win32:malware-gen infecting explorer.exe

I’ve tried removing it using MBAM but my Avast! still detected it after rebooting. I’ve the OTL logs and gonna paste it here, I really hope you guys can help me thanks. And I’m sure there are more malware/trojan infecting my computer. But I don’t know how to look for it. Thanks alot.

========== Processes (SafeList) ==========

PRC - [2010/07/26 09:06:12 | 000,574,976 | ---- | M] (OldTimer Tools) – C:\Users\John\Desktop\OTL.exe
PRC - [2010/07/26 03:17:49 | 000,208,896 | ---- | M] () – C:\Users\John\AppData\Roaming\MrPoserRAT.exe
PRC - [2010/07/25 13:10:04 | 000,014,808 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/25 13:10:03 | 000,910,296 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/25 12:21:47 | 000,167,424 | ---- | M] (Microsoft Inc.) – C:\Users\John\My Documents\System32\svhost.exe
PRC - [2010/07/24 12:14:35 | 000,512,000 | ---- | M] (x31S29H9V48u95ka) – C:\Users\John\AppData\Roaming\bot.exe
PRC - [2010/07/24 09:29:49 | 000,072,704 | RHS- | M] (Microsoft Corporation) – C:\Users\John\AppData\Roaming\galaxy.exe
PRC - [2010/06/30 14:52:22 | 000,836,464 | ---- | M] (Opera Software) – C:\Program Files\Opera\opera.exe
PRC - [2010/06/29 04:57:18 | 002,837,864 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/29 04:57:15 | 000,040,384 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/10 21:39:52 | 000,185,800 | ---- | M] (PPLive Corporation) – C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) – C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/02 03:49:16 | 000,322,352 | ---- | M] (BitTorrent, Inc.) – C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/05/26 21:03:07 | 003,220,912 | ---- | M] (Tonec Inc.) – C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2010/05/25 21:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) – C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2010/04/29 02:15:02 | 002,633,976 | ---- | M] (Veoh Networks) – C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/12/10 10:27:26 | 000,357,384 | ---- | M] (Logitech Inc.) – C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2009/12/10 10:25:16 | 003,203,080 | ---- | M] (Logitech Inc.) – C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2009/12/10 10:01:22 | 000,498,696 | ---- | M] (Logitech Inc.) – C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
PRC - [2009/12/10 10:01:12 | 000,477,704 | ---- | M] (Logitech Inc.) – C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
PRC - [2009/12/10 10:00:42 | 001,573,384 | ---- | M] (Logitech Inc.) – C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2009/12/10 10:00:32 | 000,522,760 | ---- | M] (Logitech Inc.) – C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2009/12/10 10:00:22 | 000,523,784 | ---- | M] (Logitech Inc.) – C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
PRC - [2009/12/10 10:00:12 | 000,676,360 | ---- | M] (Logitech Inc.) – C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
PRC - [2009/11/20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) – C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) – C:\Windows\explorer.exe
PRC - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) – C:\Windows\System32\vmnat.exe
PRC - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) – C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) – C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/10/22 04:59:24 | 000,129,584 | ---- | M] (VMware, Inc.) – C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) – C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) – C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\taskhost.exe
PRC - [2008/05/22 18:57:49 | 000,483,328 | ---- | M] (Motive Communications, Inc.) – C:\Program Files\Common Files\Motive\MotiveBrowser.exe

========== Modules (SafeList) ==========

MOD - [2010/07/26 09:06:12 | 000,574,976 | ---- | M] (OldTimer Tools) – C:\Users\John\Desktop\OTL.exe
MOD - [2009/07/14 09:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 09:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\sechost.dll
MOD - [2009/07/14 09:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\samcli.dll
MOD - [2009/07/14 09:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\profapi.dll
MOD - [2009/07/14 09:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\netutils.dll
MOD - [2009/07/14 09:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 09:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 09:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\devobj.dll
MOD - [2009/07/14 09:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 09:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 09:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 09:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) – C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/07/26 02:08:07 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] – C:\Program Files\Common Files\Steam\SteamService.exe – (Steam Client Service)
SRV - [2010/06/29 04:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Web Scanner)
SRV - [2010/06/29 04:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Mail Scanner)
SRV - [2010/06/29 04:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Antivirus)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] – C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe – (Apple Mobile Device)
SRV - [2010/04/27 03:00:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] – C:\Windows\System32\Wat\WatAdminSvc.exe – (WatAdminSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe – (clr_optimization_v4.0.30319_32)
SRV - [2009/11/20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] – C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe – (Stereo Service)
SRV - [2009/11/18 06:37:40 | 000,057,640 | ---- | M] () [Disabled | Stopped] – C:\Program Files\Hotspot Shield\bin\HssTrayService.exe – (HssTrayService)
SRV - [2009/11/18 06:37:18 | 000,224,816 | ---- | M] () [Disabled | Stopped] – C:\Program Files\Hotspot Shield\bin\openvpnas.exe – (HotspotShieldService)
SRV - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] – C:\Windows\System32\vmnat.exe – (VMware NAT Service)
SRV - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] – C:\Program Files\VMware\VMware Workstation\vmware-authd.exe – (VMAuthdService)
SRV - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] – C:\Windows\System32\vmnetdhcp.exe – (VMnetDHCP)
SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] – C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe – (VMUSBArbService)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] – C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe – (ufad-ws60)
SRV - [2009/07/14 09:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\wwansvc.dll – (WwanSvc)
SRV - [2009/07/14 09:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\wbiosrvc.dll – (WbioSrvc)
SRV - [2009/07/14 09:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\umpo.dll – (Power)
SRV - [2009/07/14 09:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\themeservice.dll – (Themes)
SRV - [2009/07/14 09:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\sppuinotify.dll – (sppuinotify)
SRV - [2009/07/14 09:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] – C:\Windows\System32\RpcEpMap.dll – (RpcEptMapper)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\sensrsvc.dll – (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\PeerDistSvc.dll – (PeerDistSvc)
SRV - [2009/07/14 09:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\System32\pnrpsvc.dll – (PNRPsvc)
SRV - [2009/07/14 09:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\System32\pnrpsvc.dll – (p2pimsvc)
SRV - [2009/07/14 09:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\System32\provsvc.dll – (HomeGroupProvider)
SRV - [2009/07/14 09:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\pnrpauto.dll – (PNRPAutoReg)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
SRV - [2009/07/14 09:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\System32\ListSvc.dll – (HomeGroupListener)
SRV - [2009/07/14 09:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\FntCache.dll – (FontCache)
SRV - [2009/07/14 09:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\System32\dhcpcore.dll – (Dhcp)
SRV - [2009/07/14 09:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\defragsvc.dll – (defragsvc)
SRV - [2009/07/14 09:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] – C:\Windows\System32\bdesvc.dll – (BDESVC)
SRV - [2009/07/14 09:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\AxInstSv.dll – (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 09:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\appidsvc.dll – (AppIDSvc)
SRV - [2009/07/14 09:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Windows\System32\sppsvc.exe – (sppsvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] – C:\Users\John\AppData\Local\Temp\IJXBB4.tmp – (GarenaPEngine)
DRV - [2010/06/29 04:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\Windows\System32\drivers\aswTdi.sys – (aswTdi)
DRV - [2010/06/29 04:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\Windows\System32\drivers\aswSP.sys – (aswSP)
DRV - [2010/06/29 04:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\Windows\System32\drivers\aswRdr.sys – (aswRdr)
DRV - [2010/06/29 04:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] – C:\Windows\System32\drivers\aswMonFlt.sys – (aswMonFlt)
DRV - [2010/06/29 04:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] – C:\Windows\System32\drivers\aswFsBlk.sys – (aswFsBlk)
DRV - [2009/12/11 15:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\Windows\System32\Drivers\ksecpkg.sys – (KSecPkg)
DRV - [2009/11/23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\LGVirHid.sys – (LGVirHid)
DRV - [2009/11/23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\LGBusEnum.sys – (LGBusEnum)
DRV - [2009/11/21 10:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\nvlddmkm.sys – (nvlddmkm)
DRV - [2009/11/13 05:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\taphss.sys – (taphss)
DRV - [2009/11/09 11:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] – C:\Windows\System32\drivers\scdemu.sys – (SCDEmu)
DRV - [2009/10/22 05:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] – C:\Windows\System32\drivers\vmx86.sys – (vmx86)
DRV - [2009/10/22 05:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] – C:\Windows\System32\drivers\vmci.sys – (vmci)
DRV - [2009/10/22 05:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] – C:\Windows\System32\drivers\vmnetuserif.sys – (VMnetuserif)
DRV - [2009/10/22 05:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\VMkbd.sys – (vmkbd)
DRV - [2009/10/22 03:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] – C:\Windows\System32\drivers\hcmon.sys – (hcmon)
DRV - [2009/10/22 00:13:36 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\vmusb.sys – (vmusb)
DRV - [2009/10/22 00:13:32 | 000,036,400 | R— | M] (VMware, Inc.) [Kernel | Auto | Running] – C:\Windows\System32\drivers\vmnetbridge.sys – (VMnetBridge)
DRV - [2009/10/22 00:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\vmnetadapter.sys – (VMnetAdapter)
DRV - [2009/10/12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] – C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys – (vstor2-ws60)
DRV - [2009/07/14 09:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\cmdide.sys – (cmdide)
DRV - [2009/07/14 09:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\adpahci.sys – (adpahci)
DRV - [2009/07/14 09:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\adp94xx.sys – (adp94xx)
DRV - [2009/07/14 09:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\amdsbs.sys – (amdsbs)
DRV - [2009/07/14 09:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\adpu320.sys – (adpu320)
DRV - [2009/07/14 09:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\arcsas.sys – (arcsas)
DRV - [2009/07/14 09:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\amdsata.sys – (amdsata)
DRV - [2009/07/14 09:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\arc.sys – (arc)
DRV - [2009/07/14 09:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] – C:\Windows\system32\DRIVERS\amdxata.sys – (amdxata)
DRV - [2009/07/14 09:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\aliide.sys – (aliide)
DRV - [2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\nvstor.sys – (nvstor)
DRV - [2009/07/14 09:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\nvraid.sys – (nvraid)
DRV - [2009/07/14 09:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\nfrd960.sys – (nfrd960)
DRV - [2009/07/14 09:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\lsi_sas.sys – (LSI_SAS)
DRV - [2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\iaStorV.sys – (iaStorV)
DRV - [2009/07/14 09:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\MegaSR.sys – (MegaSR)
DRV - [2009/07/14 09:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\lsi_scsi.sys – (LSI_SCSI)
DRV - [2009/07/14 09:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\lsi_fc.sys – (LSI_FC)
DRV - [2009/07/14 09:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\lsi_sas2.sys – (LSI_SAS2)

DRV - [2009/07/14 09:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\iirsp.sys – (iirsp)
DRV - [2009/07/14 09:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\megasas.sys – (megasas)
DRV - [2009/07/14 09:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\Windows\System32\drivers\hwpolicy.sys – (hwpolicy)
DRV - [2009/07/14 09:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\elxstor.sys – (elxstor)
DRV - [2009/07/14 09:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\djsvs.sys – (aic78xx)
DRV - [2009/07/14 09:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\HpSAMD.sys – (HpSAMD)
DRV - [2009/07/14 09:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] – C:\Windows\System32\drivers\fsdepends.sys – (FsDepends)
DRV - [2009/07/14 09:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\vsmraid.sys – (vsmraid)
DRV - [2009/07/14 09:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\vmbus.sys – (vmbus)
DRV - [2009/07/14 09:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\vhdmp.sys – (vhdmp)
DRV - [2009/07/14 09:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\Windows\system32\DRIVERS\vmstorfl.sys – (storflt)
DRV - [2009/07/14 09:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\Windows\system32\DRIVERS\vdrvroot.sys – (vdrvroot)
DRV - [2009/07/14 09:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\storvsc.sys – (storvsc)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] – C:\Windows\System32\drivers\wimmount.sys – (WIMMount)
DRV - [2009/07/14 09:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\viaide.sys – (viaide)
DRV - [2009/07/14 09:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\ql2300.sys – (ql2300)
DRV - [2009/07/14 09:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\Windows\System32\drivers\rdyboost.sys – (rdyboost)
DRV - [2009/07/14 09:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\ql40xx.sys – (ql40xx)
DRV - [2009/07/14 09:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\sisraid4.sys – (SiSRaid4)
DRV - [2009/07/14 09:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\Windows\System32\drivers\pcw.sys – (pcw)
DRV - [2009/07/14 09:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\SiSRaid2.sys – (SiSRaid2)
DRV - [2009/07/14 09:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\stexstor.sys – (stexstor)
DRV - [2009/07/14 09:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\Windows\System32\Drivers\cng.sys – (CNG)
DRV - [2009/07/14 08:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\Drivers\Brserid.sys – (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 08:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\rdpbus.sys – (rdpbus)
DRV - [2009/07/14 08:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] – C:\Windows\System32\drivers\RDPREFMP.sys – (RDPREFMP)
DRV - [2009/07/14 07:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\agilevpn.sys – (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 07:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] – C:\Windows\System32\drivers\wfplwf.sys – (WfpLwf)
DRV - [2009/07/14 07:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\ndiscap.sys – (NdisCap)
DRV - [2009/07/14 07:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\vwifibus.sys – (vwifibus)
DRV - [2009/07/14 07:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\1394ohci.sys – (1394ohci)
DRV - [2009/07/14 07:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\umpass.sys – (UmPass)
DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\winusb.sys – (WinUsb)
DRV - [2009/07/14 07:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\mshidkmdf.sys – (mshidkmdf)
DRV - [2009/07/14 07:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\MTConfig.sys – (MTConfig)

RV - [2009/07/14 07:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\CompositeBus.sys – (CompositeBus)
DRV - [2009/07/14 07:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\drivers\appid.sys – (AppID)
DRV - [2009/07/14 07:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] – C:\Windows\System32\drivers\scfilter.sys – (scfilter)
DRV - [2009/07/14 07:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\vms3cap.sys – (s3cap)
DRV - [2009/07/14 07:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\VMBusHID.sys – (VMBusHID)
DRV - [2009/07/14 07:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] – C:\Windows\System32\drivers\discache.sys – (discache)
DRV - [2009/07/14 07:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\HidBatt.sys – (HidBatt)
DRV - [2009/07/14 07:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\acpipmi.sys – (AcpiPmi)
DRV - [2009/07/14 07:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\amdppm.sys – (AmdPPM)
DRV - [2009/07/14 06:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\system32\drivers\hcw85cir.sys – (hcw85cir)
DRV - [2009/07/14 06:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\Drivers\BrUsbMdm.sys – (BrUsbMdm)
DRV - [2009/07/14 06:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\Drivers\BrUsbSer.sys – (BrUsbSer)
DRV - [2009/07/14 06:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\Drivers\BrSerWdm.sys – (BrSerWdm)
DRV - [2009/07/14 06:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\BrFiltLo.sys – (BrFiltLo)
DRV - [2009/07/14 06:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\BrFiltUp.sys – (BrFiltUp)
DRV - [2009/07/14 06:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\b57nd60x.sys – (b57nd60x)
DRV - [2009/07/14 06:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\evbdx.sys – (ebdrv)
DRV - [2009/07/14 06:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\system32\DRIVERS\bxvbdx.sys – (b06bdrv)
DRV - [2009/07/14 06:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\L1E62x86.sys – (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV - [2009/05/21 14:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] – C:\Windows\System32\drivers\TPkd.sys – (TPkd)
DRV - [2008/01/30 16:15:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] – C:\Program Files\Common Files\Motive\MREMPR5.sys – (MREMPR5)
DRV - [2008/01/30 16:15:19 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] – C:\Program Files\Common Files\Motive\MRENDIS5.sys – (MRENDIS5)
DRV - [2008/01/14 18:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\ManyCam.sys – (ManyCam)
DRV - [2007/02/21 20:53:22 | 000,192,512 | ---- | M] (MorningSound Co., Ltd.) [Kernel | Auto | Stopped] – C:\Windows\System32\drivers\VirtualCam.sys – (VirtualCam)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\ASACPI.sys – (MTsensor)

O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM..\Toolbar: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.)
O3 - HKLM..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-532645981-2363493598-5108519-1001..\Toolbar\WebBrowser: (Messenger Plus Live Toolbar) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-532645981-2363493598-5108519-1001..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM…\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM…\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM…\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM…\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM…\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM…\Run: [MotiveReportAgent] C:\Program Files\Common Files\Motive\McciBootStrapper.exe (Motive Communications, Inc.)
O4 - HKLM…\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-532645981-2363493598-5108519-1001…\Run: [1My] C:\Users\John\AppData\Roaming\39316.exe ()
O4 - HKU\S-1-5-21-532645981-2363493598-5108519-1001…\Run: [Aj3wServices] C:\Users\John\AppData\Local\Temp\jewsrvs.exe File not found
O4 - HKU\S-1-5-21-532645981-2363493598-5108519-1001…\Run: [GoogleApps] C:\Users\John\My Documents\System32\svhost.exe (Microsoft Inc.)
O4 - HKU\S-1-5-21-532645981-2363493598-5108519-1001…\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-532645981-2363493598-5108519-1001…\Run: [Install] C:\Users\John\AppData\Roaming\bot.exe (x31S29H9V48u95ka)
O4 - HKU\S-1-5-21-532645981-2363493598-5108519-1001…\Run: [MrPoserRAT.exe] C:\Users\John\AppData\Roaming\MrPoserRAT.exe ()
O4 - HKU\S-1-5-21-532645981-2363493598-5108519-1001…\Run: [MSN] C:\Users\John\AppData\Roaming\Microsoft\svhost.exe (Microsoft Inc.)
O4 - HKU\S-1-5-21-532645981-2363493598-5108519-1001…\Run: [MsnLiveMsgr] C:\Users\John\AppData\Roaming\bot.exe (x31S29H9V48u95ka)
O4 - HKU\S-1-5-21-532645981-2363493598-5108519-1001…\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKU\S-1-5-21-532645981-2363493598-5108519-1001…\Run: [SBQt] C:\Users\John\AppData\Local\Temp\zYFyV.exe File not found
O4 - HKU\S-1-5-21-532645981-2363493598-5108519-1001…\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-532645981-2363493598-5108519-1001…\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-532645981-2363493598-5108519-1001…\Run: [weh3e4h34h344h3h] C:\Users\John\AppData\Roaming\Travybear.exe File not found
O4 - HKU\S-1-5-21-532645981-2363493598-5108519-1001…\Run: [WINDOWS] C:\Users\John\AppData\Local\Temp\8564.exe File not found
O4 - HKU\S-1-5-21-532645981-2363493598-5108519-1001…\Run: [Windows Defender] C:\Users\John\AppData\Roaming\WinDefender.exe File not found
O4 - HKU\S-1-5-21-532645981-2363493598-5108519-1001…\Run: [Windows Firewall] C:\Users\John\AppData\Roaming\galaxy.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra ‘Tools’ menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat – [ NTFS ]
O33 - MountPoints2{23da996b-04d2-11df-beac-00248c41447d}\Shell - “” = AutoRun
O33 - MountPoints2{23da996b-04d2-11df-beac-00248c41447d}\Shell\AutoRun\command - “” = E:\LaunchU3.exe – File not found
O33 - MountPoints2\E\Shell - “” = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - “” = E:\autorun.exe – File not found
O33 - MountPoints2\F\Shell - “” = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - “” = F:\autorun.exe – File not found
O34 - HKLM BootExecute: (autocheck autochk ) - File not found
O35 - HKLM..comfile [open] – “%1” %

O35 - HKLM..exefile [open] – “%1” %*
O37 - HKLM.…com [@ = comfile] – “%1” %*
O37 - HKLM.…exe [@ = exefile] – “%1” %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/26 09:06:53 | 000,000,000 | —D | C] – C:_OTL
[2010/07/26 09:06:12 | 000,574,976 | ---- | C] (OldTimer Tools) – C:\Users\John\Desktop\OTL.exe
[2010/07/26 05:00:22 | 000,000,000 | —D | C] – C:\Users\John\AppData\Roaming\Malwarebytes
[2010/07/26 04:59:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) – C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/26 04:59:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) – C:\Windows\System32\drivers\mbam.sys
[2010/07/26 04:59:54 | 000,000,000 | —D | C] – C:\ProgramData\Malwarebytes
[2010/07/26 04:59:53 | 000,000,000 | —D | C] – C:\Program Files\Malwarebytes’ Anti-Malware
[2010/07/26 04:59:34 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) – C:\Users\John\Desktop\mbam-setup-1.46.exe
[2010/07/26 03:33:01 | 000,165,456 | ---- | C] (ALWIL Software) – C:\Windows\System32\drivers\aswSP.sys
[2010/07/26 03:33:01 | 000,017,744 | ---- | C] (ALWIL Software) – C:\Windows\System32\drivers\aswFsBlk.sys
[2010/07/26 03:33:00 | 000,023,376 | ---- | C] (ALWIL Software) – C:\Windows\System32\drivers\aswRdr.sys
[2010/07/26 03:32:58 | 000,046,672 | ---- | C] (ALWIL Software) – C:\Windows\System32\drivers\aswTdi.sys
[2010/07/26 03:32:55 | 000,050,256 | ---- | C] (ALWIL Software) – C:\Windows\System32\drivers\aswMonFlt.sys
[2010/07/26 03:32:08 | 000,165,032 | ---- | C] (AVAST Software) – C:\Windows\System32\aswBoot.exe
[2010/07/26 03:32:08 | 000,038,848 | ---- | C] (ALWIL Software) – C:\Windows\avastSS.scr
[2010/07/26 03:32:05 | 000,000,000 | —D | C] – C:\ProgramData\Alwil Software
[2010/07/26 03:32:05 | 000,000,000 | —D | C] – C:\Program Files\Alwil Software
[2010/07/26 01:25:59 | 000,512,000 | ---- | C] (C13A15n86v56LTEbx50) – C:\Users\John\AppData\Roaming\regmon.exe
[2010/07/26 01:12:47 | 000,000,000 | —D | C] – C:\java
[2010/07/26 00:56:25 | 000,000,000 | —D | C] – C:\Users\John\AppData\Roaming\tellupdate
[2010/07/26 00:42:19 | 000,813,732 | ---- | C] (Abronsius) – C:\Users\John\AppData\Roaming\ballin.exe
[2010/07/25 13:00:37 | 000,000,000 | —D | C] – C:\Program Files\CCleaner
[2010/07/25 12:22:26 | 000,000,000 | —D | C] – C:\Users\John\Documents\System32
[2010/07/25 06:45:46 | 000,109,248 | ---- | C] (Microsoft Corporation) – C:\Users\John\AppData\Roaming\MSWINSCK.OCX
[2010/07/25 05:49:11 | 000,000,000 | —D | C] – C:\directory
[2010/07/24 12:14:27 | 000,512,000 | ---- | C] (x31S29H9V48u95ka) – C:\Users\John\AppData\Roaming\bot.exe
[2010/07/24 11:33:31 | 000,000,000 | —D | C] – C:\Users\John\AppData\Local\AskToolbar
[2010/07/24 09:29:51 | 000,072,704 | RHS- | C] (Microsoft Corporation) – C:\Users\John\AppData\Roaming\galaxy.exe
[2010/07/24 06:53:23 | 000,000,000 | --SD | C] – C:\test
[2010/06/30 20:12:44 | 000,000,000 | —D | C] – C:\Program Files\Messenger_Plus_Live
[2010/06/30 20:12:44 | 000,000,000 | —D | C] – C:\Program Files\Conduit
[2010/06/29 06:13:45 | 000,000,000 | —D | C] – C:\Users\John\Documents\My Downloads
[2010/06/29 06:04:58 | 000,000,000 | —D | C] – C:\Users\John\AppData\Roaming\Megaupload
[2010/06/29 06:03:07 | 000,000,000 | —D | C] – C:\Program Files\Megaupload
[2010/06/29 04:53:57 | 000,000,000 | —D | C] – C:\Users\John\AppData\Roaming\IDM
[2010/06/29 04:53:57 | 000,000,000 | —D | C] – C:\Users\John\AppData\Roaming\DMCache
[2010/06/29 04:53:54 | 000,000,000 | —D | C] – C:\Program Files\Internet Download Manager
[1 C:\Users\John\AppData\Roaming*.tmp files → C:\Users\John\AppData\Roaming*.tmp → ]

There aren’t many that are familiar with the OTL logs unfortunately.

It is also easier to attach the file than spread it over many posts:

  • When you click the Reply button, there is an Additional Options link, this expands the options to attach a file, that can be an image file or a text file (.log or .txt). Also see How to post an Image.

========== Files Created - No Company Name ==========

[2010/07/26 06:43:23 | 000,004,334 | ---- | C] () – C:\Users\John\AppData\Roaming\data.dat
[2010/07/26 04:59:57 | 000,000,975 | ---- | C] () – C:\Users\Public\Desktop\Malwarebytes’ Anti-Malware.lnk
[2010/07/26 04:34:26 | 001,211,912 | -H-- | C] () – C:\Users\John\AppData\Roaming\39316.exe
[2010/07/26 04:32:57 | 001,211,912 | -H-- | C] () – C:\Users\John\AppData\Roaming\57293.exe
[2010/07/26 04:32:16 | 001,211,912 | -H-- | C] () – C:\Users\John\AppData\Roaming\42105.exe
[2010/07/26 03:33:02 | 000,002,001 | ---- | C] () – C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/07/26 03:17:47 | 000,208,896 | ---- | C] () – C:\Users\John\AppData\Roaming\MrPoserRAT.exe
[2010/07/26 01:15:47 | 000,000,000 | ---- | C] () – C:\Users\John\AppData\Roaming\lkhNkI.txt
[2010/07/26 00:56:24 | 000,000,000 | ---- | C] () – C:\Users\John\AppData\Roaming\E6NF6n.txt
[2010/07/25 15:32:21 | 000,556,552 | -H-- | C] () – C:\Users\John\AppData\Roaming\7289.exe
[2010/07/23 01:23:18 | 000,175,104 | ---- | C] () – C:\Users\John\AppData\Roaming\SQLite3.dll
[2010/07/21 05:50:14 | 016,228,137 | ---- | C] () – C:\Users\John\Desktop\vienna-moaning.mp4
[2010/06/17 23:35:14 | 000,057,344 | ---- | C] () – C:\Windows\System32\ff_vfw.dll
[2010/06/17 23:35:14 | 000,000,547 | ---- | C] () – C:\Windows\System32\ff_vfw.dll.manifest
[2010/05/15 15:42:39 | 001,970,176 | ---- | C] () – C:\Windows\System32\d3dx9.dll
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () – C:\Windows\System32\xlive.dll.cat
[2010/01/26 17:29:56 | 000,000,010 | ---- | C] () – C:\Windows\System32\datakntt.ini
[2009/09/28 10:46:34 | 000,197,912 | ---- | C] () – C:\Windows\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () – C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () – C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () – C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () – C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () – C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () – C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () – C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () – C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () – C:\Windows\System32\AgCPanelFrench.dll
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () – C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () – C:\Windows\System32\BWContextHandler.dll
[2007/12/28 23:22:02 | 000,010,296 | ---- | C] () – C:\Windows\System32\drivers\ASUSHWIO.SYS
[2004/08/13 09:56:20 | 000,005,810 | ---- | C] () – C:\Windows\System32\drivers\ASACPI.sys

========== Custom Scans ==========

< %SYSTEMDRIVE%*.* >
[2010/05/10 06:58:40 | 000,001,024 | ---- | M] () – C:.rnd
[2009/06/11 05:42:20 | 000,000,024 | ---- | M] () – C:\autoexec.bat
[2009/11/19 23:14:00 | 000,000,211 | -H-- | M] () – C:\Boot.BAK
[2010/01/14 10:05:26 | 000,000,355 | RHS- | M] () – C:\Boot.ini.saved
[2009/07/14 09:38:58 | 000,383,562 | RHS- | M] () – C:\bootmgr
[2010/01/14 10:05:27 | 000,008,192 | RHS- | M] () – C:\BOOTSECT.BAK
[2009/06/11 05:42:20 | 000,000,010 | ---- | M] () – C:\config.sys
[2009/11/12 03:28:12 | 000,004,497 | ---- | M] () – C:\ErrLog.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () – C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () – C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () – C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () – C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () – C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () – C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () – C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () – C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () – C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () – C:\globdata.ini
[2010/01/13 22:27:02 | 000,203,836 | RHS- | M] () – C:\grldr
[2010/07/26 09:08:06 | 2616,500,224 | -HS- | M] () – C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) – C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () – C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) – C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) – C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) – C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) – C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) – C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) – C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) – C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) – C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) – C:\install.res.3082.dll
[2009/06/15 21:39:03 | 000,000,000 | RHS- | M] () – C:\IO.SYS
[2009/06/15 21:39:03 | 000,000,000 | RHS- | M] () – C:\MSDOS.SYS
[2004/08/04 20:00:00 | 000,047,564 | RHS- | M] () – C:\NTDETECT.COM
[2004/08/04 20:00:00 | 000,250,032 | RHS- | M] () – C:\ntldr
[2010/07/26 09:08:12 | 3488,669,696 | -HS- | M] () – C:\pagefile.sys
[2009/06/15 22:44:09 | 000,000,046 | -H-- | M] () – C:\splash.idx
[2009/06/15 23:58:09 | 000,000,188 | ---- | M] () – C:\SSPPPoE.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () – C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () – C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () – C:\VC_RED.MSI
[2008/08/15 20:02:18 | 000,005,632 | -H-- | M] () – C:\version
[2010/01/13 22:27:04 | 000,000,000 | RHS- | M] () – C:\winx.ld

< %systemroot%\system32*.wt >

< %systemroot%\system32*.ruy >

< %systemroot%\Fonts*.com >
[2009/07/14 12:52:25 | 000,026,040 | ---- | M] () – C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 12:52:25 | 000,026,489 | ---- | M] () – C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 12:52:25 | 000,029,779 | ---- | M] () – C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 12:52:25 | 000,043,318 | ---- | M] () – C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts*.dll >

< %systemroot%\Fonts*.ini >
[2009/06/11 05:31:19 | 000,000,065 | ---- | M] () – C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86*.dll >
[2009/07/14 09:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/14 09:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR*.bak1 >

< %systemroot%\REPAIR*.ini >

< %systemroot%\system32*.jpg >

< %systemroot%*.scr >
[2010/06/29 04:57:33 | 000,038,848 | ---- | M] (ALWIL Software) – C:\Windows\avastSS.scr

< %systemroot%*._sy >

< %systemroot%*. /mp /s >

< %systemroot%\system32*.dll /lockedfiles >
[2009/07/14 09:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 – C:\Windows\System32\msvbvm60.dll

< %systemroot%\Tasks*.job /lockedfiles >

< %systemroot%\System32\config*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/07/14 09:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 – C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/14 09:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D – C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/14 09:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 – C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime: 2010-07-14 19:01:36

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes → C:\ProgramData\TEMP:1FF64EFC
@Alternate Data Stream - 1061 bytes → C:\Users\John\AppData\Local\C50NlxfWbo:W5zJG2paBN5jnvHgot5IV

< End of report >