Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Avast Finds But Can't Remove Win32 Malware-gen Trojan

Started by marcusjones , Sep 28 2011 11:44 AM

  • Please log in to reply

#1
marcusjones
Posted 28 September 2011 - 11:44 AM

marcusjones

    New Member

  • Member
  • Pip
  • 1 posts
Avast picks up this virus and moves to chest but the virus remains. I've ran a boot scan a few times. I've ran MalwareBytes and SuperAntiSpyware. Unfortunately the virus continues to exist.

Here is the message. Seems to be 2 different areas:

"Original File: 000000002.@
Original Folder: c:\windows\assembly\tmp\u\
Virus Description: Win32:Malware-gen"

And Another...
"Original File: kwrd.dll
Original Folder: c:\windows\assembly\tmp
Virus Description: Win32:Malware-gen"

Thank you for your assistance.


OTL Log:


OTL logfile created on: 9/27/2011 5:09:28 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Marcus\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 3.90 Gb Available Physical Memory | 67.20% Memory free
11.60 Gb Paging File | 9.38 Gb Available in Paging File | 80.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 384.57 Gb Free Space | 85.27% Space Free | Partition Type: NTFS
Drive L: | 923.57 Gb Total Space | 763.64 Gb Free Space | 82.68% Space Free | Partition Type: NTFS
Drive Z: | 923.57 Gb Total Space | 763.64 Gb Free Space | 82.68% Space Free | Partition Type: NTFS

Computer Name: MarcusS-LAPTOP | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/21 17:38:39 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2011/09/18 08:24:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/09/01 19:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marcus\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/10/05 15:28:12 | 001,060,352 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
PRC - [2010/08/19 19:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/07/01 15:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/07/01 15:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/29 15:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/07/13 20:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\PING.EXE
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/15 13:14:00 | 003,532,072 | ---- | M] (TeamViewer GmbH) -- C:\Users\Marcus\temp\TeamViewer\Version4\TeamViewer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/25 07:13:22 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60aa01ac9637903f30ac346c55ce58bb\PresentationFramework.Aero.ni.dll
MOD - [2011/09/25 07:13:00 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\462ca53f84ff85f159d5555d91a5e28d\PresentationFramework.ni.dll
MOD - [2011/09/25 07:12:50 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\808e41877f992187276492aa2e55e909\PresentationCore.ni.dll
MOD - [2011/09/25 07:12:41 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll
MOD - [2011/09/25 07:12:32 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\5914966008346d5e9341ba1f9d6d2760\System.Core.ni.dll
MOD - [2011/09/25 07:11:06 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011/09/25 07:11:00 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011/09/25 07:10:54 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011/09/25 07:10:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011/09/25 07:10:50 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011/09/25 07:10:46 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/05/26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/10/05 15:25:34 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/19 18:26:58 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/01/19 18:08:16 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/01/19 18:05:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/12/29 15:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/11/02 13:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurMarcusoost\TurMarcusoost.exe -- (TurMarcusoost)
SRV:64bit: - [2009/09/15 22:59:44 | 000,907,264 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2009/09/15 22:54:38 | 000,403,456 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/09/21 17:06:38 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/10/05 15:28:12 | 001,060,352 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/10/05 15:27:44 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/07/01 15:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/07/01 15:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 15:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 15:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 15:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 15:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 15:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 15:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/12 11:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/07/31 07:36:38 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2010/07/20 08:40:38 | 010,603,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 18:15:54 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/06/18 11:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/05/07 14:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/07 05:44:32 | 000,321,584 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/30 22:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/03/30 22:58:06 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/03/30 22:58:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/30 22:58:06 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/03/30 22:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/03/03 22:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 08:02:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/13 19:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/12/22 12:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurMarcus.sys -- (TurMarcus)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/16 13:45:08 | 000,174,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2009/09/16 13:45:00 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2009/09/16 13:44:58 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/12/29 17:35:40 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/01/04 19:39:34] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3608911687-3169058005-2229516275-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3608911687-3169058005-2229516275-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3608911687-3169058005-2229516275-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)


[2011/09/21 17:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

Hosts file not found
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3608911687-3169058005-2229516275-1001\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3608911687-3169058005-2229516275-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-3608911687-3169058005-2229516275-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marcus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F699317-3B88-48C8-9175-ECF145B97419}: DhcpNameServer = 13.36.0.1 13.36.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0982781-EF1E-434D-98C9-011DE6FE1BC2}: DhcpNameServer = 97.64.168.12 97.64.183.165
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2011/09/27 17:01:26 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Marcus\Desktop\aswMBR.exe
[2011/09/27 16:57:33 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2011/09/27 16:36:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS
[2011/09/27 15:35:55 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Malwarebytes
[2011/09/27 15:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/27 15:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/27 15:35:47 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/27 15:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/27 15:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/09/27 15:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/26 19:01:58 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\TeamViewer
[2011/09/26 19:01:57 | 000,000,000 | ---D | C] -- C:\Users\Marcus\temp
[2011/09/26 19:01:32 | 000,000,000 | ---D | C] -- C:\PCOptimized
[2011/09/26 15:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EMCO
[2011/09/26 15:07:59 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\GetRightToGo
[2011/09/26 15:07:59 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Documents\Downloads
[2011/09/26 13:13:18 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/26 13:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/09/26 12:38:37 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/09/26 12:38:37 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/09/26 12:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Pro Antivirus
[2011/09/26 12:38:36 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/09/26 12:38:36 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/09/26 12:38:36 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/09/26 12:38:36 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/09/26 12:38:36 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/09/26 12:38:11 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/26 12:38:10 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/09/26 12:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/09/26 12:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/26 12:29:14 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\OpenCloud Security
[2011/09/26 10:45:20 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/09/25 17:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/09/25 17:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2011/09/25 17:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/09/25 17:18:06 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/09/24 18:01:41 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Dropbox
[2011/09/24 17:25:41 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Apple Computer
[2011/09/24 17:25:41 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Apple Computer
[2011/09/24 17:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/09/24 17:24:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/09/24 17:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/24 17:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/09/24 17:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/09/24 17:23:13 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Apple
[2011/09/24 17:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/09/24 17:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/09/24 17:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/09/24 11:28:44 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Western_Digital
[2011/09/24 11:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2011/09/24 03:01:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/09/22 08:52:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/09/22 08:52:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/09/21 18:23:14 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Macrovision
[2011/09/21 17:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2011/09/21 17:35:31 | 000,000,000 | ---D | C] -- C:\e
[2011/09/21 17:33:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\oem
[2011/09/21 17:32:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Intuit
[2011/09/21 17:21:32 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Agilix
[2011/09/21 17:18:50 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Leadertech
[2011/09/21 17:16:46 | 000,000,000 | R--D | C] -- C:\Users\Marcus\Dropbox
[2011/09/21 17:16:43 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Documents\Yahoo Store
[2011/09/21 17:16:42 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\WindSolutions
[2011/09/21 17:16:42 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Documents\Psycho Cybernetics
[2011/09/21 17:16:42 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Documents\My RoboForm Data
[2011/09/21 17:16:42 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Documents\My Databases
[2011/09/21 17:16:42 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/09/21 17:16:41 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Ipswitch
[2011/09/21 17:16:41 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Epson
[2011/09/21 17:16:40 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Western Digital
[2011/09/21 17:16:33 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Google
[2011/09/21 17:16:33 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\File Renamer Basic
[2011/09/21 17:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2011/09/21 17:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/09/21 17:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2011/09/21 17:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/09/21 17:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2011/09/21 17:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Individual Software
[2011/09/21 17:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Ipswitch
[2011/09/21 17:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2011/09/21 17:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2011/09/21 17:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/21 17:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2011/09/21 17:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/09/21 17:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011/09/21 17:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/21 17:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/09/21 17:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2011/09/21 17:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/09/21 17:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/09/21 17:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2011/09/21 17:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2011/09/21 17:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
[2011/09/21 17:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2011/09/21 17:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/09/21 17:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MySoftware
[2011/09/21 17:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/09/21 17:12:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ipswitch
[2011/09/21 17:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intuit
[2011/09/21 17:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Individual Software
[2011/09/21 17:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/09/21 17:11:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2011/09/21 17:11:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Renamer
[2011/09/21 17:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2011/09/21 17:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2011/09/21 17:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/09/21 17:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/09/21 17:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/09/21 17:11:09 | 000,000,000 | ---D | C] -- C:\PFiles
[2011/09/21 17:11:08 | 000,000,000 | ---D | C] -- C:\Data
[2011/09/21 17:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2011/09/21 17:06:31 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Citrix
[2011/09/21 17:06:04 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Deployment
[2011/09/21 17:06:04 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Apps
[2011/09/21 17:01:30 | 000,000,000 | ---D | C] -- C:\Users\Marcus\My Backup Files
[2011/09/21 16:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Agilix
[2011/09/21 16:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FranklinCovey
[2011/09/21 16:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FranklinCovey
[2011/09/21 16:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Agilix
[2011/09/21 16:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2011/09/21 16:40:50 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\ApplicationHistory
[2011/09/21 16:39:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2011/09/21 16:00:34 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\PCDr
[2011/09/21 16:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2011/09/21 15:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/09/21 15:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/21 14:40:55 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Documents\My Received Files
[2011/09/21 14:39:18 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Windows Live
[2011/09/21 14:38:46 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Tracing
[2011/09/21 12:43:33 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Adobe
[2011/09/21 12:35:18 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Macromedia
[2011/09/21 12:35:16 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Adobe
[2011/09/20 23:09:19 | 000,000,000 | ---D | C] -- C:\Emergency
[2011/09/20 22:54:43 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2011/09/20 22:33:35 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Mozilla
[2011/09/20 22:31:49 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Diagnostics
[2011/09/20 22:28:40 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Dell
[2011/09/20 22:28:06 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Stardock_Corporation
[2011/09/20 22:27:59 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Roxio
[2011/09/20 22:27:56 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Broadcom
[2011/09/20 22:27:56 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Documents\Bluetooth Exchange Folder
[2011/09/20 22:27:54 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Intel
[2011/09/20 22:27:54 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Creative
[2011/09/20 22:27:02 | 000,000,000 | R--D | C] -- C:\Users\Marcus\Searches
