Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32:Malware-gen Need help to remove.

Started by goddi , Sep 28 2011 09:33 AM

  • Please log in to reply

#1
goddi
Posted 28 September 2011 - 09:33 AM

goddi

    New Member

  • Member
  • Pip
  • 1 posts
Greetings,
I received a notice from my Avast that it blocked a threat from Win32:Malware-gen. A file was sent to the Avast Chest. However, when I try to create an exe slideshow from my Pictures To Exe (PTE)program, the program freezes. See attached file for error message.
I have Win7. I have run MBAM and Avast scans but it shows there are no viruses.
I'm not sure what additional information to add. Please let me know if you need any further info.
Thanks... Gary
==================================

OTL logfile created on: 9/28/2011 11:11:43 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Gary Roger Oddi\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 52.57% Memory free
5.98 Gb Paging File | 4.51 Gb Available in Paging File | 75.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 322.45 Gb Free Space | 69.25% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 391.07 Gb Free Space | 83.96% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 273.89 Gb Free Space | 58.80% Space Free | Partition Type: NTFS

Computer Name: GARYODDI-PC | User Name: Gary Roger Oddi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/28 11:10:56 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Gary Roger Oddi\Desktop\OTL.exe
PRC - [2011/09/28 08:59:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Mozilla Firefox\firefox.exe
PRC - [2011/09/13 14:21:15 | 005,328,504 | ---- | M] (SlySoft, Inc.) -- C:\AnyDVD\AnyDVDtray.exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/09 16:56:40 | 000,417,112 | ---- | M] (IObit) -- C:\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/08/09 16:40:34 | 000,763,224 | ---- | M] (IObit) -- C:\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Advanced SystemCare 4\ASCService.exe
PRC - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 07:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/08/03 07:50:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/07/18 02:54:50 | 000,274,216 | ---- | M] (Conduit Ltd.) -- C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe
PRC - [2011/07/08 14:30:52 | 000,563,216 | ---- | M] (CrossLoop) -- C:\Users\Gary Roger Oddi\AppData\Local\CrossLoop\CrossLoopService.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Gary Roger Oddi\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/05/10 15:50:59 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/03/10 18:19:32 | 001,642,840 | ---- | M] (IObit) -- C:\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/11 17:00:20 | 000,358,200 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/12/11 17:00:08 | 000,763,816 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/12/11 16:58:12 | 005,111,464 | ---- | M] (Acronis) -- C:\Acronis\TrueImageMonitor.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/06/22 10:10:22 | 000,530,888 | ---- | M] (Acronis) -- C:\Acronis\DriveMonitor\adm_tray.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2010/01/22 00:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/23 12:21:48 | 019,426,016 | ---- | M] (Firetrust Ltd) -- C:\MailWasher Free\MailWasher.exe
PRC - [2009/07/17 16:25:02 | 000,319,488 | ---- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/07/17 14:48:18 | 006,038,016 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2009/07/13 12:25:52 | 001,033,216 | ---- | M] (ASUSTek) -- C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2009/04/02 00:27:27 | 000,090,112 | R--- | M] () -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/01/07 00:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) -- C:\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2009/01/07 00:24:54 | 000,656,696 | ---- | M] (American Power Conversion Corporation) -- C:\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2008/01/28 18:07:10 | 000,237,568 | ---- | M] (Colin Finck) -- C:\FreeBar\FreeBar.exe
PRC - [2007/07/10 22:38:50 | 001,820,160 | ---- | M] (MSGTAG) -- C:\MSGTAG Status\MSGTAGStatus.exe
PRC - [1999/12/31 20:00:00 | 001,690,224 | ---- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/28 08:59:53 | 001,015,256 | ---- | M] () -- C:\Mozilla Firefox\js3250.dll
MOD - [2011/08/13 08:55:36 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/10 18:21:02 | 000,047,960 | ---- | M] () -- C:\Smart Defrag 2\NtfsData.dll
MOD - [2010/12/11 17:23:00 | 000,279,904 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\Common\resource.dll
MOD - [2010/12/11 16:10:58 | 000,028,512 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\Common\rpc_client.dll
MOD - [2010/12/11 16:09:48 | 000,019,808 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\Common\thread_pool.dll
MOD - [2010/06/22 09:56:24 | 000,012,128 | ---- | M] () -- C:\Program Files\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
MOD - [2009/09/15 18:20:52 | 000,177,152 | ---- | M] () -- C:\Smart Defrag 2\madbasic_.bpl
MOD - [2009/09/15 18:20:52 | 000,044,544 | ---- | M] () -- C:\Smart Defrag 2\maddisAsm_.bpl
MOD - [2009/09/15 18:20:46 | 000,345,088 | ---- | M] () -- C:\Smart Defrag 2\madexcept_.bpl
MOD - [2009/08/25 19:51:10 | 000,155,320 | ---- | M] () -- C:\MailWasher Free\mailprefs.dll
MOD - [2009/07/17 14:48:18 | 006,038,016 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
MOD - [2009/06/25 17:40:38 | 000,771,256 | ---- | M] () -- C:\MailWasher Free\ContactsLib.dll
MOD - [2009/06/25 17:40:04 | 000,977,080 | ---- | M] () -- C:\MailWasher Free\MCore.dll
MOD - [2009/06/24 09:47:14 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\flashobj.dll
MOD - [2009/05/22 15:16:58 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
MOD - [2009/04/22 21:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\AsusService.dll
MOD - [2009/04/20 14:55:34 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\pngio.dll
MOD - [2008/12/10 21:04:54 | 000,253,952 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\pngio.dll
MOD - [2008/09/12 19:39:34 | 000,611,936 | ---- | M] () -- C:\MailWasher Free\MailAnalysis.dll
MOD - [2006/01/10 04:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\System32\AsIO.dll
MOD - [1999/12/31 20:00:00 | 064,663,664 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\skin.dll
MOD - [1999/12/31 20:00:00 | 000,113,264 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [1999/12/31 20:00:00 | 000,100,976 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll
MOD - [1999/12/31 20:00:00 | 000,080,496 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (msav)
SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/15 16:13:17 | 002,640,900 | ---- | M] (NCH Software) [Disabled | Stopped] -- C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe -- (ExpressAccountsService)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/08 14:30:52 | 000,563,216 | ---- | M] (CrossLoop) [Auto | Running] -- C:\Users\Gary Roger Oddi\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/10 15:50:59 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/12/11 17:00:08 | 000,763,816 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/12/07 06:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/07/21 08:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Users\Gary Roger Oddi\AppData\Local\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/04/30 10:47:00 | 000,014,088 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/24 09:28:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Seagage Manual-Backup Drive\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Ashampoo HDD Control\Dfsdks.exe -- (DfSdkS)
SRV - [2009/07/17 16:25:02 | 000,319,488 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/02 00:27:27 | 000,090,112 | R--- | M] () [Auto | Running] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/01/07 00:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 16:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/19 11:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/08/03 07:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/07/08 09:21:01 | 000,052,312 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stdriver32.sys -- (stdriver)
DRV - [2011/05/10 15:51:00 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011/05/10 15:50:57 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2011/05/10 15:50:54 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011/05/10 15:50:49 | 000,170,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/01/22 00:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/01/22 00:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/07/18 01:18:44 | 000,093,096 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2009/05/13 07:11:32 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2008/03/19 21:12:46 | 000,002,689 | ---- | M] (DoctorSoft Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\ncdrvnt3.sys -- (ncdrvnt3)
DRV - [2007/12/17 05:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/06/28 08:18:10 | 001,310,720 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/01/23 22:28:00 | 000,080,128 | ---- | M] (OEM) [Kernel | System | Running] -- C:\Windows\System32\drivers\oxpar.sys -- (oxpar)
DRV - [2007/01/23 00:25:00 | 000,005,120 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oxmep.sys -- (oxmep)
DRV - [2007/01/04 10:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/11/11 14:53:22 | 000,067,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P0630Vid.sys -- (P0630VID)
DRV - [2003/03/13 14:23:28 | 000,019,712 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1)
DRV - [1999/12/31 20:00:00 | 001,143,920 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - No CLSID value found
IE - HKLM\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Gary Roger Oddi\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 23 84 2D 96 6D CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.verizon.n...newsroom.portal
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch...={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://headlines.ver...adlines.portal"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..keyword.URL: "http://websearch.ask...=YYYYYYYYUS&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AutocompletePro\[email protected] [2010/06/25 13:16:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/09/12 08:26:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\SearchPredict\PRFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\SpeedBit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2011/05/13 16:21:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Mozilla Firefox\components [2011/09/28 08:59:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Mozilla Firefox\plugins [2011/09/28 08:59:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Mozilla Thunderbird\components [2011/08/18 08:36:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Mozilla Thunderbird\plugins [2011/09/17 22:04:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2011/05/13 16:21:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Components: C:\Mozilla Thunderbird\components [2011/08/18 08:36:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Plugins: C:\Mozilla Thunderbird\plugins [2011/09/17 22:04:24 | 000,000,000 | ---D | M]

[2009/12/09 23:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary Roger Oddi\AppData\Roaming\Mozilla\Extensions
[2009/12/09 23:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary Roger Oddi\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/11/11 14:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary Roger Oddi\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/09/28 10:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary Roger Oddi\AppData\Roaming\Mozilla\Firefox\Profiles\8ee0nic9.default\extensions
[2011/09/01 11:01:53 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Gary Roger Oddi\AppData\Roaming\Mozilla\Firefox\Profiles\8ee0nic9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/09/28 09:19:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Gary Roger Oddi\AppData\Roaming\Mozilla\Firefox\Profiles\8ee0nic9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/21 15:18:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary Roger Oddi\AppData\Roaming\Mozilla\Firefox\Profiles\si89q5zf.default\extensions
[2010/06/25 13:16:02 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Gary Roger Oddi\AppData\Roaming\Mozilla\Firefox\Profiles\si89q5zf.default\extensions\[email protected]
[2011/05/20 10:52:56 | 000,002,569 | ---- | M] () -- C:\Users\Gary Roger Oddi\AppData\Roaming\Mozilla\Firefox\Profiles\8ee0nic9.default\searchplugins\askcom.xml
[2011/02/18 17:46:41 | 000,001,919 | ---- | M] () -- C:\Users\Gary Roger Oddi\AppData\Roaming\Mozilla\Firefox\Profiles\8ee0nic9.default\searchplugins\bing-zugo.xml
[2009/11/11 14:07:17 | 000,000,000 | ---D | M] (Java Console) -- C:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/12/01 13:46:44 | 000,000,000 | ---D | M] (Java Console) -- C:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/04/01 19:02:43 | 000,000,000 | ---D | M] (Java Console) -- C:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/05/07 23:29:19 | 000,000,000 | ---D | M] (Java Console) -- C:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/05 22:27:56 | 000,000,000 | ---D | M] (Java Console) -- C:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/13 22:33:40 | 000,000,000 | ---D | M] (Java Console) -- C:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/17 11:36:52 | 000,000,000 | ---D | M] (Java Console) -- C:\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

========== Chrome ==========


O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - No CLSID value found.
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [adm_tray.exe] C:\Acronis\DriveMonitor\adm_tray.exe (Acronis)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ashampoo HDD Control Guard] C:\Ashampoo HDD Control\HDDControlGuard.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConduitHelper] C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe (Conduit Ltd.)
O4 - HKLM..\Run: [Display] C:\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe (American Power Conversion Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Acronis\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [AnyDVD] C:\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [Cookienator] C:\Cookienator\cookienator.exe (CodeFromThe70s.org)
O4 - HKCU..\Run: [FreeBar] C:\FreeBar\FreeBar.exe (Colin Finck)
O4 - HKCU..\Run: [MSGTAG] C:\MSGTAG Status\MSGTAGStatus.exe (MSGTAG)
O4 - Startup: C:\Users\Gary Roger Oddi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Gary Roger Oddi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Gary Roger Oddi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherFree.lnk = C:\MailWasher Free\MailWasher.exe (Firetrust Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O16 - DPF: {4C300EBD-684D-4F5C-AAAF-54B31D0AA53D} https://remote.ameri...ko/NcHssglo.CAB (NcHssglo Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{282E2BC8-43EC-457B-824C-5F6ACFB166F9}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\MP3 Skype Recorder\Skype4Com.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Fences\FencesMenu.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/29 17:04:15 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/03 18:11:53 | 000,000,000 | ---- | M] () - D:\Autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/29 07:57:26 | 000,000,032 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/28 11:10:54 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Gary Roger Oddi\Desktop\OTL.exe
[2011/09/28 11:02:23 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Gary Roger Oddi\Desktop\TFC.exe
[2011/09/28 09:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\Moon Secure Antivirus
[2011/09/27 07:50:06 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Ashampoo
[2011/09/27 07:49:54 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Local\ashampoo
[2011/09/27 07:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2011/09/27 07:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2011/09/26 18:08:44 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Local\{8267F4E5-6EDB-44CB-B58D-95E12E1EAC3E}
[2011/09/26 18:08:23 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Local\{D897AAEE-DBC7-423A-B30D-2BA34A370FA0}
[2011/09/26 14:55:25 | 000,000,000 | ---D | C] -- C:\HJSplit
[2011/09/26 14:49:50 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\Desktop\HJSplit
[2011/09/26 14:45:22 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MasterSplitter
[2011/09/26 14:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MasterSplitter
[2011/09/26 14:45:22 | 000,000,000 | ---D | C] -- C:\MasterSplitter
[2011/09/24 16:00:39 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Local\RawTherapee4.0
[2011/09/24 16:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raw Therapee
[2011/09/24 16:00:12 | 000,000,000 | ---D | C] -- C:\RawTherapeeV40
[2011/09/24 14:15:44 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Local\{1C5AEF50-3E64-4B94-951A-94CAE0A25E85}
[2011/09/24 14:15:23 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Local\{B38B435A-B111-40B3-8BA7-2CB39B2044BC}
[2011/09/24 13:28:10 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Local\RawTherapee3.0.1
[2011/09/24 13:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RawTherapee 3.0.1
[2011/09/21 14:06:12 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Local\PixBuilder
[2011/09/21 14:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PixBuilder Studio
[2011/09/21 14:06:09 | 000,000,000 | ---D | C] -- C:\PixBuilder Studio
[2011/09/19 13:24:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
[2011/09/19 13:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2011/09/19 13:24:19 | 000,000,000 | ---D | C] -- C:\Fences
[2011/09/19 12:32:38 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\Documents\SnapDraw-Free
[2011/09/18 09:17:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/17 09:58:03 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\Desktop\Musica 01
[2011/09/15 20:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\RonyaSoft
[2011/09/15 20:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RonyaSoft
[2011/09/15 20:27:11 | 000,000,000 | ---D | C] -- C:\Poster Printer
[2011/09/15 20:25:33 | 001,606,336 | ---- | C] (W3i, LLC) -- C:\Users\Gary Roger Oddi\Desktop\gimp_app_1201.exe
[2011/09/12 14:17:04 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Local\{340F1B5F-DF6D-4EF3-A2F4-40431C6BBBB6}
[2011/09/09 08:45:57 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Muvizu
[2011/09/09 08:41:48 | 000,000,000 | ---D | C] -- C:\Muvizu
[2011/09/07 17:05:00 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\Documents\Vegas Movie Studio 9.0 Projects
[2011/09/07 15:59:35 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Roaming\NVIDIA
[2011/09/07 14:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2011/09/07 14:44:25 | 000,034,304 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt64.exe
[2011/09/07 14:44:25 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe
[2011/09/07 14:44:24 | 000,000,000 | ---D | C] -- C:\Ashampoo HDD Control
[2011/09/07 09:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/09/07 09:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/09/01 21:21:14 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerTools Lite 2011
[2011/09/01 21:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerTools Lite 2011
[2011/09/01 21:20:59 | 000,000,000 | ---D | C] -- C:\PowerTools Lite 2011
[2011/09/01 21:20:08 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Roaming\GetRightToGo
[2011/09/01 20:39:10 | 000,000,000 | ---D | C] -- C:\jv16 PowerTools 2011
[2011/08/30 10:13:12 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/08/30 10:12:28 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/08/30 10:00:53 | 001,882,104 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.Controls.v15.0.1.ocx
[2011/08/30 10:00:53 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Windows\System32\XceedCry.dll
[2011/08/30 10:00:53 | 000,456,536 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Windows\System32\XCEEDZIP.DLL
[2011/08/30 10:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Magician
[2011/08/30 10:00:52 | 000,000,000 | ---D | C] -- C:\Driver Magician
[2011/08/29 18:29:51 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\Desktop\1-Pinnacle
[2011/08/29 18:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\BIAS
[2011/08/29 18:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\AdorageI-SAL
[2011/08/29 18:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\AdorageI-GfxDatas
[2011/08/29 17:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD
[2011/08/29 17:42:57 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Roaming\proDAD
[2011/08/29 17:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\proDAD
[2011/08/29 17:37:27 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\Documents\Instant DVD Recorder
[2011/08/29 17:34:16 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Local\Pinnacle
[2011/08/29 17:07:40 | 000,401,408 | ---- | C] (Pegasus Imaging Corporation) -- C:\Windows\System32\pvmjpg30.dll
[2011/08/29 17:06:46 | 000,884,736 | ---- | C] (Fellowes, Inc.) -- C:\Windows\System32\LMUIRes.dll
[2011/08/29 17:06:46 | 000,012,288 | ---- | C] (Fellowes, Inc.) -- C:\Windows\System32\LMLRes.dll
[2011/08/29 17:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Hollywood FX 6.0 for Studio 11
[2011/08/29 17:05:10 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\Documents\My Projects
[2011/08/29 17:04:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects
[2011/08/29 17:02:49 | 000,041,219 | ---- | C] (Pinnacle Systems) -- C:\Windows\RSETPATH.exe
[2011/08/29 17:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio 11
[2011/08/29 16:59:05 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Roaming\InstallShield
[2011/08/29 16:42:23 | 000,000,000 | ---D | C] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/08/29 16:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio
[2011/08/29 16:03:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2011/08/15 15:08:18 | 000,032,872 | ---- | C] (Roxio) -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER057C18BE.exe
[2011/04/10 20:36:04 | 000,120,320 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll

========== Files - Modified Within 30 Days ==========

[2011/09/28 11:15:04 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/28 11:15:04 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/28 11:14:09 | 000,628,436 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/28 11:14:09 | 000,107,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/28 11:10:56 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Gary Roger Oddi\Desktop\OTL.exe
[2011/09/28 11:07:48 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/28 11:07:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/28 11:07:23 | 2408,882,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/28 11:02:20 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Gary Roger Oddi\Desktop\TFC.exe
[2011/09/28 10:40:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/28 10:23:04 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
[2011/09/28 10:14:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/09/28 10:10:08 | 000,758,874 | ---- | M] () -- C:\Windows\System32\msavcore.exe.dmp
[2011/09/28 09:34:10 | 000,000,894 | ---- | M] () -- C:\Windows\System32\events.dat
[2011/09/28 08:46:53 | 000,039,070 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\PTE Malware.gif
[2011/09/28 08:31:46 | 000,001,641 | ---- | M] () -- C:\Users\Gary Roger Oddi\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/09/27 07:49:54 | 000,001,372 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio Elements.lnk
[2011/09/26 18:13:17 | 012,649,555 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\DSC_9265-720p-1280.mp4
[2011/09/26 15:02:27 | 000,194,885 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\hjsplit.zip
[2011/09/26 10:52:08 | 005,329,331 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\IMG_0317-2.jpg
[2011/09/25 14:43:23 | 000,001,030 | ---- | M] () -- C:\Users\Gary Roger Oddi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/25 11:35:49 | 000,721,509 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\PS-Barred Owl4x3-2.jpg
[2011/09/24 18:40:25 | 000,182,530 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\RT-Barred Owl-2.jpg
[2011/09/24 18:39:14 | 000,000,218 | ---- | M] () -- C:\Users\Gary Roger Oddi\.recently-used.xbel
[2011/09/24 16:00:22 | 000,002,551 | ---- | M] () -- C:\Users\Public\Desktop\Raw Therapee V4.0 32Bit.lnk
[2011/09/24 15:45:17 | 000,001,443 | ---- | M] () -- C:\Windows\NGOptimz.INI
[2011/09/24 14:51:33 | 000,153,836 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\PS-Barred Owl-2.jpg
[2011/09/24 14:23:00 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011/09/23 21:15:55 | 000,001,456 | ---- | M] () -- C:\Users\Gary Roger Oddi\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/09/23 21:15:54 | 000,219,408 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\Barred Owl.jpg
[2011/09/23 17:38:16 | 143,877,278 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\Untitled 17.avi
[2011/09/23 16:54:25 | 003,728,940 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\Untitled 16.avi
[2011/09/22 14:11:03 | 000,028,587 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\Fall 2011 Contact List.pdf
[2011/09/21 22:57:04 | 000,000,132 | ---- | M] () -- C:\Users\Gary Roger Oddi\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/09/15 20:25:34 | 001,606,336 | ---- | M] (W3i, LLC) -- C:\Users\Gary Roger Oddi\Desktop\gimp_app_1201.exe
[2011/09/14 09:25:29 | 011,857,600 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\Spider.JPG
[2011/09/09 15:52:35 | 000,000,854 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\PTE-7.0.lnk
[2011/09/09 15:09:43 | 003,995,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/09 13:17:37 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\PTE 7.0.lnk
[2011/09/09 09:53:01 | 006,794,645 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\PTE_Guide_v70.pdf
[2011/09/09 08:46:06 | 000,000,740 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\Muvizu.lnk
[2011/09/07 16:24:58 | 000,000,755 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\PTE-6.5.lnk
[2011/09/07 16:13:28 | 000,204,772 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\Turtle.jpg
[2011/09/06 16:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/09/06 16:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/09/06 16:36:26 | 000,054,616 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/09/06 14:36:09 | 000,000,918 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\PTE-7.20Beta.lnk
[2011/09/04 15:45:16 | 012,628,313 | ---- | M] () -- C:\Users\Gary Roger Oddi\Desktop\Fête à Mouriès-2011.exe
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/29 18:22:09 | 000,000,017 | ---- | M] () -- C:\Windows\MovingPicture.ini
[2011/08/29 17:04:15 | 000,000,095 | ---- | M] () -- C:\AUTOEXEC.BAT

========== Files Created - No Company Name ==========

[2011/09/28 10:08:54 | 000,758,874 | ---- | C] () -- C:\Windows\System32\msavcore.exe.dmp
[2011/09/28 09:21:01 | 000,000,894 | ---- | C] () -- C:\Windows\System32\events.dat
[2011/09/28 08:46:53 | 000,039,070 | ---- | C] () -- C:\Users\Gary Roger Oddi\Desktop\PTE Malware.gif
[2011/09/27 07:49:54 | 000,001,372 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio Elements.lnk
[2011/09/26 18:13:01 | 012,649,555 | ---- | C] () -- C:\Users\Gary Roger Oddi\Desktop\DSC_9265-720p-1280.mp4
[2011/09/26 15:02:26 | 000,194,885 | ---- | C] () -- C:\Users\Gary Roger Oddi\Desktop\hjsplit.zip
[2011/09/26 10:52:04 | 005,329,331 | ---- | C] () -- C:\Users\Gary Roger Oddi\Desktop\IMG_0317-2.jpg
[2011/09/25 14:42:51 | 000,001,030 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/25 11:35:45 | 000,721,509 | ---- | C] () -- C:\Users\Gary Roger Oddi\Desktop\PS-Barred Owl4x3-2.jpg
[2011/09/24 18:39:14 | 000,000,218 | ---- | C] () -- C:\Users\Gary Roger Oddi\.recently-used.xbel
[2011/09/24 16:00:22 | 000,002,551 | ---- | C] () -- C:\Users\Public\Desktop\Raw Therapee V4.0 32Bit.lnk
[2011/09/24 15:41:34 | 000,182,530 | ---- | C] () -- C:\Users\Gary Roger Oddi\Desktop\RT-Barred Owl-2.jpg
[2011/09/24 14:51:33 | 000,153,836 | ---- | C] () -- C:\Users\Gary Roger Oddi\Desktop\PS-Barred Owl-2.jpg
[2011/09/24 13:12:43 | 000,219,408 | ---- | C] () -- C:\Users\Gary Roger Oddi\Desktop\Barred Owl.jpg
[2011/09/23 17:03:29 | 143,877,278 | ---- | C] () -- C:\Users\Gary Roger Oddi\Desktop\Untitled 17.avi
[2011/09/23 16:53:54 | 003,728,940 | ---- | C] () -- C:\Users\Gary Roger Oddi\Desktop\Untitled 16.avi
[2011/09/22 14:11:00 | 000,028,587 | ---- | C] () -- C:\Users\Gary Roger Oddi\Desktop\Fall 2011 Contact List.pdf
[2011/09/12 14:12:51 | 011,857,600 | ---- | C] () -- C:\Users\Gary Roger Oddi\Desktop\Spider.JPG
[2011/09/10 09:46:30 | 000,204,772 | ---- | C] () -- C:\Users\Gary Roger Oddi\Desktop\Turtle.jpg
[2011/09/09 15:52:35 | 000,000,854 | ---- | C] () -- C:\Users\Gary Roger Oddi\Desktop\PTE-7.0.lnk
[2011/09/09 13:17:37 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\PTE 7.0.lnk
[2011/09/09 09:53:01 | 006,794,645 | ---- | C] () -- C:\Users\Gary Roger Oddi\Desktop\PTE_Guide_v70.pdf
[2011/09/09 08:46:06 | 000,000,740 | ---- | C] () -- C:\Users\Gary Roger Oddi\Desktop\Muvizu.lnk
[2011/09/07 16:24:58 | 000,000,755 | ---- | C] () -- C:\Users\Gary Roger Oddi\Desktop\PTE-6.5.lnk
[2011/09/04 15:45:16 | 012,628,313 | ---- | C] () -- C:\Users\Gary Roger Oddi\Desktop\Fête à Mouriès-2011.exe
[2011/08/30 10:41:04 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/08/30 10:00:53 | 000,110,602 | ---- | C] () -- C:\Windows\System32\xcdsfx32.bin
[2011/08/29 17:04:15 | 000,196,096 | ---- | C] () -- C:\Windows\System32\macd32.dll
[2011/08/29 17:04:15 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2011/08/29 17:04:15 | 000,136,192 | ---- | C] () -- C:\Windows\System32\mamc32.dll
[2011/08/29 17:04:15 | 000,057,856 | ---- | C] () -- C:\Windows\System32\masd32.dll
[2011/08/29 17:04:15 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2011/08/29 16:05:58 | 000,000,095 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/08/20 09:20:09 | 000,000,452 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/15 15:10:51 | 023,944,483 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER5CEE2D12.mp3
[2011/08/15 15:10:43 | 022,457,754 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER3EC439B3.mp3
[2011/08/15 15:10:38 | 016,593,786 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER298054DE.mp3
[2011/08/15 15:10:30 | 026,335,579 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER09621547.mp3
[2011/08/15 15:10:25 | 015,937,590 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNERF6AD4DB7.mp3
[2011/08/15 15:10:20 | 018,362,589 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNERE1C64D06.mp3
[2011/08/15 15:10:13 | 023,530,301 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNERC81F491C.mp3
[2011/08/15 15:10:07 | 021,656,944 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNERB145440D.mp3
[2011/08/15 15:10:00 | 029,492,007 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER9369305E.mp3
[2011/08/15 15:09:52 | 029,346,139 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER76D40124.mp3
[2011/08/15 15:09:46 | 024,434,701 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER5FDB0099.mp3
[2011/08/15 15:09:39 | 032,701,933 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER426C0F3E.mp3
[2011/08/15 15:09:34 | 022,772,123 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER2E7F390C.mp3
[2011/08/15 15:09:28 | 025,363,888 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER18EC7E87.mp3
[2011/08/15 15:09:23 | 023,358,520 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER057C153C.mp3
[2011/08/15 15:09:17 | 031,433,909 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNEREC1312DB.mp3
[2011/08/15 15:09:13 | 020,377,603 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNERDBED2EA6.mp3
[2011/08/15 15:09:09 | 018,656,865 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNERCD6C0BB3.mp3
[2011/08/15 15:09:05 | 021,644,405 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNERBCE801EB.mp3
[2011/08/15 15:09:01 | 020,934,743 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNERAD0126E9.mp3
[2011/08/15 15:08:56 | 025,903,859 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER99EE41BB.mp3
[2011/08/15 15:08:49 | 033,899,001 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER817E5AF1.mp3
[2011/08/15 15:08:45 | 026,510,297 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER6ED96DF1.mp3
[2011/08/15 15:08:42 | 016,789,423 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER63351649.mp3
[2011/08/15 15:08:38 | 020,424,415 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER55315F90.mp3
[2011/08/15 15:08:35 | 018,733,770 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER48746952.mp3
[2011/08/15 15:08:31 | 023,153,656 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER390A72AE.mp3
[2011/08/15 15:08:27 | 022,753,701 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER29FC2CD6.mp3
[2011/08/15 15:08:24 | 020,292,339 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER1CD33D6C.mp3
[2011/08/15 15:08:19 | 028,122,772 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER0AC94AE1.mp3
[2011/08/15 15:08:18 | 000,001,532 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER056C4823.m3u
[2011/08/15 15:08:18 | 000,000,056 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\TempNER057C6784.inf
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/07/08 10:56:50 | 000,056,630 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Roaming\Debut.dmp
[2011/05/10 10:49:09 | 000,025,623 | ---- | C] () -- C:\Windows\cscmondump.bin
[2011/05/03 07:45:14 | 000,000,014 | ---- | C] () -- C:\Windows\System32\syspvc.dll
[2011/04/10 08:59:14 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/10 08:23:07 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/04/10 08:23:07 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/04/04 09:31:12 | 000,000,132 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/03/31 16:27:43 | 000,000,132 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/03/28 17:34:59 | 000,000,022 | -HS- | C] () -- C:\Users\Gary Roger Oddi\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/03/02 17:32:06 | 000,311,296 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll
[2011/02/25 22:23:22 | 000,000,352 | ---- | C] () -- C:\Windows\pagebreeze.ini
[2011/02/25 22:23:22 | 000,000,035 | ---- | C] () -- C:\Windows\formbreeze.ini
[2011/02/09 15:10:25 | 000,000,007 | ---- | C] () -- C:\Windows\grabber4.dat
[2011/02/01 16:49:09 | 000,005,120 | ---- | C] () -- C:\Windows\System32\drivers\Stdsys.SYS
[2010/12/13 17:52:51 | 000,000,045 | ---- | C] () -- C:\Windows\WAVChop.INI
[2010/12/07 18:35:56 | 000,000,353 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/11/02 17:26:45 | 000,115,390 | ---- | C] () -- C:\Windows\hpgins19.dat
[2010/11/02 17:26:45 | 000,000,284 | ---- | C] () -- C:\Windows\hpgmdl19.dat
[2010/10/23 10:10:43 | 000,001,456 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/09/10 10:03:15 | 000,061,440 | ---- | C] () -- C:\Windows\System32\MFSIFLib2889.dll
[2010/09/10 10:03:14 | 000,126,976 | ---- | C] () -- C:\Windows\System32\MFSBaseLib2889.dll
[2010/09/02 03:33:54 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2010/09/02 03:32:52 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2010/08/31 18:19:27 | 000,000,132 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/20 13:44:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\imblacklist.dat
[2010/08/20 12:12:48 | 001,219,792 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/08/16 18:33:10 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2010/08/02 16:41:52 | 000,007,609 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\Resmon.ResmonCfg
[2010/03/15 05:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010/01/29 10:33:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2009/12/26 12:34:38 | 000,000,017 | ---- | C] () -- C:\Windows\MovingPicture.ini
[2009/12/26 12:01:49 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2009/12/15 11:17:02 | 000,000,131 | ---- | C] () -- C:\Windows\CRC.INI
[2009/12/14 21:47:56 | 000,526,848 | ---- | C] () -- C:\Windows\System32\hpgtg400.dll
[2009/12/14 17:15:17 | 000,073,216 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/11 11:05:15 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2009/12/10 23:34:12 | 000,001,443 | ---- | C] () -- C:\Windows\NGOptimz.INI
[2009/12/09 23:37:58 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/06 12:03:57 | 000,000,833 | ---- | C] () -- C:\Windows\X10.INI
[2009/12/06 12:03:57 | 000,000,772 | ---- | C] () -- C:\Windows\PLATOTW.INI
[2009/12/05 10:35:28 | 000,000,120 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Roaming\FixVTS.ini
[2009/12/04 20:59:54 | 000,000,458 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2009/12/04 18:24:53 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/11/25 09:18:29 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2009/11/25 09:18:29 | 000,000,004 | ---- | C] () -- C:\Windows\System32\aspdict-en.dat
[2009/11/09 17:44:24 | 000,000,063 | ---- | C] () -- C:\Windows\PixieTool.INI
[2009/11/09 09:59:07 | 000,000,132 | ---- | C] () -- C:\Windows\System32\rezumatenoi.dat
[2009/11/08 21:00:14 | 000,116,232 | ---- | C] () -- C:\Windows\system32SimCAD.exe
[2009/11/07 23:17:24 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/11/07 19:02:03 | 000,000,216 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009/11/07 18:44:49 | 000,000,149 | ---- | C] () -- C:\Windows\CDFACE32.INI
[2009/11/07 16:50:31 | 000,000,036 | ---- | C] () -- C:\Windows\NGGalery.ini
[2009/11/07 16:50:27 | 000,338,944 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[2009/11/07 16:50:27 | 000,118,784 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2009/11/07 14:06:48 | 000,026,000 | ---- | C] () -- C:\Windows\System32\PteVideo.dll
[2009/11/05 23:49:43 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/05 21:12:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/04 13:30:11 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2009/11/04 13:30:11 | 000,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2009/11/04 13:30:08 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2009/11/04 13:30:08 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2009/11/04 13:24:24 | 000,031,408 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/11/04 13:24:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/11/04 13:24:05 | 000,021,836 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 003,995,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,628,436 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,107,742 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/13 07:11:32 | 000,006,504 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2009/02/01 00:52:50 | 000,000,049 | ---- | C] () -- C:\Users\Gary Roger Oddi\AppData\Roaming\register.bat
[2008/12/01 19:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2008/09/25 11:57:24 | 000,116,232 | ---- | C] () -- C:\Windows\System32\SimCAD.exe
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/10/04 20:49:14 | 000,094,208 | ---- | C] () -- C:\Windows\System32\wsImageLoaderStub.dll
[2006/10/04 20:47:45 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2004/03/18 09:44:29 | 001,663,068 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[1999/03/23 09:46:24 | 000,040,448 | ---- | C] () -- C:\Windows\System32\REGOBJ.DLL
[1999/01/22 06:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/04/26 10:48:40 | 000,000,000 | -HSD | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\.#
[2010/12/29 11:19:40 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\1759C904-936F-42D0-BC6B-5BDBF2C1C37F
[2009/12/05 10:35:28 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Acronis
[2010/08/24 21:00:09 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Amazon
[2010/12/07 15:32:35 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\AnvSoft
[2011/05/08 08:57:50 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\AnyPic Image Resizer Pro
[2011/09/27 07:50:08 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Ashampoo
[2011/09/22 17:35:54 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Audacity
[2011/01/24 12:26:07 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Auslogics
[2011/02/01 09:54:22 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Avery
[2011/05/10 16:37:31 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\BANDISOFT
[2010/08/25 13:08:07 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\BitZipper
[2011/08/19 16:26:26 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Canon
[2011/02/18 17:06:30 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\ChaosPro
[2011/02/18 17:13:36 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\ChaosPro 4.0
[2010/08/24 16:14:15 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/26 17:28:07 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\com.adobe.ExMan
[2011/07/22 08:29:27 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Cool Record Edit Pro
[2010/10/26 14:31:53 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\DGFects
[2011/04/23 23:13:55 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Digiarty
[2011/09/28 11:08:22 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Dropbox
[2011/05/13 10:15:07 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Eltima Software
[2011/06/21 11:13:15 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Engelmann Media
[2009/12/15 11:18:32 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Free Sound Recorder
[2009/12/04 22:33:27 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\FreeBar
[2010/05/17 11:43:48 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\GARMIN
[2011/09/01 21:20:27 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\GetRightToGo
[2011/07/10 12:24:42 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\GlobalSCAPE
[2011/04/20 18:00:13 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\HandBrake
[2011/04/13 10:00:35 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\HD Tune Pro
[2010/11/02 19:27:42 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Image Zone Express
[2009/12/13 13:09:57 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\ImgBurn
[2009/12/05 10:35:30 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\InterVideo
[2011/04/26 10:53:21 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\IObit
[2011/04/06 15:34:38 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\IrfanView
[2009/12/05 10:35:30 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\IsolatedStorage
[2009/12/05 10:35:30 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Leadertech
[2011/09/28 11:08:18 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\MailWasherFree
[2011/04/03 07:49:01 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\mediAvatar
[2009/12/15 11:38:48 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\MP3SkypeRecorder
[2011/09/27 21:52:01 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\MSGTAG
[2009/12/05 10:36:52 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\MultiExtractor
[2011/01/07 11:09:29 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\MusicMP3Downloader
[2010/09/16 08:31:07 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\NCH Swift Sound
[2009/11/10 20:28:55 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\NetMedia Providers
[2010/03/30 14:50:58 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Netscape
[2011/01/19 11:31:52 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Opanda
[2011/02/15 09:11:44 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Pamela
[2011/04/27 14:42:18 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\PearlMountainSoft
[2010/02/13 11:40:19 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Photopos
[2010/07/23 09:32:07 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\PicturesToExe
[2010/11/02 17:32:37 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Printer Info Cache
[2011/08/29 18:19:10 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\proDAD
[2011/09/07 17:16:04 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Publish Providers
[2011/05/18 13:47:20 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\QuickScan
[2011/08/16 17:06:39 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\RawTherapee
[2011/04/08 07:58:26 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\RecordMax Burning Studio
[2009/12/05 10:36:53 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\RipIt4Me
[2011/08/26 10:15:45 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\S10 Software
[2011/04/06 19:42:02 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\ScreenCapturePrint
[2010/12/23 17:26:01 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Seagate
[2011/07/21 06:36:28 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Solveig Multimedia
[2009/12/05 10:37:06 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Sony
[2010/05/05 10:38:09 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Stardock
[2011/06/18 12:42:37 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\SuperUtils.com
[2011/06/27 15:10:27 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\SystemRequirementsLab
[2011/01/26 13:10:02 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\TaxCut
[2010/12/22 10:26:54 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\TeamViewer
[2009/12/09 23:06:24 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Thunderbird
[2010/08/06 17:51:42 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\UBitMenu
[2010/12/16 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Uniblue
[2011/02/23 14:40:27 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\WebSoftware
[2011/03/22 18:19:47 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Windows Live Writer
[2009/12/13 23:18:39 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Xilisoft Corporation
[2011/06/16 09:13:02 | 000,000,000 | ---D | M] -- C:\Users\Gary Roger Oddi\AppData\Roaming\Zoner
[2011/08/15 07:27:48 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/20 10:09:03 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/08/20 12:31:18 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2010/08/20 12:31:18 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Windows:00CE7AD4B9BB19CE
@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:EEDA5B17
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8178B8D6
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4240575B

< End of report >

Attached Thumbnails

  • PTE Malware.gif

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP