Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Do I have a Virus?

Started by dee50 , Nov 17 2012 09:19 AM

  • Please log in to reply

#1
dee50
Posted 17 November 2012 - 09:19 AM

dee50

    New Member

  • Member
  • Pip
  • 1 posts
My connection monitor shows a constant trickle of data downloading to my laptop, Bytes not kilobytes, this occurs with no browsers open, my anti virus disabled nothing else running, as far as I know. TCPview shows only one connection having received data and the numbers do not change even after 10 minutes. I have run malwarebytes and avast antivirus, which come up with nothing. I have scanned all my ports, the result via GRC is that all my ports are either closed or in stealth mode. So I have to say I am completely baffled.

Is this the activity of a virus, constantly downloading tiny chunks of data and uploading microscopics bits of data??

You help would be greatly appreciated.tcp.png

OTL logfile created on: 17/11/2012 16:32:53 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dee\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.02% Memory free
6.19 Gb Paging File | 5.55 Gb Available in Paging File | 89.60% Paging File free
Paging file location(s): d:\pagefile.sys 3370 3370 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 108.83 Gb Free Space | 73.02% Space Free | Partition Type: NTFS
Drive D: | 100.21 Gb Total Space | 13.27 Gb Free Space | 13.24% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 23.40 Gb Free Space | 59.90% Space Free | Partition Type: NTFS

Computer Name: WORK-PC | User Name: Dee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/17 15:14:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dee\Desktop\OTL.exe
PRC - [2012/10/30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/09 17:14:06 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008/02/01 23:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2008/01/23 18:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007/12/04 18:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007/11/05 03:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007/10/03 05:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe
PRC - [2007/08/15 19:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2008/03/28 17:19:11 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AcrSch2Svc)
SRV - [2012/11/14 08:54:28 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/12 14:32:06 | 000,866,576 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011/01/12 14:13:16 | 000,481,552 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 05:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007/08/08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV - [2012/10/30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/10/30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/02 07:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 07:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 07:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/01/19 01:20:10 | 006,923,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32)
DRV - [2010/03/25 09:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/03/20 10:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2010/03/20 09:28:12 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/01/20 06:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/08/28 22:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/03/28 19:24:17 | 003,544,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/25 00:39:23 | 001,090,304 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007/10/01 22:59:45 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007/08/09 04:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 19:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 18:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/06/17 05:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007/01/25 02:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007/01/09 09:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/12/14 23:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.5
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:7.3.8
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 17:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/17 08:47:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 17:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/17 08:47:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 17:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/17 08:47:49 | 000,000,000 | ---D | M]