[2011/09/20 22:27:02 | 000,000,000 | R--D | C] -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/09/20 22:27:02 | 000,000,000 | -H-D | C] -- C:\Users\Marcus\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/09/20 22:26:53 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Identities
[2011/09/20 22:26:50 | 000,000,000 | R--D | C] -- C:\Users\Marcus\Contacts
[2011/09/20 22:26:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/20 22:26:48 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\VirtualStore
[2011/09/20 22:19:51 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Dell Edoc Viewer
[2011/09/20 22:19:46 | 000,000,000 | --SD | C] -- C:\Users\Marcus\AppData\Roaming\Microsoft
[2011/09/20 22:19:46 | 000,000,000 | R--D | C] -- C:\Users\Marcus\Videos
[2011/09/20 22:19:46 | 000,000,000 | R--D | C] -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/09/20 22:19:46 | 000,000,000 | R--D | C] -- C:\Users\Marcus\Saved Games
[2011/09/20 22:19:46 | 000,000,000 | R--D | C] -- C:\Users\Marcus\Pictures
[2011/09/20 22:19:46 | 000,000,000 | R--D | C] -- C:\Users\Marcus\Music
[2011/09/20 22:19:46 | 000,000,000 | R--D | C] -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/09/20 22:19:46 | 000,000,000 | R--D | C] -- C:\Users\Marcus\Links
[2011/09/20 22:19:46 | 000,000,000 | R--D | C] -- C:\Users\Marcus\Favorites
[2011/09/20 22:19:46 | 000,000,000 | R--D | C] -- C:\Users\Marcus\Downloads
[2011/09/20 22:19:46 | 000,000,000 | R--D | C] -- C:\Users\Marcus\Documents
[2011/09/20 22:19:46 | 000,000,000 | R--D | C] -- C:\Users\Marcus\Desktop
[2011/09/20 22:19:46 | 000,000,000 | R--D | C] -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/09/20 22:19:46 | 000,000,000 | -HSD | C] -- C:\Users\Marcus\AppData\Local\Temporary Internet Files
[2011/09/20 22:19:46 | 000,000,000 | -HSD | C] -- C:\Users\Marcus\Templates
[2011/09/20 22:19:46 | 000,000,000 | -HSD | C] -- C:\Users\Marcus\Start Menu
[2011/09/20 22:19:46 | 000,000,000 | -HSD | C] -- C:\Users\Marcus\SendTo
[2011/09/20 22:19:46 | 000,000,000 | -HSD | C] -- C:\Users\Marcus\Recent
[2011/09/20 22:19:46 | 000,000,000 | -HSD | C] -- C:\Users\Marcus\PrintHood
[2011/09/20 22:19:46 | 000,000,000 | -HSD | C] -- C:\Users\Marcus\NetHood
[2011/09/20 22:19:46 | 000,000,000 | -HSD | C] -- C:\Users\Marcus\Documents\My Videos
[2011/09/20 22:19:46 | 000,000,000 | -HSD | C] -- C:\Users\Marcus\Documents\My Pictures
[2011/09/20 22:19:46 | 000,000,000 | -HSD | C] -- C:\Users\Marcus\Documents\My Music
[2011/09/20 22:19:46 | 000,000,000 | -HSD | C] -- C:\Users\Marcus\My Documents
[2011/09/20 22:19:46 | 000,000,000 | -HSD | C] -- C:\Users\Marcus\Local Settings
[2011/09/20 22:19:46 | 000,000,000 | -HSD | C] -- C:\Users\Marcus\AppData\Local\History
[2011/09/20 22:19:46 | 000,000,000 | -HSD | C] -- C:\Users\Marcus\Cookies
[2011/09/20 22:19:46 | 000,000,000 | -HSD | C] -- C:\Users\Marcus\Application Data
[2011/09/20 22:19:46 | 000,000,000 | -HSD | C] -- C:\Users\Marcus\AppData\Local\Application Data
[2011/09/20 22:19:46 | 000,000,000 | -H-D | C] -- C:\Users\Marcus\AppData
[2011/09/20 22:19:46 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Temp
[2011/09/20 22:19:46 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\SoftThinks
[2011/09/20 22:19:46 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Microsoft
[2011/09/20 22:19:46 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Media Center Programs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/27 16:48:26 | 000,001,502 | ---- | M] () -- C:\Users\Marcus\Documents\cc_20110927_164821.reg
[2011/09/27 16:35:27 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 16:35:27 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 16:27:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/27 16:27:29 | 376,848,383 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/27 16:03:27 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/09/27 15:49:09 | 000,739,664 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/27 15:49:09 | 000,632,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/27 15:49:09 | 000,110,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/27 15:35:50 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/26 19:01:33 | 000,001,738 | ---- | M] () -- C:\Users\Marcus\Desktop\LookAtMyPC Remote Support.lnk
[2011/09/26 13:37:47 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 4e83fd13-0e29-46f5-8529-7060e051ae57.job
[2011/09/26 13:37:47 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 4aae9a69-1064-485f-ae14-fb2019410d32.job
[2011/09/26 13:27:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/09/26 13:12:49 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011/09/26 12:38:37 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2011/09/26 12:37:34 | 000,003,099 | ---- | M] () -- C:\Users\Marcus\Desktop\License.avastlic
[2011/09/26 06:41:55 | 000,363,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/25 17:23:25 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/09/24 18:04:29 | 000,001,134 | ---- | M] () -- C:\Users\Marcus\Desktop\Dropbox.lnk
[2011/09/24 18:02:00 | 000,001,024 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/24 11:27:16 | 000,001,320 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/09/24 11:13:57 | 000,001,230 | ---- | M] () -- C:\Users\Marcus\Desktop\Calculator.lnk
[2011/09/21 18:23:58 | 000,002,254 | ---- | M] () -- C:\Users\Public\Desktop\Public (MyBookLive) (2).lnk
[2011/09/21 18:20:39 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/21 18:16:03 | 000,002,254 | ---- | M] () -- C:\Users\Public\Desktop\Public (MyBookLive).lnk
[2011/09/21 17:18:47 | 000,000,088 | -HS- | M] () -- C:\Users\Marcus\AppData\Roaming\ZPUQPMQDC8BKG5QST7A9QKXGJU
[2011/09/21 17:06:30 | 000,103,784 | ---- | M] () -- C:\Users\Marcus\GoToAssistDownloadHelper.exe
[2011/09/21 16:42:28 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\FranklinCovey PlanPlus for Windows 5.lnk
[2011/09/21 16:42:24 | 000,000,091 | ---- | M] () -- C:\Users\Marcus\AppData\Local\fusioncache.dat
[2011/09/21 16:40:34 | 000,743,594 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/21 00:18:12 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/09/21 00:18:12 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/09/20 23:12:37 | 000,000,452 | ---- | M] () -- C:\Users\Public\Desktop\Emergency Backup.lnk
[2011/09/20 22:30:14 | 000,001,443 | ---- | M] () -- C:\Users\Marcus\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/18 08:24:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe
[2011/09/06 15:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/09/06 15:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/06 15:45:17 | 000,254,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/09/06 15:38:18 | 000,601,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/09/06 15:38:16 | 000,301,912 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/09/06 15:36:41 | 000,058,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/09/06 15:36:41 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/09/06 15:36:30 | 000,065,368 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/09/06 15:36:14 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/27 16:48:24 | 000,001,502 | ---- | C] () -- C:\Users\Marcus\Documents\cc_20110927_164821.reg
[2011/09/27 15:35:50 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/26 13:13:23 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 4aae9a69-1064-485f-ae14-fb2019410d32.job
[2011/09/26 13:13:20 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 4e83fd13-0e29-46f5-8529-7060e051ae57.job
[2011/09/26 13:12:49 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011/09/26 12:38:37 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2011/09/26 12:38:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/09/26 12:37:34 | 000,003,099 | ---- | C] () -- C:\Users\Marcus\Desktop\License.avastlic
[2011/09/25 17:23:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/09/24 18:04:29 | 000,001,134 | ---- | C] () -- C:\Users\Marcus\Desktop\Dropbox.lnk
[2011/09/24 18:02:00 | 000,001,024 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/24 17:23:11 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/09/24 11:27:16 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/09/24 11:13:57 | 000,001,230 | ---- | C] () -- C:\Users\Marcus\Desktop\Calculator.lnk
[2011/09/21 18:23:58 | 000,002,254 | ---- | C] () -- C:\Users\Public\Desktop\Public (MyBookLive) (2).lnk
[2011/09/21 18:16:03 | 000,002,254 | ---- | C] () -- C:\Users\Public\Desktop\Public (MyBookLive).lnk
[2011/09/21 17:18:26 | 000,000,088 | -HS- | C] () -- C:\Users\Marcus\AppData\Roaming\ZPUQPMQDC8BKG5QST7A9QKXGJU
[2011/09/21 17:06:30 | 000,103,784 | ---- | C] () -- C:\Users\Marcus\GoToAssistDownloadHelper.exe
[2011/09/21 16:42:28 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\FranklinCovey PlanPlus for Windows 5.lnk
[2011/09/21 16:42:24 | 000,000,091 | ---- | C] () -- C:\Users\Marcus\AppData\Local\fusioncache.dat
[2011/09/21 16:39:43 | 000,743,594 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/21 00:13:16 | 376,848,383 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/20 23:12:37 | 000,000,452 | ---- | C] () -- C:\Users\Public\Desktop\Emergency Backup.lnk
[2011/09/20 22:30:14 | 000,001,443 | ---- | C] () -- C:\Users\Marcus\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/20 22:27:07 | 000,001,415 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/09/20 22:27:03 | 000,001,449 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/09/20 22:26:23 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/20 22:26:23 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/09/20 22:19:46 | 000,000,290 | ---- | C] () -- C:\Users\Marcus\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/09/20 22:19:46 | 000,000,272 | ---- | C] () -- C:\Users\Marcus\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/01/04 21:32:08 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/01/04 21:32:08 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/01/04 21:32:08 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/01/04 21:32:07 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/01/04 21:32:06 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2011/09/21 17:21:32 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Agilix
[2011/09/27 16:34:18 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Dropbox
[2011/09/21 17:16:41 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Epson
[2011/09/26 15:19:25 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\GetRightToGo
[2011/09/21 17:18:50 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Leadertech
[2011/09/26 13:34:09 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\OpenCloud Security
[2011/09/21 17:16:42 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\PCDr
[2011/09/26 19:01:59 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TeamViewer
[2011/09/21 17:16:42 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\WindSolutions
[2011/09/21 18:20:39 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/14 00:08:49 | 000,007,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/28 08:50:05 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU[1].TXT
[2011/09/26 13:37:47 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4aae9a69-1064-485f-ae14-fb2019410d32.job
[2011/09/26 13:37:47 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4e83fd13-0e29-46f5-8529-7060e051ae57.job
[2011/09/27 16:03:27 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP