT Service)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnetdhcp.exe -- (VMnetDHCP)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010/06/29 09:23:28 | 002,730,496 | ---- | M] (MacroData Inc.) [Auto | Running] -- C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe -- (ndsvc)
SRV:64bit: - [2010/02/03 05:17:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/01 13:39:22 | 000,051,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/31 16:33:22 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 02:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 02:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/05/14 16:54:26 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/05/14 16:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2006/11/29 12:57:36 | 000,566,192 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxcycoms.exe -- (lxcy_device)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/25 19:39:36 | 000,068,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/03/18 10:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/01 13:29:30 | 000,326,792 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/01/31 16:31:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/30 00:00:08 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/01/22 23:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/01/22 23:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/01/22 23:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/01/22 22:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/01/19 00:08:44 | 000,856,064 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Tom\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/12/31 00:24:34 | 000,703,488 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2009/10/20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/10/12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/09/28 20:35:04 | 000,120,640 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2009/06/17 12:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/04/17 21:59:38 | 000,428,592 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -- (vmware-converter-server)
SRV - [2009/04/17 21:42:56 | 000,428,592 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe -- (vmware-converter-agent)
SRV - [2008/12/10 02:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/08/11 13:40:58 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2007/07/17 15:48:16 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\WinService.exe -- (SCM_Service)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/29 12:57:20 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysWow64\lxcycoms.exe -- (lxcy_device)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\uziymty5.sys -- (uziymty5)
DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/04/23 01:57:00 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/26 20:07:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/03/23 12:37:08 | 000,012,096 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv2.sys -- (mv2)
DRV:64bit: - [2010/02/03 05:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/03 04:23:58 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/01 13:39:23 | 000,010,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2010/01/29 23:31:06 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/28 15:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/22 23:14:36 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/01/22 23:14:34 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/01/22 23:14:30 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/01/22 23:14:30 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/01/22 22:00:44 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/01/22 18:13:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010/01/22 18:12:58 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/01/22 18:12:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/11/23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/09 18:12:42 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2009/10/20 19:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/28 20:35:32 | 000,087,384 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 02:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 02:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 00:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 00:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 17:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009/06/17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 17:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 16:49:56 | 000,121,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/05/14 16:47:16 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/05/14 16:41:14 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/04/30 23:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2009/03/27 02:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/08/11 13:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/08/11 13:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2008/07/26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/03/13 08:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008/02/06 04:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/12/26 10:46:26 | 000,340,992 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v2.sys -- (RTL8187)
DRV:64bit: - [2007/01/19 03:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2010/09/11 18:57:01 | 000,011,264 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\uziymty5.sys -- (uziymty5)
DRV - [2009/12/23 12:03:22 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/10/12 15:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/04/17 21:42:56 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\bmdrvr.sys -- (bmdrvr)
DRV - [2009/04/17 21:42:48 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys -- (vstor2-mntapi10)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2008/08/11 13:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2004/05/05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\PQNTDRV.sys -- (PQNTDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\URLSearchHook: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://shop.thefreevpn.com/home.php
IE - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 9A CC 05 B8 A2 CA 01 [binary data]
IE - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\..\URLSearchHook: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files (x86)\Celebrity Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://slumz.boxden....-1&prefixid=h7l | http://www.2dopeboyz.com | http://www.torrentleech.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071300000040
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.10
FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:2.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.42
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {cd617372-6743-4ee4-bac4-fbf60f35719e}:1.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.7.1.11048
FF - prefs.js..keyword.URL: "http://www.afodo.com...ls=twSUezfG&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: ""
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: ""
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/07 23:39:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/31 17:22:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/19 22:54:55 | 000,000,000 | ---D | M]
[2010/04/10 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2010/04/10 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/02/01 18:09:44 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/09/10 00:19:40 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{1483B687-8B6E-4bca-B85D-3CB02696DFC6}
[2010/06/24 23:49:09 | 000,000,000 | ---D | M] (Plusmedia uk Toolbar) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}
[2010/02/01 00:02:04 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/01 00:02:04 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 11:47:29 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/03/30 16:22:58 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010/02/01 00:02:05 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Live PageRank) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{8061ddcf-3632-4287-8d8a-133e219ae838}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (OperaView) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{87f54a61-c9b3-4138-a38a-33c31770bb9e}
[2010/02/01 00:02:05 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/02/01 00:02:05 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/02/01 00:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010/02/01 00:02:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
[2010/02/01 00:02:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/10 22:01:51 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/02/01 00:02:13 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/30 00:42:40 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/01/30 00:42:40 | 000,000,000 | ---D | M] (Autofill) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{F35B2DA4-CECE-D4E8-0BAD-CCD1DF7EE17A}
[2010/01/30 00:42:40 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/01/30 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/06/10 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 00:01:59 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/04/20 11:35:29 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 22:26:17 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 00:02:02 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/02/01 00:02:03 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/01/30 00:42:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2010/07/22 13:05:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\extensions\[email protected]
[2008/12/03 08:58:56 | 000,000,523 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\daemon-search.xml
[2010/08/18 22:40:11 | 000,002,197 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\google-search.xml
[2007/04/26 21:26:56 | 000,001,221 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\music-search-plus.xml
[2008/06/05 12:20:50 | 000,001,386 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\qxgdwdt0.default\searchplugins\nzbindexnl.xml
[2010/09/10 00:19:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/18 22:40:11 | 000,002,197 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google-search.xml
[2010/02/03 18:59:06 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\MyHeritage.xml
O1 HOSTS File: ([2010/09/11 16:38:32 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
O2 - BHO: (Plusmedia uk Toolbar) - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\Jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\TEXTware\QUICKfind\PlugIns\IEHelp.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Plusmedia uk Toolbar) - {193d7001-bd9f-48c2-b5c7-69775aa2201d} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\..\Toolbar\WebBrowser: (Plusmedia uk Toolbar) - {193D7001-BD9F-48C2-B5C7-69775AA2201D} - C:\Program Files (x86)\Plusmedia_uk\tbPlus.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [lxcymon.exe] C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-598359188-3929195914-4074301146-1000\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/09/11 23:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/09/11 16:50:46 | 000,000,000 | ---D | C] -- C:\avz4
[2010/09/11 11:36:57 | 000,000,000 | ---D | C] -- C:\hjt
[2010/09/10 15:44:14 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/10 15:41:21 | 000,000,000 | ---D | C] -- C:\cf
[2010/09/10 15:37:15 | 000,000,000 | ---D | C] -- C:\New folder
[2010/09/10 15:03:38 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/10 15:03:34 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\AAE416E17857DF994CB5852EE8BD7BD9
[2010/09/09 14:58:31 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\hair
[2010/09/08 23:08:52 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Stickam Client - All Icons
[2010/09/08 23:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\proXPN
[2010/09/07 12:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeVPN
[2010/09/03 15:46:13 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Adobe Mini Bridge CS5
[2010/09/03 15:46:12 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/30 19:41:45 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\fltk.org
[2010/08/30 19:41:36 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\paulstretch_win32-2.0
[2010/08/26 10:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2010/08/25 18:42:04 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Redman_-_Reggie_-_2010
[2010/08/23 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/23 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/18 11:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\lx_cats
[2010/08/18 11:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 3400 Series
[2010/08/18 11:57:06 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyinpa.dll
[2010/08/18 11:57:06 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyiesc.dll
[2010/08/18 11:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 3400 Series
[2010/08/18 11:57:05 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyserv.dll
[2010/08/18 11:57:05 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyusb1.dll
[2010/08/18 11:57:05 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypmui.dll
[2010/08/18 11:57:05 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcylmpm.dll
[2010/08/18 11:57:05 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyih.exe
[2010/08/18 11:57:05 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyppls.exe
[2010/08/18 11:57:05 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyprox.dll
[2010/08/18 11:57:05 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypplc.dll
[2010/08/18 11:57:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyhbn3.dll
[2010/08/18 11:57:04 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomc.dll
[2010/08/18 11:57:04 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycoms.exe
[2010/08/18 11:57:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomm.dll
[2010/08/18 11:57:04 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycfg.exe
[2010/08/18 11:57:04 | 000,077,824 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\lxcycfg.dll
[2010/08/18 11:56:56 | 001,417,728 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyserv.dll
[2010/08/18 11:56:56 | 001,099,264 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyusb1.dll
[2010/08/18 11:56:56 | 000,695,808 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycomc.dll
[2010/08/18 11:56:56 | 000,659,456 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyhbn3.dll
[2010/08/18 11:56:56 | 000,566,192 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycoms.exe
[2010/08/18 11:56:56 | 000,487,424 | ---- | C] ( ) -- C:\Windows\SysNative\lxcylmpm.dll
[2010/08/18 11:56:56 | 000,409,600 | ---- | C] ( ) -- C:\Windows\SysNative\lxcypmui.dll
[2010/08/18 11:56:56 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyhcp.dll
[2010/08/18 11:56:56 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycomm.dll
[2010/08/18 11:56:56 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyinpa.dll
[2010/08/18 11:56:56 | 000,235,952 | ---- | C] ( ) -- C:\Windows\SysNative\lxcycfg.exe
[2010/08/18 11:56:56 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyih.exe
[2010/08/18 11:56:56 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyiesc.dll
[2010/08/18 11:56:56 | 000,064,512 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\lxcycfg.dll
[2010/08/18 11:56:56 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysNative\lxcyprox.dll
[2010/08/18 11:56:56 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysNative\lxcypplc.dll
[2010/08/18 11:56:41 | 000,000,000 | ---D | C] -- C:\lexmark
[2010/08/01 14:14:52 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\BuildAGadget Content
[2010/07/21 09:12:49 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\NetDrive
[2010/07/21 01:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\MacroData Inc
[2010/07/21 00:35:02 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\ED94F68E3DA3E0F8A902F5D0AE37AC5C
[2010/07/19 21:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam 2.4
[2010/07/19 21:11:27 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\ManyCam
[2010/07/19 21:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010/07/12 16:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Video Converter
[2010/07/09 13:48:33 | 000,000,000 | ---D | C] -- C:\Windows Loader v1.8.3
[2010/07/05 17:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/07/05 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/05 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/07/03 20:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/07/03 20:08:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/03 20:02:58 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Windows Live
[2010/07/03 00:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010/06/25 22:41:30 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Nero
[2010/06/24 23:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plusmedia_uk
[2010/06/24 23:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/06/15 21:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2010/06/15 20:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2010/06/15 20:44:15 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\NeoSmart_Technologies
[2010/06/15 20:44:09 | 000,000,000 | ---D | C] -- C:\Boot
[2010/06/15 20:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoSmart Technologies
[2010/06/15 20:07:15 | 000,000,000 | ---D | C] -- C:\Windows Loader
[2010/06/15 14:26:31 | 000,000,000 | ---D | C] -- C:\hitachi
[2010/06/14 13:43:45 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\StreamTorrent
[2010/06/14 13:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamTorrent 1.0
[2010/06/14 13:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TVU Networks
[2010/06/14 13:41:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVUPlayer
========== Files - Modified Within 90 Days ==========
[2010/09/12 13:28:46 | 006,029,312 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT
[2010/09/12 12:46:50 | 000,023,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/12 12:46:50 | 000,023,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/12 12:41:47 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2010/09/12 12:41:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/12 12:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/12 12:41:34 | 3117,015,040 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/12 12:41:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-598359188-3929195914-4074301146-1000UA.job
[2010/09/11 18:57:01 | 000,011,264 | ---- | M] () -- C:\Windows\SysWow64\drivers\uziymty5.sys
[2010/09/11 16:38:32 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/09/11 11:36:58 | 000,002,933 | ---- | M] () -- C:\Users\Tom\Desktop\HiJackThis.lnk
[2010/09/09 19:22:32 | 000,036,352 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/09 17:41:49 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/09/09 16:05:09 | 000,239,623 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0235_2.jpg
[2010/09/09 15:49:47 | 001,223,970 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0235.JPG
[2010/09/09 15:32:55 | 000,437,515 | ---- | M] () -- C:\Users\Tom\Desktop\hair_front.jpg
[2010/09/09 15:31:53 | 000,474,944 | ---- | M] () -- C:\Users\Tom\Desktop\hair_side2.jpg
[2010/09/09 15:30:27 | 000,506,710 | ---- | M] () -- C:\Users\Tom\Desktop\hair_side1.jpg
[2010/09/09 15:29:43 | 001,148,662 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0213.JPG
[2010/09/09 15:25:31 | 001,313,169 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0231.JPG
[2010/09/09 15:24:35 | 001,221,183 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0240.JPG
[2010/09/08 23:08:29 | 000,241,507 | ---- | M] () -- C:\Users\Tom\Documents\Stickam Client - All Icons.rar
[2010/09/08 23:06:30 | 000,001,061 | ---- | M] () -- C:\Users\Tom\Desktop\proXPN.lnk
[2010/09/08 23:06:30 | 000,000,501 | ---- | M] () -- C:\Windows\win.ini
[2010/09/08 18:24:54 | 000,000,132 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/09/07 16:59:03 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2010/09/07 12:17:10 | 000,001,015 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeVPN.lnk
[2010/09/07 04:41:00 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-598359188-3929195914-4074301146-1000Core.job
[2010/09/06 21:59:11 | 003,923,248 | ---- | M] () -- C:\Users\Tom\Desktop\IMG_0186.MOV
[2010/09/05 01:01:19 | 000,000,132 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/09/02 18:54:41 | 000,001,456 | ---- | M] () -- C:\Users\Tom\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/09/01 15:03:43 | 004,997,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/31 22:26:46 | 000,115,056 | ---- | M] () -- C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/31 17:54:08 | 001,283,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/31 17:54:08 | 000,633,562 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/31 17:54:08 | 000,479,444 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2010/08/31 17:54:08 | 000,113,468 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/31 17:54:08 | 000,087,466 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2010/08/29 20:00:22 | 000,000,050 | ---- | M] () -- C:\Windows\MegaManager.INI
[2010/08/26 10:53:13 | 000,001,305 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.msn
[2010/08/23 15:59:28 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/18 11:57:49 | 000,018,327 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/08/12 18:17:13 | 000,088,730 | ---- | M] () -- C:\Users\Tom\Documents\Tom6.pdf
[2010/08/12 16:47:58 | 000,088,583 | ---- | M] () -- C:\Users\Tom\Documents\Tom5.pdf
[2010/08/12 12:12:28 | 000,088,560 | ---- | M] () -- C:\Users\Tom\Documents\Tom4.pdf
[2010/08/12 12:10:55 | 000,088,511 | ---- | M] () -- C:\Users\Tom\Documents\Tom3.pdf
[2010/07/25 01:46:21 | 000,045,389 | ---- | M] () -- C:\Users\Tom\Documents\Untitled.wma
[2010/07/19 21:11:47 | 000,001,929 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam 2.4.lnk
[2010/07/12 16:37:31 | 000,001,008 | ---- | M] () -- C:\Users\Tom\Desktop\Total Video Converter.lnk
[2010/07/12 16:37:31 | 000,001,001 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk
[2010/07/09 13:49:46 | 000,331,521 | RHS- | M] () -- C:\KMWIU
[2010/07/09 13:49:46 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2010/07/05 17:10:38 | 000,002,515 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/30 20:37:28 | 008,144,532 | ---- | M] () -- C:\Users\Tom\Documents\ICE_CUBE-DRINK_THE_KOOLAID_@_PAIDDUES2010_(HQ).mp4
[2010/06/25 16:32:58 | 000,001,173 | ---- | M] () -- C:\Users\Tom\Desktop\IETester.lnk
[2010/06/15 22:56:28 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010/06/15 22:56:28 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/06/15 22:56:28 | 000,065,536 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TM.blf
========== Files Created - No Company Name ==========
[2010/09/11 18:55:40 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\drivers\uziymty5.sys
[2010/09/11 11:36:58 | 000,002,933 | ---- | C] () -- C:\Users\Tom\Desktop\HiJackThis.lnk
[2010/09/09 16:05:09 | 000,239,623 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0235_2.jpg
[2010/09/09 15:49:54 | 001,223,970 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0235.JPG
[2010/09/09 15:31:52 | 000,474,944 | ---- | C] () -- C:\Users\Tom\Desktop\hair_side2.jpg
[2010/09/09 15:30:25 | 000,506,710 | ---- | C] () -- C:\Users\Tom\Desktop\hair_side1.jpg
[2010/09/09 15:29:26 | 000,437,515 | ---- | C] () -- C:\Users\Tom\Desktop\hair_front.jpg
[2010/09/09 15:27:23 | 001,148,662 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0213.JPG
[2010/09/09 15:25:22 | 001,313,169 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0231.JPG
[2010/09/09 15:24:23 | 001,221,183 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0240.JPG
[2010/09/08 23:08:10 | 000,241,507 | ---- | C] () -- C:\Users\Tom\Documents\Stickam Client - All Icons.rar
[2010/09/08 23:06:30 | 000,001,061 | ---- | C] () -- C:\Users\Tom\Desktop\proXPN.lnk
[2010/09/07 16:57:17 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2010/09/07 12:17:10 | 000,001,015 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeVPN.lnk
[2010/09/06 22:34:03 | 003,923,248 | ---- | C] () -- C:\Users\Tom\Desktop\IMG_0186.MOV
[2010/08/29 20:00:22 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2010/08/23 15:59:28 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/18 11:57:06 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcycomx.dll
[2010/08/18 11:57:06 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcyinst.dll
[2010/08/18 11:57:05 | 000,581,173 | ---- | C] () -- C:\Windows\SysWow64\lxcyhelp.chm
[2010/08/18 11:57:04 | 000,001,834 | ---- | C] () -- C:\Windows\SysWow64\lxcy.loc
[2010/08/18 11:56:56 | 000,581,173 | ---- | C] () -- C:\Windows\SysNative\lxcyhelp.chm
[2010/08/18 11:56:56 | 000,194,048 | ---- | C] () -- C:\Windows\SysNative\lxcyinst.dll
[2010/08/18 11:56:56 | 000,018,327 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/08/18 11:56:56 | 000,001,834 | ---- | C] () -- C:\Windows\SysNative\lxcy.loc
[2010/08/12 18:17:13 | 000,088,730 | ---- | C] () -- C:\Users\Tom\Documents\Tom6.pdf
[2010/08/12 16:47:53 | 000,088,583 | ---- | C] () -- C:\Users\Tom\Documents\Tom5.pdf
[2010/08/12 12:12:25 | 000,088,560 | ---- | C] () -- C:\Users\Tom\Documents\Tom4.pdf
[2010/08/12 12:10:49 | 000,088,511 | ---- | C] () -- C:\Users\Tom\Documents\Tom3.pdf
[2010/07/25 01:46:21 | 000,045,389 | ---- | C] () -- C:\Users\Tom\Documents\Untitled.wma
[2010/07/19 21:11:47 | 000,001,929 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam 2.4.lnk
[2010/07/12 16:37:31 | 000,001,008 | ---- | C] () -- C:\Users\Tom\Desktop\Total Video Converter.lnk
[2010/07/12 16:37:31 | 000,001,001 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk
[2010/07/09 13:49:46 | 000,331,521 | RHS- | C] () -- C:\KMWIU
[2010/07/09 13:49:46 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2010/06/30 20:36:16 | 008,144,532 | ---- | C] () -- C:\Users\Tom\Documents\ICE_CUBE-DRINK_THE_KOOLAID_@_PAIDDUES2010_(HQ).mp4
[2010/06/15 22:50:26 | 000,524,288 | -HS- | C] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010/06/15 22:50:26 | 000,524,288 | -HS- | C] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010/06/15 22:50:26 | 000,065,536 | -HS- | C] () -- C:\Users\Tom\NTUSER.DAT{f1101512-78c7-11df-9413-005056c00008}.TM.blf
[2010/06/15 20:44:09 | 000,383,562 | ---- | C] () -- C:\bootmgr
[2010/06/15 14:27:39 | 000,102,400 | ---- | C] () -- C:\Windows\SysNative\ScsiOat.dll
[2010/06/08 16:31:10 | 000,001,456 | ---- | C] () -- C:\Users\Tom\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/06/06 22:18:24 | 000,000,601 | ---- | C] () -- C:\ProgramData\LmeUSB.log
[2010/06/06 22:18:24 | 000,000,600 | ---- | C] () -- C:\ProgramData\LSDmbTH.log
[2010/06/06 22:09:44 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll
[2010/06/06 20:58:58 | 000,000,600 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\PUTTY.RND
[2010/06/06 20:50:12 | 000,000,600 | ---- | C] () -- C:\Users\Tom\AppData\Local\PUTTY.RND
[2010/05/02 18:15:20 | 000,000,132 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/02 18:10:37 | 000,000,132 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/04/21 14:26:24 | 000,260,608 | ---- | C] () -- C:\Windows\SysWow64\TWAVBX32.DLL
[2010/04/21 14:26:23 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ILXTBS.DLL
[2010/04/18 12:07:03 | 000,000,017 | ---- | C] () -- C:\Users\Tom\AppData\Local\resmon.resmoncfg
[2010/04/18 11:55:44 | 000,003,235 | ---- | C] () -- C:\Users\Tom\AppData\Local\Temp19.html
[2010/04/18 11:55:33 | 000,000,778 | ---- | C] () -- C:\Users\Tom\AppData\Local\Temp1.html
[2010/04/06 18:54:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/04/02 15:21:07 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/03/24 21:48:22 | 000,000,609 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\AutoGK.ini
[2010/02/23 10:53:55 | 000,000,052 | ---- | C] () -- C:\Windows\SysWow64\windriver32.ini
[2010/02/19 10:31:32 | 000,036,352 | ---- | C] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/09 09:22:52 | 000,001,037 | ---- | C] () -- C:\Users\Tom\AppData\Local\Account.atomsvc
[2010/02/08 17:27:03 | 000,000,600 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\winscp.rnd
[2010/02/05 19:53:25 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/02/05 19:53:25 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/01/31 15:00:29 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/01/30 00:50:45 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\blackra1n.log
[2010/01/30 00:48:40 | 000,608,256 | ---- | C] () -- C:\Program Files (x86)\blackra1n.exe
[2010/01/30 00:01:01 | 000,740,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/20 19:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005/11/11 17:39:00 | 000,001,620 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2003/11/25 17:05:20 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\UNLHA32.DLL
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[1998/01/15 14:46:22 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\OatLHA.DLL
========== LOP Check ==========
[2010/03/31 17:28:16 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\.purple
[2010/09/11 23:56:21 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\AAE416E17857DF994CB5852EE8BD7BD9
[2010/09/08 19:39:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Audacity
[2010/02/08 23:14:41 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Bioshock2
[2010/01/31 15:00:37 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\BITS
[2010/05/02 18:03:00 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/30 00:24:34 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DAEMON Tools Lite
[2010/08/31 16:19:35 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ED94F68E3DA3E0F8A902F5D0AE37AC5C
[2010/01/31 23:33:34 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\FlashFXP
[2010/02/01 12:54:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\FlashGet
[2010/01/31 15:00:14 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\FlashGetBHO
[2010/08/30 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\fltk.org
[2010/04/05 19:55:53 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\GrabPro
[2010/01/30 00:33:28 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\gtopala
[2010/01/31 16:28:35 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Leadertech
[2010/07/19 21:33:09 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ManyCam
[2010/03/30 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Megaupload
[2010/05/14 12:57:20 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\MySQL
[2010/07/21 20:23:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\NetDrive
[2010/02/23 14:28:46 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\NewsLeecher
[2010/06/02 23:15:23 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Orbit
[2010/02/01 18:09:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Songbird2
[2010/06/10 19:22:04 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Spotify
[2010/09/03 15:46:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/14 13:43:45 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\StreamTorrent
[2010/02/21 16:13:47 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\SystemRequirementsLab
[2010/04/10 22:54:43 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TeamViewer
[2010/09/12 13:23:00 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\uTorrent
[2010/04/10 20:26:29 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Vivox
[2010/06/07 19:09:39 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\WinAVI
[2010/05/11 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\WinFF
[2010/06/03 09:18:27 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Xilisoft Corporation
[2010/03/09 13:53:56 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Youtube Downloader HD
[2010/07/23 14:09:03 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
#27
Posted 12 September 2010 - 07:35 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Well the run command has finally gone so lets now check that both explorers are OK
Go to start > Run and type in the following
sfc /SCANFILE=c:\windows\explorer.exe
Go to start > Run and type in the following
sfc /SCANFILE=C:\Windows\SysWow64\explorer.exe
Then reboot and let me know if it still loops
Go to start > Run and type in the following
sfc /SCANFILE=c:\windows\explorer.exe
Go to start > Run and type in the following
sfc /SCANFILE=C:\Windows\SysWow64\explorer.exe
Then reboot and let me know if it still loops
#28
Posted 12 September 2010 - 08:10 AM
Datastream
- Topic Starter
-
- Member
-
- 20 posts
Member
I'll reboot now.
Edited by Datastream, 12 September 2010 - 08:41 AM.
#29
Posted 12 September 2010 - 08:48 AM
Datastream
- Topic Starter
-
- Member
-
- 20 posts
Member
Good news, the looping has stopped.
What should i do now?
What should i do now?
Edited by Datastream, 12 September 2010 - 08:49 AM.
#30
Posted 12 September 2010 - 09:08 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK I need to bear in mind now that this infection also patches explorer, but cannot be corrected until the run file is removed - Ta 
Subject to no further problems
Looking at that I am a happy bunny
I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems
Upgrading Java:
SPRING CLEAN
Download and run Puran Disc Defragmenter
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe
Subject to no further problems
Looking at that I am a happy bunny
I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systemsUpgrading Java:
- Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 21.
- Click the "Download" button to the right.
- Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
- Click on Continue.
- Click on the link to download Windows Offline Installation (jre-6u21-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java version.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586-p.exe and select "Run as an Administrator.")
SPRING CLEAN
Download and run Puran Disc Defragmenter
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
- SpywareBlaster to help prevent spyware from installing in the first place.
Malwarebytes. Run weekly to keep your system clean
To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