[2010/11/21 19:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dee\AppData\Roaming\Mozilla\Extensions
[2010/11/21 19:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dee\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/06/14 16:05:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\47kia9hk.default\extensions
[2012/05/19 14:20:21 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\47kia9hk.default\extensions\[email protected]
[2012/06/14 15:31:39 | 000,336,363 | ---- | M] () (No name found) -- C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\47kia9hk.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2011/10/16 14:52:55 | 000,627,675 | ---- | M] () (No name found) -- C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\47kia9hk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/22 18:08:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/09 17:05:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[1999/12/31 16:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/09/09 17:05:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/09 17:05:48 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/16 21:14:05 | 000,000,754 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 hcurltest2
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all with Free Download Manager - d:\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - d:\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - d:\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - d:\Free Download Manager\dllink.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00452FD9-DF6C-4ABF-B264-DDBC54C672CB}: DhcpNameServer = 212.166.132.110 212.73.32.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BEE3AB2-1B89-4DD6-BC51-B1A2EA391E71}: DhcpNameServer = 195.230.105.134 195.230.105.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E4EE911-3F7E-4A09-B83B-3E950EF7A2F0}: NameServer = 88.82.192.242,88.82.200.242
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F91E35B-1255-4FE6-886C-C23F259BADF4}: NameServer = 88.82.192.242,88.82.200.242
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/03/11 13:26:50 | 000,000,000 | ---D | M] - D:\Autoruns -- [ NTFS ]
O33 - MountPoints2\{0957803e-0dce-11e0-b640-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{0957803e-0dce-11e0-b640-001e101f2b52}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe
O33 - MountPoints2\{0f18d586-bdd5-11e0-846e-ad3f0a0a6323}\Shell - "" = AutoRun
O33 - MountPoints2\{0f18d586-bdd5-11e0-846e-ad3f0a0a6323}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0f18d592-bdd5-11e0-846e-e2e215ce8ea8}\Shell - "" = AutoRun
O33 - MountPoints2\{0f18d592-bdd5-11e0-846e-e2e215ce8ea8}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1b0b1dbb-6075-11e0-a113-e2e90e8c0594}\Shell - "" = AutoRun
O33 - MountPoints2\{1b0b1dbb-6075-11e0-a113-e2e90e8c0594}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{28e8ccbb-4e42-11e0-93db-b9ff11b6a16b}\Shell - "" = AutoRun
O33 - MountPoints2\{28e8ccbb-4e42-11e0-93db-b9ff11b6a16b}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{28e8ccdc-4e42-11e0-93db-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{28e8ccdc-4e42-11e0-93db-001e101fb4df}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{28e8ccdf-4e42-11e0-93db-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{28e8ccdf-4e42-11e0-93db-001e101fb4df}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2916d8e5-0d85-11de-82b0-002354755409}\Shell - "" = AutoRun
O33 - MountPoints2\{2916d8ec-0d85-11de-82b0-002354755409}\Shell - "" = AutoRun
O33 - MountPoints2\{2916d8ec-0d85-11de-82b0-002354755409}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{40214d06-0e31-11de-a5cb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{40214d31-0e31-11de-a5cb-002354755409}\Shell - "" = AutoRun
O33 - MountPoints2\{40214d31-0e31-11de-a5cb-002354755409}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{46aae815-c7df-11df-9b96-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{46aae815-c7df-11df-9b96-806e6f6e6963}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{5e19cd43-0d18-11e0-97da-ff0ef41060ea}\Shell - "" = AutoRun
O33 - MountPoints2\{5e19cd43-0d18-11e0-97da-ff0ef41060ea}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{5e19cd48-0d18-11e0-97da-ff0ef41060ea}\Shell - "" = AutoRun
O33 - MountPoints2\{5e19cd48-0d18-11e0-97da-ff0ef41060ea}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{5e19cd5c-0d18-11e0-97da-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{5e19cd5c-0d18-11e0-97da-001e101fb4df}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{5e19cd70-0d18-11e0-97da-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{5e19cd70-0d18-11e0-97da-001e101f50a4}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{5e19cd72-0d18-11e0-97da-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{5e19cd72-0d18-11e0-97da-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{683f505b-9f37-11e0-b7f5-9c59d89367fd}\Shell - "" = AutoRun
O33 - MountPoints2\{683f505b-9f37-11e0-b7f5-9c59d89367fd}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{683f5066-9f37-11e0-b7f5-f92f2d6613a5}\Shell - "" = AutoRun
O33 - MountPoints2\{683f5066-9f37-11e0-b7f5-f92f2d6613a5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{91a4ce36-bde5-11e0-b33d-b0377fafcb78}\Shell - "" = AutoRun
O33 - MountPoints2\{91a4ce36-bde5-11e0-b33d-b0377fafcb78}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a6547a57-c73b-11df-a182-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a6547a57-c73b-11df-a182-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a6547ac8-c73b-11df-a182-f3fdc5f0e9fd}\Shell - "" = AutoRun
O33 - MountPoints2\{a6547ac8-c73b-11df-a182-f3fdc5f0e9fd}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ac35ae9c-0783-11e0-940a-8c6fb6acdbeb}\Shell - "" = AutoRun
O33 - MountPoints2\{ac35ae9c-0783-11e0-940a-8c6fb6acdbeb}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{ace5f315-06cd-11e0-a55d-fe58cbb551d5}\Shell - "" = AutoRun
O33 - MountPoints2\{ace5f315-06cd-11e0-a55d-fe58cbb551d5}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ace5f330-06cd-11e0-a55d-9eca241bec83}\Shell - "" = AutoRun
O33 - MountPoints2\{ace5f330-06cd-11e0-a55d-9eca241bec83}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ace5f33d-06cd-11e0-a55d-ba66614c5fda}\Shell - "" = AutoRun
O33 - MountPoints2\{ace5f33d-06cd-11e0-a55d-ba66614c5fda}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{baa3ea70-5f9c-11e0-8bf7-daeae7df83dd}\Shell - "" = AutoRun
O33 - MountPoints2\{baa3ea70-5f9c-11e0-8bf7-daeae7df83dd}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f2cedc28-c7e1-11df-9cf4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f2cedc28-c7e1-11df-9cf4-806e6f6e6963}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{f3cdb49a-0d06-11e0-bc23-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{f3cdb49a-0d06-11e0-bc23-001e101f8ed0}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe
O33 - MountPoints2\{f3cdb49f-0d06-11e0-bc23-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{f3cdb49f-0d06-11e0-bc23-001e101f8ed0}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{fe80f1f8-bdcc-11e0-acc3-aa52481f5ba4}\Shell - "" = AutoRun
O33 - MountPoints2\{fe80f1f8-bdcc-11e0-acc3-aa52481f5ba4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/17 15:14:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dee\Desktop\OTL.exe
[2012/11/17 14:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftPerfect
[2012/11/17 14:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
[2012/11/17 12:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Local Port Scanner
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/17 16:19:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/17 16:04:56 | 000,050,803 | ---- | M] () -- C:\Users\Dee\Documents\tcp.png
[2012/11/17 15:14:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dee\Desktop\OTL.exe
[2012/11/17 14:39:43 | 000,644,836 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/17 14:39:43 | 000,127,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/17 14:34:38 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/11/17 14:34:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/17 14:34:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/17 14:34:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/17 13:51:48 | 000,000,516 | ---- | M] () -- C:\Users\Dee\Desktop\Tcpview.lnk
[2012/11/17 12:16:36 | 000,000,733 | ---- | M] () -- C:\Users\Dee\Desktop\LPS.lnk
[2012/11/17 11:31:07 | 000,386,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/16 21:14:05 | 000,000,754 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/16 17:09:03 | 000,054,134 | ---- | M] () -- C:\Users\Dee\Documents\HD +34 RD +10.png
[2012/11/16 17:08:14 | 000,054,134 | ---- | M] () -- C:\Users\Dee\Documents\Quick +10.png
[2012/11/16 17:04:21 | 000,054,043 | ---- | M] () -- C:\Users\Dee\Documents\BrHD.png
[2012/11/16 16:16:19 | 000,097,866 | ---- | M] () -- C:\Users\Dee\Documents\TP +34.png
[2012/11/16 15:57:05 | 000,098,600 | ---- | M] () -- C:\Users\Dee\Documents\Runner r not.png
[2012/11/16 15:32:17 | 000,002,417 | ---- | M] () -- C:\Users\Public\Desktop\NinjaTrader 7.lnk
[2012/11/15 17:38:57 | 000,047,078 | ---- | M] () -- C:\Users\Dee\Documents\A Little bit More.png
[2012/11/15 17:18:30 | 000,045,335 | ---- | M] () -- C:\Users\Dee\Documents\TDI 15 11 +43.png
[2012/11/15 11:45:16 | 000,083,661 | ---- | M] () -- C:\Users\Dee\Documents\14 11 crap.png
[2012/11/14 19:42:00 | 000,043,971 | ---- | M] () -- C:\Users\Dee\Documents\HD Fakeout.png
[2012/11/13 11:43:33 | 000,064,506 | ---- | M] () -- C:\Users\Dee\Documents\R div +10.png
[2012/11/13 10:54:56 | 000,032,993 | ---- | M] () -- C:\Users\Dee\Documents\R Div + PA.png
[2012/11/12 16:30:44 | 000,104,287 | ---- | M] () -- C:\Users\Dee\Documents\3 CHANCES.png
[2012/11/12 15:48:49 | 000,099,499 | ---- | M] () -- C:\Users\Dee\Documents\easy.png
[2012/11/12 11:50:56 | 000,498,855 | ---- | M] () -- C:\Users\Dee\Desktop\Divergence Hidden Divergence Fibos(1).pdf
[2012/11/12 11:28:38 | 000,040,712 | ---- | M] () -- C:\Users\Dee\Documents\Hidden.png
[2012/11/11 18:01:30 | 000,188,342 | ---- | M] () -- C:\Users\Dee\Desktop\Craig Harris Method.pdf
[2012/11/07 12:45:04 | 000,093,713 | ---- | M] () -- C:\Users\Dee\Documents\7 11 44pips.png
[2012/11/05 15:16:45 | 000,095,067 | ---- | M] () -- C:\Users\Dee\Documents\+45.png
[2012/11/05 14:21:38 | 000,089,001 | ---- | M] () -- C:\Users\Dee\Documents\5 11 45pip.png
[2012/11/02 18:24:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/11/01 16:31:26 | 000,047,559 | ---- | M] () -- C:\Users\Dee\Documents\1 11 pm.png
[2012/11/01 11:02:47 | 000,093,359 | ---- | M] () -- C:\Users\Dee\Documents\1 11 2 trades.png
[2012/10/30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/10/30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/10/30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/10/30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/10/30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/10/30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/17 16:04:56 | 000,050,803 | ---- | C] () -- C:\Users\Dee\Documents\tcp.png
[2012/11/17 12:16:44 | 000,000,733 | ---- | C] () -- C:\Users\Dee\Desktop\LPS.lnk
[2012/11/17 11:30:58 | 000,386,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/16 17:09:03 | 000,054,134 | ---- | C] () -- C:\Users\Dee\Documents\HD +34 RD +10.png
[2012/11/16 17:08:14 | 000,054,134 | ---- | C] () -- C:\Users\Dee\Documents\Quick +10.png
[2012/11/16 17:04:21 | 000,054,043 | ---- | C] () -- C:\Users\Dee\Documents\BrHD.png
[2012/11/16 16:13:26 | 000,097,866 | ---- | C] () -- C:\Users\Dee\Documents\TP +34.png
[2012/11/16 15:57:05 | 000,098,600 | ---- | C] () -- C:\Users\Dee\Documents\Runner r not.png
[2012/11/16 15:55:36 | 000,065,422 | ---- | C] () -- C:\Users\Dee\Desktop\Tendencies & 18 Principles.pdf
[2012/11/15 17:38:57 | 000,047,078 | ---- | C] () -- C:\Users\Dee\Documents\A Little bit More.png
[2012/11/15 17:18:30 | 000,045,335 | ---- | C] () -- C:\Users\Dee\Documents\TDI 15 11 +43.png
[2012/11/15 11:45:16 | 000,083,661 | ---- | C] () -- C:\Users\Dee\Documents\14 11 crap.png
[2012/11/14 19:38:45 | 000,043,971 | ---- | C] () -- C:\Users\Dee\Documents\HD Fakeout.png
[2012/11/13 18:20:16 | 000,188,342 | ---- | C] () -- C:\Users\Dee\Desktop\Craig Harris Method.pdf
[2012/11/13 17:49:07 | 000,498,855 | ---- | C] () -- C:\Users\Dee\Desktop\Divergence Hidden Divergence Fibos(1).pdf
[2012/11/13 11:43:32 | 000,064,506 | ---- | C] () -- C:\Users\Dee\Documents\R div +10.png
[2012/11/13 10:54:56 | 000,032,993 | ---- | C] () -- C:\Users\Dee\Documents\R Div + PA.png
[2012/11/12 16:30:43 | 000,104,287 | ---- | C] () -- C:\Users\Dee\Documents\3 CHANCES.png
[2012/11/12 15:48:49 | 000,099,499 | ---- | C] () -- C:\Users\Dee\Documents\easy.png
[2012/11/12 11:28:38 | 000,040,712 | ---- | C] () -- C:\Users\Dee\Documents\Hidden.png
[2012/11/07 12:45:04 | 000,093,713 | ---- | C] () -- C:\Users\Dee\Documents\7 11 44pips.png
[2012/11/05 15:16:44 | 000,095,067 | ---- | C] () -- C:\Users\Dee\Documents\+45.png
[2012/11/05 14:21:38 | 000,089,001 | ---- | C] () -- C:\Users\Dee\Documents\5 11 45pip.png
[2012/11/01 16:31:26 | 000,047,559 | ---- | C] () -- C:\Users\Dee\Documents\1 11 pm.png
[2012/11/01 11:02:47 | 000,093,359 | ---- | C] () -- C:\Users\Dee\Documents\1 11 2 trades.png
[2012/09/12 06:40:52 | 000,086,016 | ---- | C] () -- C:\Windows\System32\NtDirect.dll
[2012/09/09 17:07:23 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/09/09 17:07:23 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/02/14 18:41:30 | 000,060,304 | ---- | C] () -- C:\Users\Dee\g2mdlhlpx.exe
[2011/10/26 17:35:48 | 000,000,680 | ---- | C] () -- C:\Users\Dee\AppData\Local\d3d9caps.dat
[2011/09/13 16:10:04 | 000,000,066 | ---- | C] () -- C:\Windows\drD3D.ini
[2011/03/16 22:07:16 | 000,000,174 | ---- | C] () -- C:\Windows\T3_uninstall.ini
[2011/01/04 17:50:38 | 000,000,652 | ---- | C] () -- C:\Users\Dee\AppData\Roaming\burnaware.ini
[2010/11/27 13:53:01 | 000,295,565 | ---- | C] () -- C:\Windows\System32\shimg.dll
[2010/04/15 13:09:51 | 000,000,329 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/03/10 12:35:14 | 000,012,288 | ---- | C] () -- C:\Users\Dee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/04/10 22:28:26 | 011,584,000 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/04/07 10:45:09 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Acronis
[2011/06/06 13:10:33 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Agwo
[2012/09/23 11:48:08 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\AnvSoft
[2010/07/12 17:49:41 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Any Video Converter
[2010/12/25 19:29:33 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Auslogics
[2010/09/22 15:50:09 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\AVG9
[2012/07/29 11:35:47 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Canneverbe Limited
[2011/11/12 16:56:02 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\DMCache
[2012/09/02 14:51:37 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Emmi
[2012/11/14 18:34:38 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Free Download Manager
[2011/11/15 15:29:30 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\GlarySoft
[2009/05/13 11:56:13 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\HTML Executable
[2012/04/08 11:33:44 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Leadertech
[2012/04/13 15:31:03 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\MetaQuotes
[2011/10/16 17:27:49 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\MobilityFlow
[2009/04/10 17:54:31 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\OpenOffice.org
[2012/06/08 16:36:33 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\picpick
[2009/06/09 11:34:00 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\PRMT
[2009/06/09 12:05:53 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\PROject MT
[2009/11/23 23:28:22 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\SoundSpectrum
[2011/06/09 15:08:57 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Thunderbird

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

Edited by dee50, 17 November 2012 - 09:41 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP