Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Trojan:Win32/Alureon.gen

Started by amaury19 , Aug 01 2011 12:21 AM

  • This topic is locked This topic is locked

#1
amaury19
Posted 01 August 2011 - 12:21 AM

amaury19

    Member

  • Member
  • PipPip
  • 17 posts
Hi! SO lately my computers been acting weird. Internet Epxlorer opens by itself and shows several ads. Also some programs are crashing. I decided to do a scan with PC Tools SPyware Doctor and said my computer had a Trojan:Win32/Alureon.gen!U . It said that it was removed but I'm not sure and want to verify. I think the virus is still there because after it was supposedly deleted INternet Explorer kept opening by itself and showing ads. In case the Trojan:Win32/Alureon.gen!U is deleted then I need to know why so many pages of Internet Explorer are opening by themselves with ads. Also I tried to go to facebook and google and Google Chrome told me that the DNS changed and couldnt go, dont know if it has to with this. and should I change my passwords after this incident?

UPDATE**: Now my Windows Defender found a trojan win32/vundo. Help please??

Edited by amaury19, 01 August 2011 - 11:42 AM.

  • 0

Advertisements

#2
Essexboy
Posted 01 August 2011 - 12:58 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there - lets get some data first and work from there :)

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
amaury19
Posted 01 August 2011 - 02:22 PM

amaury19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thanks for the fast response and thannk you for your patience. The logs are attached.

OTL logfile created on: 8/1/2011 3:44:08 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Amaury\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.59% Memory free
4.22 Gb Paging File | 2.37 Gb Available in Paging File | 56.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 90.79 Gb Free Space | 30.46% Space Free | Partition Type: NTFS

Computer Name: AMAURY-PC | User Name: Amaury | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 15:41:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Amaury\Desktop\OTL.exe
PRC - [2011/07/31 19:48:34 | 000,183,296 | ---- | M] () -- C:\Windows\Zxamaa.exe
PRC - [2011/06/08 13:05:08 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/06/08 13:04:54 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/05/11 20:40:32 | 001,771,336 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2011/05/11 20:40:14 | 002,219,336 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2011/04/10 16:06:42 | 000,951,656 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2011/04/10 16:06:40 | 000,730,472 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2011/04/10 16:06:38 | 005,240,168 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2011/03/28 15:39:18 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/17 04:15:46 | 000,382,272 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011/03/07 22:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2011/03/01 10:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/01/11 19:04:04 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2009/11/18 13:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/06 15:29:22 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/10/28 20:59:48 | 000,065,536 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\Windows\System32\PrintCtrl.exe
PRC - [2009/05/26 21:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 22:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) -- C:\Windows\System32\lxdicoms.exe
PRC - [2007/06/11 10:14:42 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdiserv.exe


========== Modules (SafeList) ==========

MOD - [2011/08/01 15:41:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Amaury\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/29 13:59:27 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/06/08 13:05:08 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/06/08 13:04:54 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/05/11 20:40:32 | 001,771,336 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/04/10 16:06:38 | 005,240,168 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2011/03/07 22:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/03/01 10:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/06/18 21:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/10 20:37:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/06 15:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/28 20:59:48 | 000,065,536 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Running] -- C:\Windows\System32\PrintCtrl.exe -- (Printer Control)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/06/11 10:14:42 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV - [2011/06/08 13:05:52 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/04/10 16:07:03 | 000,182,896 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2011/04/10 16:07:03 | 000,014,448 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - [2011/03/28 16:46:18 | 000,233,024 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/01/11 19:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 19:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/09/14 09:16:06 | 000,108,480 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/07/09 13:18:54 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/16 12:33:38 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/11/09 12:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/06/26 17:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2008/10/22 04:05:22 | 000,066,560 | ---- | M] (SiGma Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SGCameraUVC.sys -- (SGCameraUVC)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/20 22:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1819901096-2604329303-824298377-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1819901096-2604329303-824298377-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:33554

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...GO&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Amaury\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1868.6292\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Amaury\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Amaury\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Amaury\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Amaury\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Amaury\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\SearchPredict\PRFireFox [2011/02/24 20:06:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2011/02/24 20:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/28 20:29:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 17:41:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Amaury\AppData\Roaming\Move Networks [2009/11/05 18:26:24 | 000,000,000 | ---D | M]

[2009/10/21 00:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Extensions
[2009/10/21 00:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/07/26 15:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions
[2011/02/24 20:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[2009/10/19 11:16:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/02 18:38:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/29 16:29:45 | 000,000,000 | ---D | M] (ooVoo Toolbar) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
[2009/10/14 23:00:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/30 12:15:51 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/05/30 12:17:42 | 000,000,000 | ---D | M] (Gamers Unite! Snag Bar) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}
[2010/06/14 19:59:27 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2011/02/19 11:53:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/31 17:37:38 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2009/10/29 16:56:53 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/03/06 16:04:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/10 17:07:25 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/12/29 00:55:39 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010/12/31 17:37:40 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\[email protected]
[2011/03/10 18:41:43 | 000,000,000 | ---D | M] (Geolocater) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\[email protected]
[2011/07/26 13:42:48 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\[email protected]
[2010/11/12 18:33:58 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\[email protected]
[2009/10/29 16:56:58 | 000,004,554 | ---- | M] () -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\searchplugins\aim-search.xml
[2011/07/26 13:42:48 | 000,001,919 | ---- | M] () -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\searchplugins\bing-zugo.xml
[2010/03/29 13:13:02 | 000,001,832 | ---- | M] () -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\searchplugins\bing.xml
[2010/03/29 15:16:34 | 000,010,017 | ---- | M] () -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\searchplugins\mywebsearch.xml
[2010/05/30 12:18:09 | 000,001,751 | ---- | M] () -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\searchplugins\search-the-web.xml
[2009/12/29 00:55:36 | 000,003,915 | ---- | M] () -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\searchplugins\sweetim.xml
[2011/07/26 15:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/17 12:56:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/06/22 17:41:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/30 14:08:34 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/12/17 13:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npkimi.dll
[2010/06/14 20:04:13 | 000,002,191 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/10/29 23:27:44 | 000,045,258 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Mp3Rocket.xml
[2010/10/29 23:27:44 | 000,045,238 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Mp3Rocket.xml.bak

O1 HOSTS File: ([2011/05/06 23:26:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files\oovootoolbar\oovootoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1819901096-2604329303-824298377-1000\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-1819901096-2604329303-824298377-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-21-1819901096-2604329303-824298377-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1819901096-2604329303-824298377-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1819901096-2604329303-824298377-1000..\Run: [8DDYX0ZBPZ] File not found
O4 - HKU\S-1-5-21-1819901096-2604329303-824298377-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Amaury\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011/03/10 12:19:31 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1819901096-2604329303-824298377-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1819901096-2604329303-824298377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Family%20Feud%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1049 (SonyOnlineInstallerX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Amaury\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Amaury\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 15:41:13 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Amaury\Desktop\OTL.exe
[2011/07/31 20:12:27 | 000,000,000 | ---D | C] -- C:\Users\Amaury\AppData\Local\Aspell
[2011/07/31 18:02:01 | 000,000,000 | ---D | C] -- C:\Users\Amaury\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/07/31 18:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011/07/31 16:35:03 | 000,000,000 | ---D | C] -- C:\Users\Amaury\Documents\Nero
[2011/07/28 19:16:07 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/07/28 18:54:03 | 000,098,304 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
[2011/07/28 18:53:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011/07/28 18:53:45 | 004,874,240 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2011/07/28 18:53:45 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2011/07/28 18:53:45 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2011/07/28 18:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/07/28 18:53:30 | 000,000,000 | ---D | C] -- C:\Users\Amaury\AppData\Roaming\WinBatch
[2011/07/26 13:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeRIP
[2011/07/26 13:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/07/26 13:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2011/07/26 13:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/07/25 13:42:03 | 000,000,000 | ---D | C] -- C:\Users\Amaury\Documents\Encuentro de Mujeres
[2011/07/08 12:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2010/11/26 11:20:43 | 000,311,296 | ---- | C] ( ) -- C:\Windows\System32\lxdihcp.dll
[2009/10/13 19:57:40 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2009/10/13 19:57:40 | 000,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2009/10/13 19:57:39 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2009/10/13 19:57:39 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2009/10/13 19:57:39 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2009/10/13 19:57:39 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2009/10/13 19:57:39 | 000,517,040 | ---- | C] ( ) -- C:\Windows\System32\lxdicoms.exe
[2009/10/13 19:57:39 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2009/10/13 19:57:39 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2009/10/13 19:57:39 | 000,340,912 | ---- | C] ( ) -- C:\Windows\System32\lxdicfg.exe
[2009/10/13 19:57:39 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2009/10/13 19:57:39 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdiih.exe
[2009/10/13 19:57:39 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[2009/10/13 19:57:39 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/01 15:54:24 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/08/01 15:51:27 | 000,218,624 | ---- | M] () -- C:\Users\Amaury\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/01 15:45:59 | 000,000,248 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/08/01 15:44:44 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/01 15:44:44 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/01 15:41:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Amaury\Desktop\OTL.exe
[2011/08/01 15:12:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/01 14:58:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1819901096-2604329303-824298377-1000UA.job
[2011/08/01 13:48:11 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/08/01 13:44:36 | 2135,416,832 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/01 02:06:14 | 000,000,903 | ---- | M] () -- C:\Users\Amaury\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/01 00:09:17 | 003,912,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/31 21:49:01 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/07/31 19:54:17 | 000,001,044 | ---- | M] () -- C:\Users\Amaury\AppData\Roaming\vso_ts_preview.xml
[2011/07/31 19:48:34 | 000,183,296 | ---- | M] () -- C:\Windows\Zxamaa.exe
[2011/07/31 18:01:57 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/07/31 12:58:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1819901096-2604329303-824298377-1000Core.job
[2011/07/26 13:45:07 | 000,000,090 | ---- | M] () -- C:\Windows\cdplayer.ini
[2011/07/26 13:43:11 | 000,001,492 | ---- | M] () -- C:\ProgramData\ss.ini
[2011/07/14 11:00:52 | 000,002,047 | ---- | M] () -- C:\Users\Amaury\Desktop\Google Chrome.lnk
[2011/07/14 11:00:52 | 000,002,009 | ---- | M] () -- C:\Users\Amaury\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/08 12:13:59 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/31 19:48:46 | 000,183,296 | ---- | C] () -- C:\Windows\Zxamaa.exe
[2011/07/31 19:48:37 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/07/31 19:48:36 | 000,000,248 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/07/31 19:06:18 | 000,000,976 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/07/31 19:04:39 | 000,000,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/07/31 19:04:11 | 000,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/07/31 19:02:43 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/07/31 19:02:32 | 000,001,300 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/07/31 19:01:45 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/07/31 18:01:57 | 000,000,884 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/07/31 18:01:57 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/07/28 18:54:24 | 000,000,553 | ---- | C] () -- C:\Windows\USetup.iss
[2011/07/26 13:43:28 | 000,000,090 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/07/26 13:43:11 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/07/08 12:13:59 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/06 23:03:10 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/06 23:03:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/06 23:03:10 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/06 23:03:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/06 23:03:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/28 20:29:14 | 000,007,887 | ---- | C] () -- C:\Users\Amaury\AppData\Roaming\pcouffin.cat
[2011/04/28 20:29:14 | 000,001,144 | ---- | C] () -- C:\Users\Amaury\AppData\Roaming\pcouffin.inf
[2011/04/28 20:23:28 | 000,001,044 | ---- | C] () -- C:\Users\Amaury\AppData\Roaming\vso_ts_preview.xml
[2011/03/07 00:33:44 | 001,391,616 | ---- | C] () -- C:\Windows\System32\ActPDF.dll
[2011/03/07 00:33:14 | 000,524,288 | ---- | C] () -- C:\Windows\System32\PrtPass.exe
[2011/03/07 00:33:13 | 000,691,200 | ---- | C] () -- C:\Windows\System32\PrintLog.exe
[2011/02/01 19:01:35 | 000,000,101 | ---- | C] () -- C:\Users\Amaury\AppData\Roaming\default.pls
[2011/02/01 19:01:02 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/11/26 11:20:43 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxdiinst.dll
[2010/10/23 12:19:18 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/08/27 17:21:10 | 000,000,014 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/08/23 16:30:58 | 000,000,277 | ---- | C] () -- C:\Windows\madagascar.ini
[2010/03/23 22:05:10 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/01/16 15:10:23 | 000,269,076 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/01/07 01:41:10 | 000,004,819 | ---- | C] () -- C:\ProgramData\lxdi
[2009/11/16 12:33:38 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/11/06 18:06:34 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2009/10/31 19:17:07 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/10/17 19:11:07 | 000,218,624 | ---- | C] () -- C:\Users\Amaury\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/15 16:37:37 | 000,000,680 | ---- | C] () -- C:\Users\Amaury\AppData\Local\d3d9caps.dat
[2009/10/14 16:17:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/10/14 00:36:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/14 00:35:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/14 00:35:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/10/13 19:57:41 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdidrs.dll
[2009/10/13 19:57:41 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdicnv4.dll
[2009/10/13 19:57:41 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdicaps.dll
[2009/10/13 19:57:40 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2009/10/13 19:57:40 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2009/10/13 19:57:39 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2008/03/25 16:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 003,912,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 008,118,362 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 002,725,776 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/09/04 13:26:51 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\7Wonders
[2009/10/29 16:56:46 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\acccore
[2011/03/06 23:14:24 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Ace
[2010/11/29 14:09:30 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Amazon
[2009/11/11 16:29:46 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\BeachPartyCraze
[2011/01/28 14:34:51 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/06 01:16:37 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Coby
[2010/01/06 01:22:38 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Coby Media Manager
[2010/05/20 20:58:43 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\CoffeeCup Software
[2011/07/31 18:02:01 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/07/12 13:02:36 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\com.adobe.ExMan
[2011/03/28 19:18:01 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\DAEMON Tools Pro
[2011/06/13 14:26:21 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Elluminate
[2011/02/27 20:04:26 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\FedEx
[2010/07/17 10:55:08 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\FedExDesktop.026F9BDCA0F141E500950436A5D33181EE6B8EF5.1
[2011/06/09 20:42:37 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\FrostWire
[2009/10/31 12:34:45 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\GameInvest
[2011/07/26 17:56:37 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\GetRightToGo
[2011/03/27 15:03:57 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Ice Age 2
[2011/03/07 00:46:00 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Iceni
[2011/06/08 16:41:00 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Image Zone Express
[2010/06/19 12:32:21 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\iWin
[2010/11/26 23:07:30 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Lexmark Productivity Studio
[2010/02/27 09:06:11 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Ludia
[2011/06/01 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\ManyCam
[2010/10/29 23:31:26 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\MP3Rocket
[2010/09/29 16:32:05 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\ooVoo Details
[2010/04/06 22:05:55 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\PlayFirst
[2009/12/19 13:34:08 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\SpinTop
[2010/11/11 15:22:28 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/01 15:55:00 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\uTorrent
[2011/02/09 16:07:59 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Visan
[2011/07/31 19:54:17 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Vso
[2009/10/27 23:36:15 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\WeatherBug
[2009/11/06 18:06:48 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\WebcamMax
[2010/08/23 17:08:42 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Wildfire
[2010/02/24 18:36:31 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\WildTangent
[2011/07/28 18:53:30 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\WinBatch
[2011/03/10 12:17:13 | 000,000,000 | RHSD | M] -- C:\Users\Amaury\AppData\Roaming\WinDir
[2010/07/11 16:22:18 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\WVGvGxMss4JTdtth6K
[2010/12/08 18:23:35 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\yYRWbaoe1voS5v92Rx
[2010/04/14 15:02:53 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\acccore
[2010/11/02 12:10:15 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Image Zone Express
[2010/09/28 15:06:51 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\LimeWire
[2010/06/15 19:45:40 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\MP3Rocket
[2009/11/08 13:32:01 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\WebcamMax
[2011/03/10 12:36:02 | 000,000,638 | ---- | M] () -- C:\Windows\Tasks\Install.job
[2011/08/01 13:43:35 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/31 21:49:01 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/08/01 15:45:59 | 000,000,248 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >


< MD5 for: EXPLORER.EXE >
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2006/05/05 14:09:10 | 000,995,896 | RHS- | M] (Google Inc.) MD5=8CE5274E996A69E49A6BF50C311BF3F3 -- C:\Users\Amaury\AppData\Roaming\WinDir\Svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/06 16:01:41 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/06 16:01:41 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/06 16:01:41 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/06 16:01:32 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/06 16:01:32 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/06 16:01:32 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Amaury\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Amaury\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Amaury\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Amaury\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 22:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 22:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 22:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/04/10 23:27:46 | 000,636,080 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/06 16:01:41 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/06 16:01:41 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/06 16:01:41 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/06 16:01:32 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/06 16:01:32 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/06 16:01:32 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Amaury\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Amaury\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Amaury\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Amaury\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 22:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 22:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 22:24:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/04/10 23:27:46 | 000,636,080 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7D6EC5BE
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:B7A22351
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:5E196FE2

< End of report >

Attached Files


  • 0

#4
amaury19
Posted 01 August 2011 - 02:31 PM

amaury19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
So just after I finished the scan I got this. Im worried now. SHould I delete those files? As you can see in the picture attached they are blurry and when I double click them it says 'access denied'. I didnt create those folders.

Attached Thumbnails

  • what.jpg

  • 0

#5
amaury19
Posted 01 August 2011 - 02:37 PM

amaury19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Does that mean that there's a hacker in my computer? Ive never accesed or even seen those files.
  • 0

#6
amaury19
Posted 01 August 2011 - 02:41 PM

amaury19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Oh, and by the way now the files disappeared from the location shown in the picture.
  • 0

#7
Essexboy
Posted 01 August 2011 - 03:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Those are system files/folders that OTL made visible whilst it was scanning

Did you install the two remote desktop programmes on your computer

Splashtop Inc
LogMeIn, Inc

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2011/07/31 19:48:34 | 000,183,296 | ---- | M] () -- C:\Windows\Zxamaa.exe
    IE - HKU\S-1-5-21-1819901096-2604329303-824298377-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:33554
    [2010/03/29 15:16:34 | 000,010,017 | ---- | M] () -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\searchplugins\mywebsearch.xml
    [2010/05/30 12:18:09 | 000,001,751 | ---- | M] () -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\searchplugins\search-the-web.xml
    O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O3 - HKU\S-1-5-21-1819901096-2604329303-824298377-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O4 - HKU\S-1-5-21-1819901096-2604329303-824298377-1000..\Run: [8DDYX0ZBPZ] File not found
    O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe ()
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    [2011/07/26 13:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
    [2011/08/01 15:45:59 | 000,000,248 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
    [2011/07/31 21:49:01 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2011/07/31 19:48:34 | 000,183,296 | ---- | M] () -- C:\Windows\Zxamaa.exe
    [2010/07/11 16:22:18 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\WVGvGxMss4JTdtth6K
    [2010/12/08 18:23:35 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\yYRWbaoe1voS5v92Rx
    [2011/03/10 12:36:02 | 000,000,638 | ---- | M] () -- C:\Windows\Tasks\Install.job

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [ZipFiles]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#8
amaury19
Posted 01 August 2011 - 03:58 PM

amaury19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thanks for your response once again. By the way, Log Me In and Splashtop were installed by me so no need to worry about that. Thank you for helping me delete these trojans (: I will post the logs in a second.
  • 0

#9
amaury19
Posted 01 August 2011 - 05:52 PM

amaury19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here's the log with Malwarebytes


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7350

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

8/1/2011 7:51:13 PM
mbam-log-2011-08-01 (19-51-13).txt

Scan type: Quick scan
Objects scanned: 216929
Time elapsed: 13 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ZU6RKI1ONY (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\internet explorer\d2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Amaury\AppData\Local\Temp\filehunter-win32.exe (Adware.BHO) -> Quarantined and deleted successfully.
c:\Users\Amaury\AppData\Roaming\WinDir\Svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  • 0

#10
amaury19
Posted 01 August 2011 - 06:00 PM

amaury19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Heres the quick scan log. Thank you (:

OTL logfile created on: 8/1/2011 7:20:41 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Amaury\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 36.42% Memory free
4.22 Gb Paging File | 2.70 Gb Available in Paging File | 63.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 90.35 Gb Free Space | 30.31% Space Free | Partition Type: NTFS

Computer Name: AMAURY-PC | User Name: Amaury | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 15:41:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Amaury\Desktop\OTL.exe
PRC - [2011/06/08 13:05:08 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/06/08 13:04:54 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/05/11 20:40:32 | 001,771,336 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2011/05/11 20:40:14 | 002,219,336 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2011/04/10 16:06:42 | 000,951,656 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2011/04/10 16:06:40 | 000,730,472 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2011/04/10 16:06:38 | 005,240,168 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2011/03/28 15:39:18 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/07 22:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2011/03/01 10:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2009/11/18 13:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/06 15:29:22 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/10/28 20:59:48 | 000,065,536 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\Windows\System32\PrintCtrl.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) -- C:\Windows\System32\lxdicoms.exe
PRC - [2007/06/11 10:14:42 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdiserv.exe


========== Modules (SafeList) ==========

MOD - [2011/08/01 15:41:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Amaury\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/29 13:59:27 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/06/08 13:05:08 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/06/08 13:04:54 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/05/11 20:40:32 | 001,771,336 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/04/10 16:06:38 | 005,240,168 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2011/03/07 22:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/03/01 10:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/06/18 21:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/10 20:37:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/06 15:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/28 20:59:48 | 000,065,536 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Running] -- C:\Windows\System32\PrintCtrl.exe -- (Printer Control)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/11 10:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/06/11 10:14:42 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV - [2011/06/08 13:05:52 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/04/10 16:07:03 | 000,182,896 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2011/04/10 16:07:03 | 000,014,448 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - [2011/03/28 16:46:18 | 000,233,024 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/01/11 19:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 19:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/09/14 09:16:06 | 000,108,480 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/07/09 13:18:54 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/16 12:33:38 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/11/09 12:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/06/26 17:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2008/10/22 04:05:22 | 000,066,560 | ---- | M] (SiGma Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SGCameraUVC.sys -- (SGCameraUVC)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/20 22:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...GO&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Amaury\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1868.6292\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Amaury\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Amaury\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Amaury\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Amaury\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Amaury\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\SearchPredict\PRFireFox [2011/02/24 20:06:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2011/02/24 20:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/28 20:29:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 17:41:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Amaury\AppData\Roaming\Move Networks [2009/11/05 18:26:24 | 000,000,000 | ---D | M]

[2009/10/21 00:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Extensions
[2009/10/21 00:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/07/26 15:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions
[2011/02/24 20:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[2009/10/19 11:16:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/02 18:38:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/29 16:29:45 | 000,000,000 | ---D | M] (ooVoo Toolbar) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
[2009/10/14 23:00:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/30 12:15:51 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/05/30 12:17:42 | 000,000,000 | ---D | M] (Gamers Unite! Snag Bar) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}
[2010/06/14 19:59:27 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2011/02/19 11:53:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/31 17:37:38 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2009/10/29 16:56:53 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/03/06 16:04:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/10 17:07:25 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/12/29 00:55:39 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010/12/31 17:37:40 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\[email protected]
[2011/03/10 18:41:43 | 000,000,000 | ---D | M] (Geolocater) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\[email protected]
[2011/07/26 13:42:48 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\[email protected]
[2010/11/12 18:33:58 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\extensions\[email protected]
[2009/10/29 16:56:58 | 000,004,554 | ---- | M] () -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\searchplugins\aim-search.xml
[2011/07/26 13:42:48 | 000,001,919 | ---- | M] () -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\searchplugins\bing-zugo.xml
[2010/03/29 13:13:02 | 000,001,832 | ---- | M] () -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\searchplugins\bing.xml
[2009/12/29 00:55:36 | 000,003,915 | ---- | M] () -- C:\Users\Amaury\AppData\Roaming\Mozilla\Firefox\Profiles\t8zecoa9.default\searchplugins\sweetim.xml
[2011/07/26 15:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/17 12:56:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/06/22 17:41:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/30 14:08:34 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/12/17 13:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npkimi.dll
[2010/06/14 20:04:13 | 000,002,191 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/10/29 23:27:44 | 000,045,258 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Mp3Rocket.xml
[2010/10/29 23:27:44 | 000,045,238 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Mp3Rocket.xml.bak

O1 HOSTS File: ([2011/08/01 18:58:25 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files\oovootoolbar\oovootoolbarX.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Amaury\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011/03/10 12:19:31 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Family%20Feud%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1049 (SonyOnlineInstallerX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Amaury\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Amaury\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 19:23:54 | 000,000,000 | ---D | C] -- C:\Users\Amaury\AppData\Roaming\Malwarebytes
[2011/08/01 19:23:41 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/01 19:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/01 19:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/01 19:23:36 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/01 19:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/01 18:57:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/01 16:11:07 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Amaury\Desktop\aswMBR.exe
[2011/08/01 15:41:13 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Amaury\Desktop\OTL.exe
[2011/07/31 20:12:27 | 000,000,000 | ---D | C] -- C:\Users\Amaury\AppData\Local\Aspell
[2011/07/31 18:02:01 | 000,000,000 | ---D | C] -- C:\Users\Amaury\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/07/31 18:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011/07/31 16:35:03 | 000,000,000 | ---D | C] -- C:\Users\Amaury\Documents\Nero
[2011/07/28 19:16:07 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/07/28 18:54:03 | 000,098,304 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
[2011/07/28 18:53:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011/07/28 18:53:45 | 004,874,240 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2011/07/28 18:53:45 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2011/07/28 18:53:45 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2011/07/28 18:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/07/28 18:53:30 | 000,000,000 | ---D | C] -- C:\Users\Amaury\AppData\Roaming\WinBatch
[2011/07/26 13:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeRIP
[2011/07/26 13:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2011/07/26 13:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/07/25 13:42:03 | 000,000,000 | ---D | C] -- C:\Users\Amaury\Documents\Encuentro de Mujeres
[2011/07/08 12:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2010/11/26 11:20:43 | 000,311,296 | ---- | C] ( ) -- C:\Windows\System32\lxdihcp.dll
[2009/10/13 19:57:40 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2009/10/13 19:57:40 | 000,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2009/10/13 19:57:39 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2009/10/13 19:57:39 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2009/10/13 19:57:39 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2009/10/13 19:57:39 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2009/10/13 19:57:39 | 000,517,040 | ---- | C] ( ) -- C:\Windows\System32\lxdicoms.exe
[2009/10/13 19:57:39 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2009/10/13 19:57:39 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2009/10/13 19:57:39 | 000,340,912 | ---- | C] ( ) -- C:\Windows\System32\lxdicfg.exe
[2009/10/13 19:57:39 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2009/10/13 19:57:39 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdiih.exe
[2009/10/13 19:57:39 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[2009/10/13 19:57:39 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/01 19:23:41 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/01 19:18:28 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/08/01 19:15:20 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/01 19:15:20 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/01 19:15:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/01 19:15:08 | 2137,485,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/01 18:58:25 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/08/01 18:58:12 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1819901096-2604329303-824298377-1000UA.job
[2011/08/01 18:39:38 | 000,001,044 | ---- | M] () -- C:\Users\Amaury\AppData\Roaming\vso_ts_preview.xml
[2011/08/01 17:51:55 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/08/01 17:48:57 | 000,222,208 | ---- | M] () -- C:\Users\Amaury\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/01 16:26:06 | 000,000,081 | ---- | M] () -- C:\Users\Amaury\AppData\Roaming\default.pls
[2011/08/01 16:12:22 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Amaury\Desktop\aswMBR.exe
[2011/08/01 15:41:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Amaury\Desktop\OTL.exe
[2011/08/01 02:06:14 | 000,000,903 | ---- | M] () -- C:\Users\Amaury\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/01 00:09:17 | 003,912,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/31 18:01:57 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/07/31 12:58:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1819901096-2604329303-824298377-1000Core.job
[2011/07/26 13:45:07 | 000,000,090 | ---- | M] () -- C:\Windows\cdplayer.ini
[2011/07/26 13:43:11 | 000,001,492 | ---- | M] () -- C:\ProgramData\ss.ini
[2011/07/14 11:00:52 | 000,002,047 | ---- | M] () -- C:\Users\Amaury\Desktop\Google Chrome.lnk
[2011/07/14 11:00:52 | 000,002,009 | ---- | M] () -- C:\Users\Amaury\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/08 12:13:59 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/01 19:23:41 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/31 19:06:18 | 000,000,976 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/07/31 19:04:39 | 000,000,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/07/31 19:04:11 | 000,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/07/31 19:02:43 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/07/31 19:02:32 | 000,001,300 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/07/31 19:01:45 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/07/31 18:01:57 | 000,000,884 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/07/31 18:01:57 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/07/28 18:54:24 | 000,000,553 | ---- | C] () -- C:\Windows\USetup.iss
[2011/07/26 13:43:28 | 000,000,090 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/07/26 13:43:11 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/07/08 12:13:59 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/06 23:03:10 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/06 23:03:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/06 23:03:10 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/06 23:03:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/06 23:03:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/28 20:29:14 | 000,007,887 | ---- | C] () -- C:\Users\Amaury\AppData\Roaming\pcouffin.cat
[2011/04/28 20:29:14 | 000,001,144 | ---- | C] () -- C:\Users\Amaury\AppData\Roaming\pcouffin.inf
[2011/04/28 20:23:28 | 000,001,044 | ---- | C] () -- C:\Users\Amaury\AppData\Roaming\vso_ts_preview.xml
[2011/03/07 00:33:44 | 001,391,616 | ---- | C] () -- C:\Windows\System32\ActPDF.dll
[2011/03/07 00:33:14 | 000,524,288 | ---- | C] () -- C:\Windows\System32\PrtPass.exe
[2011/03/07 00:33:13 | 000,691,200 | ---- | C] () -- C:\Windows\System32\PrintLog.exe
[2011/02/01 19:01:35 | 000,000,081 | ---- | C] () -- C:\Users\Amaury\AppData\Roaming\default.pls
[2011/02/01 19:01:02 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/11/26 11:20:43 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxdiinst.dll
[2010/10/23 12:19:18 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/08/27 17:21:10 | 000,000,014 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/08/23 16:30:58 | 000,000,277 | ---- | C] () -- C:\Windows\madagascar.ini
[2010/03/23 22:05:10 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/01/16 15:10:23 | 000,269,076 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/01/07 01:41:10 | 000,004,819 | ---- | C] () -- C:\ProgramData\lxdi
[2009/11/16 12:33:38 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/11/06 18:06:34 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2009/10/31 19:17:07 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/10/17 19:11:07 | 000,222,208 | ---- | C] () -- C:\Users\Amaury\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/15 16:37:37 | 000,000,680 | ---- | C] () -- C:\Users\Amaury\AppData\Local\d3d9caps.dat
[2009/10/14 16:17:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/10/14 00:36:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/14 00:35:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/14 00:35:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/10/13 19:57:41 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdidrs.dll
[2009/10/13 19:57:41 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdicnv4.dll
[2009/10/13 19:57:41 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdicaps.dll
[2009/10/13 19:57:40 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2009/10/13 19:57:40 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2009/10/13 19:57:39 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2008/03/25 16:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 003,912,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 008,118,362 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 002,725,776 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/09/04 13:26:51 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\7Wonders
[2009/10/29 16:56:46 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\acccore
[2011/03/06 23:14:24 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Ace
[2010/11/29 14:09:30 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Amazon
[2009/11/11 16:29:46 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\BeachPartyCraze
[2011/01/28 14:34:51 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/06 01:16:37 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Coby
[2010/01/06 01:22:38 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Coby Media Manager
[2010/05/20 20:58:43 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\CoffeeCup Software
[2011/07/31 18:02:01 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/07/12 13:02:36 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\com.adobe.ExMan
[2011/03/28 19:18:01 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\DAEMON Tools Pro
[2011/06/13 14:26:21 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Elluminate
[2011/02/27 20:04:26 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\FedEx
[2010/07/17 10:55:08 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\FedExDesktop.026F9BDCA0F141E500950436A5D33181EE6B8EF5.1
[2011/06/09 20:42:37 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\FrostWire
[2009/10/31 12:34:45 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\GameInvest
[2011/07/26 17:56:37 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\GetRightToGo
[2011/03/27 15:03:57 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Ice Age 2
[2011/03/07 00:46:00 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Iceni
[2011/06/08 16:41:00 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Image Zone Express
[2010/06/19 12:32:21 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\iWin
[2010/11/26 23:07:30 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Lexmark Productivity Studio
[2010/02/27 09:06:11 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Ludia
[2011/06/01 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\ManyCam
[2010/10/29 23:31:26 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\MP3Rocket
[2010/09/29 16:32:05 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\ooVoo Details
[2010/04/06 22:05:55 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\PlayFirst
[2009/12/19 13:34:08 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\SpinTop
[2010/11/11 15:22:28 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/01 19:29:24 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\uTorrent
[2011/02/09 16:07:59 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Visan
[2011/08/01 18:39:39 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Vso
[2009/10/27 23:36:15 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\WeatherBug
[2009/11/06 18:06:48 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\WebcamMax
[2010/08/23 17:08:42 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\Wildfire
[2010/02/24 18:36:31 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\WildTangent
[2011/07/28 18:53:30 | 000,000,000 | ---D | M] -- C:\Users\Amaury\AppData\Roaming\WinBatch
[2011/03/10 12:17:13 | 000,000,000 | RHSD | M] -- C:\Users\Amaury\AppData\Roaming\WinDir
[2011/08/01 19:08:22 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7D6EC5BE
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:B7A22351
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:5E196FE2

< End of report >

Attached Files

  • Attached File  OTL.Txt   82.6KB   119 downloads

  • 0

Advertisements

#11
Essexboy
Posted 02 August 2011 - 11:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving at the moment ? What problems do you have
  • 0

#12
amaury19
Posted 02 August 2011 - 02:09 PM

amaury19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
No more pages are opening automatically. (: The comp. is a little slow when you log in. The icons in the screen take a little time to appear and this comes out when I try to open several programs a dialo box come up saying An Unidentified Program wants to access your computer. Cancel/Allow.
  • 0

#13
amaury19
Posted 02 August 2011 - 02:10 PM

amaury19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
How do you see the log though? Does it look good?
  • 0

#14
amaury19
Posted 02 August 2011 - 02:16 PM

amaury19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Oh, the programs that are doing that when I want to open them (the dialog box opening asking me if I want to open the "unidentified program") are OTl, aswMBR, and MalwareBytes.
  • 0

#15
Essexboy
Posted 02 August 2011 - 02:20 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What programme is asking the question - is it PCTools ?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP