Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Invected with fake anti-virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Invected with fake anti-virus

Unread postby gestalt » November 10th, 2011, 10:54 pm

Recently my computer had been infected with malware that attempted to extort money by posting all kinds of alarmist messages on the screen, telling me that my HD overheated, running too slow, sectors corrupted, etc. It removed registry entries, making it impossible to launch apps. It aslo hijacked the browser.

I managed to clear up most of its effects by restoring the original settings (system restore), then I ran: McAffee anti-virus (found a few infections), Trend Micro Homescan (found nothing), SUPERAntiSpyware (found many tracking cookies, but no viruses/trojans etc.). Finally, I ran Hijackthis, but did not see anything suspicious.

The bottom line: all tools at my disposal report a clean bill of health, but the Internet Explorer 9 starts up by itself (and restarts a short while after I kill it through the Task Manager), occasionally an audio plays from some unknown location, and once in a while McAffee tells me that it blocked an attempt to connect to an unsecure site (never happened before).

Windows Live Mail also complains that "Initialization of RSS support feed failed. RSS feeds could not be updated", although it proceeds to launch after the error panel is dismissed. I haven't seen this before either.

I have Windows 7, 64 bit installed on my Dell All-in-One machine. Any advice is greatly appreciated.

Thanks,

Alex

Logs

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Alex at 19:20:01 on 2011-11-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8188.6234 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\OSD\DellOSDservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Dell\OSD\DellOSD.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012231759.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [StickyNotesWidget] "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe --renderer null"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FAStartup]
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\Alex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7817E592-0806-4B58-8743-B89365B31185} : DhcpNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111012231759.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [StickyNotesWidget] "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe --renderer null"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [FAStartup]
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce-x64: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8m8aa8g8.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://echo.msk.ru
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Users\Alex\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Users\Alex\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-5-4 150920]
R2 DellOSDservice;DellOSDservice;C:\Program Files\Dell\OSD\DellOSDservice.exe [2010-11-25 7168]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-2-22 2409800]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-28 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-28 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-28 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-28 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-9-28 199008]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-9-28 208272]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-15 689472]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVerPola;AVerMedia USB Polaris Series Capture Service;C:\Windows\system32\DRIVERS\AVerPola.sys --> C:\Windows\system32\DRIVERS\AVerPola.sys [?]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 nuviocir;Nuvoton W836x7HG CIR Device Driver;C:\Windows\system32\DRIVERS\nuviocir_win7_x64.sys --> C:\Windows\system32\DRIVERS\nuviocir_win7_x64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/06/15 06:32:40;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-10-5 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-4-23 428384]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-11 02:15:24 -------- d-----w- C:\Users\Alex\AppData\Local\{30237A4E-6EA2-48C0-86DA-61B8632FE7C8}
2011-11-11 02:14:57 -------- d-----w- C:\Users\Alex\AppData\Local\{703E7C38-E143-4D99-AD03-C547F9C45234}
2011-11-11 02:14:18 -------- d-----w- C:\Users\Alex\AppData\Local\{955449E0-AE14-4EEC-9152-245650BC196E}
2011-11-10 13:57:46 -------- d-----w- C:\Users\Alex\AppData\Local\{3B91E719-BF67-4D46-8C7E-8B2AD2FD3CA7}
2011-11-10 13:57:42 -------- d-----w- C:\Users\Alex\AppData\Local\{A0AFCC31-5E5D-4278-A227-AE350CDC3A9D}
2011-11-10 07:07:06 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2011-11-10 01:58:13 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-11-10 01:56:56 -------- d-----w- C:\Users\Alex\AppData\Local\{F7192B13-4E0D-4756-A62B-55555948D1AC}
2011-11-10 01:55:36 -------- d-----w- C:\Users\Alex\AppData\Local\{5AC48A65-F70E-4EE2-B7BF-8C4DB12145E5}
2011-11-09 05:25:10 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 05:25:09 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 05:25:07 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 05:25:05 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-09 02:33:16 -------- d-----w- C:\Users\Alex\AppData\Local\{9EDB4344-CB10-4A06-894B-DA5FFA90021E}
2011-11-09 02:31:47 -------- d-----w- C:\Users\Alex\AppData\Local\{FED61E1E-8A54-4EAE-B988-D225E281DB8D}
2011-11-09 02:01:17 -------- d-----w- C:\52d68c364344d967b33097
2011-11-09 01:48:21 -------- d-----w- C:\Users\Alex\AppData\Roaming\Sammsoft
2011-11-08 04:29:53 -------- d-----w- C:\Users\Alex\AppData\Local\{24190DD4-862A-4C51-89DF-7969FA9D2476}
2011-11-08 04:29:16 -------- d-----w- C:\Users\Alex\AppData\Local\{CFEE8127-6B7B-4D7D-A4CB-4019EA49A1C7}
2011-11-08 02:32:44 -------- d-----w- C:\Users\Alex\AppData\Local\{1B4F8561-2786-4862-BEDC-41C807F8DB20}
2011-11-08 02:31:39 -------- d-----w- C:\Users\Alex\AppData\Local\{5A244EF5-84AC-464A-8F28-E76C2FF82A42}
2011-11-07 03:53:42 -------- d-----w- C:\Users\Alex\AppData\Local\{7BEE95B6-6B0C-4900-B90F-D02FD9383DF1}
2011-11-07 03:52:56 -------- d-----w- C:\Users\Alex\AppData\Local\{25C09036-F8B7-491E-B371-0C1948FF6B7E}
2011-11-06 15:52:03 -------- d-----w- C:\Users\Alex\AppData\Local\{2B46CC7A-E80F-482F-82F1-71296D7516A0}
2011-11-06 15:50:59 -------- d-----w- C:\Users\Alex\AppData\Local\{D8EB5CBC-9C57-4D89-A83B-BA8171E8A060}
2011-11-06 03:02:51 -------- d-----w- C:\Users\Alex\AppData\Local\{7B779C31-A751-468C-B261-5BAD2028444F}
2011-11-06 03:02:01 -------- d-----w- C:\Users\Alex\AppData\Local\{30FBC544-8AE6-4054-8AFF-CC90BF66840B}
2011-11-05 15:01:36 -------- d-----w- C:\Users\Alex\AppData\Local\{1EF8E2CF-8CDC-4556-8B40-4D727DDD3EE9}
2011-11-05 15:01:30 -------- d-----w- C:\Users\Alex\AppData\Local\{7F761140-C939-4B24-8BF1-D479BCC749D8}
2011-11-05 02:35:16 -------- d-----w- C:\Program Files (x86)\StepForwardAdmin
2011-11-05 01:45:07 -------- d-----w- C:\Users\Alex\AppData\Local\{F469BE58-E46A-407D-AF06-ED842CBBC91C}
2011-11-05 01:44:03 -------- d-----w- C:\Users\Alex\AppData\Local\{CCA93615-2AD0-407E-B9BF-751CEA74416D}
2011-11-04 02:06:48 -------- d-----w- C:\Users\Alex\AppData\Local\{C38D37F7-ABC6-42E6-9754-761FF5B2E1C0}
2011-11-04 02:06:16 -------- d-----w- C:\Users\Alex\AppData\Local\{DD7DCFC1-965B-4766-B1C0-678C848E8C45}
2011-11-03 01:53:38 -------- d-----w- C:\Users\Alex\AppData\Local\{B94FC51C-2874-4422-8DCE-D096A30DD35C}
2011-11-03 01:52:42 -------- d-----w- C:\Users\Alex\AppData\Local\{FC88A71A-D1DD-4C85-A882-F811AC684764}
2011-11-02 01:14:03 -------- d-----w- C:\Users\Alex\AppData\Local\{AFAE05AE-A3C6-4A91-923F-7729568005B1}
2011-11-02 01:12:27 -------- d-----w- C:\Users\Alex\AppData\Local\{A2AA007D-6690-4C5F-9360-3D5E173C8E1A}
2011-11-01 01:31:14 -------- d-----w- C:\Users\Alex\AppData\Local\{263727D7-A107-4839-8189-F21B0C547E4A}
2011-11-01 01:30:02 -------- d-----w- C:\Users\Alex\AppData\Local\{CD487BF2-F7D4-460A-A2B4-CD5A502B6613}
2011-10-31 05:44:09 -------- d-----w- C:\Users\Alex\AppData\Local\{FB679E7D-300E-4155-8A5D-03D61914FC57}
2011-10-30 17:09:56 -------- d-----w- C:\Users\Alex\AppData\Local\{8F191CE8-8F39-4F68-8928-22E0632E93B5}
2011-10-30 17:08:35 -------- d-----w- C:\Users\Alex\AppData\Local\{D25A1EC6-7A4A-4376-B9E7-28D595BCA532}
2011-10-30 05:49:04 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-10-30 05:46:16 -------- d-----w- C:\Users\Alex\AppData\Local\uTorrent
2011-10-30 03:30:47 -------- d-----w- C:\Users\Alex\AppData\Local\{E96CB59D-5E15-4E33-8E2F-909ED1482B9C}
2011-10-30 03:29:52 -------- d-----w- C:\Users\Alex\AppData\Local\{C1B881DB-004E-4EB3-B3BA-2CBF4B27BA61}
2011-10-29 15:29:08 -------- d-----w- C:\Users\Alex\AppData\Local\{234A3D1F-86AC-4487-80ED-70D8BDDBEEB5}
2011-10-29 15:28:36 -------- d-----w- C:\Users\Alex\AppData\Local\{01358DE2-6BB4-46CE-B477-74A410250C1A}
2011-10-29 03:27:50 -------- d-----w- C:\Users\Alex\AppData\Local\{7234F3F1-D852-4AB7-AD2D-B8363F3D5BA1}
2011-10-29 03:27:18 -------- d-----w- C:\Users\Alex\AppData\Local\{F3FF803B-5EB6-477D-B67B-B7B653B8EFFE}
2011-10-28 01:24:30 -------- d-----w- C:\Users\Alex\AppData\Local\{893E98CB-3F41-4AB2-959A-A33A0D9A3E8D}
2011-10-28 01:24:09 -------- d-----w- C:\Users\Alex\AppData\Local\{CBC69AAA-294B-49B6-9532-430FBB04EC96}
2011-10-27 00:36:52 -------- d-----w- C:\Users\Alex\AppData\Local\{9ED28368-0386-4857-96A8-AC2ABEC4B90C}
2011-10-27 00:35:22 -------- d-----w- C:\Users\Alex\AppData\Local\{93BFB955-554A-4A96-9298-CE2E84A9EC53}
2011-10-26 01:05:46 -------- d-----w- C:\Users\Alex\AppData\Local\{82D89231-7A11-4796-AB17-4A032EE8DD28}
2011-10-26 01:04:34 -------- d-----w- C:\Users\Alex\AppData\Local\{C78B1856-EBD1-489A-A254-6ED3918459A9}
2011-10-25 01:49:14 -------- d-----w- C:\Users\Alex\AppData\Local\{740A888B-36FD-49C4-AE61-97120ABE23E5}
2011-10-25 01:48:01 -------- d-----w- C:\Users\Alex\AppData\Local\{501313BC-FDC3-4E3E-9A21-DBF4C9CF156D}
2011-10-24 04:22:21 -------- d-----w- C:\Users\Alex\AppData\Local\{0BFD9D20-9FDA-4C88-BA34-B8A712C08D8D}
2011-10-24 04:21:14 -------- d-----w- C:\Users\Alex\AppData\Local\{79A3C2FC-0BC9-4302-8EF3-D314604BB687}
2011-10-23 21:24:39 -------- d-----w- C:\Users\Alex\AppData\Local\Sonic_Solutions
2011-10-23 16:20:11 -------- d-----w- C:\Users\Alex\AppData\Local\{7F99C657-FDF3-4C46-BB79-E72523ED01E3}
2011-10-23 16:18:57 -------- d-----w- C:\Users\Alex\AppData\Local\{8DB07DC1-5D34-4931-A7FD-4D22A5EC26C0}
2011-10-23 04:18:07 -------- d-----w- C:\Users\Alex\AppData\Local\{C56125CE-E71E-4536-981D-92DB1FCD380C}
2011-10-23 04:17:00 -------- d-----w- C:\Users\Alex\AppData\Local\{9E34FA16-B2F1-4FCA-AD6C-B5E5C0ACB2DD}
2011-10-23 02:14:33 -------- d--h--w- C:\Program Files\eclipse3
2011-10-23 02:08:35 -------- d-----w- C:\Users\Alex\workspace
2011-10-23 02:02:50 -------- d-----w- C:\eclipse-SDK-3.5.1-win32
2011-10-23 00:49:57 -------- d-----w- C:\Program Files (x86)\StepForwardClient
2011-10-23 00:43:41 -------- d--h--w- C:\Program Files (x86)\Zero G Registry
2011-10-22 15:51:01 -------- d-----w- C:\Users\Alex\AppData\Local\{B27CEB9B-1FF1-4ED7-A7D6-973328F77EFD}
2011-10-22 15:49:45 -------- d-----w- C:\Users\Alex\AppData\Local\{A91C72A4-1382-491E-A763-CBDC055954CA}
2011-10-22 01:44:57 -------- d-----w- C:\Users\Alex\AppData\Local\{5A5D661F-AB72-4AAF-BD0E-A03678537884}
2011-10-22 01:43:59 -------- d-----w- C:\Users\Alex\AppData\Local\{7B494376-481C-4555-A7CB-36560123A754}
2011-10-21 01:45:26 -------- d-----w- C:\Users\Alex\AppData\Local\{F268828C-7678-45CF-8008-6A445D7568C6}
2011-10-21 01:44:11 -------- d-----w- C:\Users\Alex\AppData\Local\{0A9085E1-A89F-4C5D-8BC4-7F8ED8BB0116}
2011-10-20 00:29:54 -------- d-----w- C:\Users\Alex\AppData\Local\{AD2C6965-B913-4FDF-9E63-1E287263C124}
2011-10-20 00:28:57 -------- d-----w- C:\Users\Alex\AppData\Local\{A9BDE37B-7F5F-4200-A9B6-50647BCBE5B2}
2011-10-19 00:31:34 -------- d-----w- C:\Users\Alex\AppData\Local\{6B421DF5-16B8-4F0D-9038-094508856E8E}
2011-10-19 00:29:47 -------- d-----w- C:\Users\Alex\AppData\Local\{568C5453-37C0-41CD-ADA7-327EA3A6CCF7}
2011-10-18 00:29:59 -------- d-----w- C:\Users\Alex\AppData\Local\{C025218F-EE77-467B-916A-2F1509F38C6A}
2011-10-18 00:29:06 -------- d-----w- C:\Users\Alex\AppData\Local\{FE9F16C7-90E1-43D2-AB66-CFAF862786DC}
2011-10-16 21:24:08 -------- d-----w- C:\Users\Alex\AppData\Local\{B17CF388-64DC-4D4A-9437-2E2735914A70}
2011-10-16 21:23:27 -------- d-----w- C:\Users\Alex\AppData\Local\{113CEDD0-A60A-4697-8125-1AB52DF2B420}
2011-10-16 03:41:06 -------- d-----w- C:\Users\Alex\AppData\Local\{2CDE75EF-8183-464A-8AEE-1671AC04F965}
2011-10-16 03:40:37 -------- d-----w- C:\Users\Alex\AppData\Local\{1F7E8CD1-0EF8-4742-9998-5C278D4F53AD}
2011-10-15 15:40:24 -------- d-----w- C:\Users\Alex\AppData\Local\{43CC7FA2-4E51-4F97-B867-8BF9CD2BFB24}
2011-10-15 15:39:51 -------- d-----w- C:\Users\Alex\AppData\Local\{510E1721-4F0F-403A-9A80-4D78B11AF5A7}
2011-10-15 01:10:02 -------- d-----w- C:\Users\Alex\AppData\Local\{86391098-1503-48D3-A980-D7915EE87BB6}
2011-10-15 01:09:36 -------- d-----w- C:\Users\Alex\AppData\Local\{8B65DC12-F22F-4BDF-85B2-27D2F9DD1445}
2011-10-14 02:32:45 -------- d-----w- C:\Users\Alex\AppData\Local\{841BB974-ED9C-4CDA-A665-B1A0C95038FE}
2011-10-14 02:31:37 -------- d-----w- C:\Users\Alex\AppData\Local\{205E0237-15F5-4B9D-ABA4-A64F229AE94F}
2011-10-14 00:34:15 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-14 00:34:15 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-14 00:34:14 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-14 00:34:14 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-14 00:33:55 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-14 00:33:55 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-14 00:33:55 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-14 00:33:54 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-13 01:15:04 -------- d-----w- C:\Users\Alex\AppData\Local\{6FA3C4E8-F817-420B-9FF1-A1C08DA750DD}
2011-10-13 01:14:55 -------- d-----w- C:\Users\Alex\AppData\Local\{9B1E6C9B-3E59-4F0F-87D3-EAE4B4C77C65}
.
==================== Find3M ====================
.
2011-11-10 06:48:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-07 02:51:37 103784 ----a-w- C:\Users\Alex\GoToAssistDownloadHelper.exe
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-19 21:59:28 158832 ----a-w- C:\Windows\System32\mfevtps.exe
2011-08-15 16:00:06 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-08-15 16:00:06 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-08-15 16:00:06 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-08-15 16:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-08-15 16:00:06 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-08-15 16:00:06 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-08-15 16:00:06 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-08-15 16:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-08-15 16:00:06 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
.
============= FINISH: 19:36:53.90 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 23/09/2011 7:59:27 PM
System Uptime: 10/11/2011 7:11:54 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0DPRF9
Processor: AMD Athlon(tm) II X4 610e Processor | CPU 1 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 719.844 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: facap, FastAccess Video Capture
Device ID: ROOT\IMAGE\0000
Manufacturer: Sensible Vision
Name: facap, FastAccess Video Capture
PNP Device ID: ROOT\IMAGE\0000
Service: FACAP
.
==== System Restore Points ===================
.
RP44: 22/10/2011 10:24:21 AM - Windows Modules Installer
RP45: 23/10/2011 1:35:48 AM - Windows Update
RP46: 26/10/2011 12:40:38 AM - Windows Update
RP47: 29/10/2011 9:17:41 AM - Windows Update
RP48: 05/11/2011 8:04:34 PM - Scheduled Checkpoint
RP49: 07/11/2011 9:02:27 PM - Restore Operation
RP50: 08/11/2011 6:47:37 PM - ARO 2011 - Before Installation
RP51: 08/11/2011 6:48:26 PM - ARO 2011 - FIRST RUN
RP52: 08/11/2011 7:21:13 PM - ARO 2011 Tue, Nov 08, 11 19:21
RP53: 09/11/2011 1:05:27 AM - Windows Update
.
==== Installed Programs ======================
.
Accidental Damage Services Agreement
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1) MUI
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
µTorrent
Bejeweled 2 Deluxe
Blackhawk Striker 2
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CIR Tool Kit
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cozi
CyberLink PowerDVD 9.5
CyberLink YouPaint
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Digital Delivery
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Touch Software Suite Games
Dell VideoStage
Dell Webcam Central
Diner Dash 2 Restaurant Rescue
DirectX 9 Runtime
Dora's World Adventure
eBay
Escape Whisper Valley (TM)
Farm Frenzy
FATE
Final Drive Fury
Final Drive Nitro
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 24
Jewel Quest
Jewel Quest Solitaire 2
Junk Mail filter update
Luxor
McAfee SecurityCenter
Mesh Runtime
Microsoft Office 2010
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft XNA Framework Redistributable 3.0
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
Namco All-Stars PAC-MAN
OpenOffice.org 3.3
OpenVPN 2.2.1
Penguins!
PhotoShowExpress
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
QualxServ Service Agreement
QuickTime
Realtek High Definition Audio Driver
Remote Administrator v2.2
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Samantha Swift
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Skins
Skype Click to Call
Skype™ 5.5
Sonic CinePlayer Decoder Pack
StepForward Client
StepForwardAdmin
StickyNotes
THX TruStudio PC
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Wedding Dash - Ready, Aim, Love!
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wisdom-soft Set up ScreenHunter 5.1 Free
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
10/11/2011 7:32:56 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
08/11/2011 5:51:13 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
08/11/2011 3:18:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee McShield service to connect.
08/11/2011 3:18:37 AM, Error: Service Control Manager [7000] - The McAfee McShield service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/11/2011 8:24:42 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
07/11/2011 8:22:53 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
.
==== End Of File ===========================
gestalt
Active Member
 
Posts: 10
Joined: November 10th, 2011, 12:11 am
Advertisement
Register to Remove

Re: Invected with fake anti-virus

Unread postby Gary R » November 12th, 2011, 2:36 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Invected with fake anti-virus

Unread postby Gary R » November 12th, 2011, 2:44 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "malware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi gestalt

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Nothing immediately leaping out of your logs at me, so we'll need to run some further scans to see if they reveal the cause of your problem.

First

Download OTL by OldTimer to your Desktop.

Alternative Download

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Under Custom Scans/Fixes copy/paste the contents of the code box below.
Code: Select all
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents

  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Invected with fake anti-virus

Unread postby gestalt » November 12th, 2011, 2:54 am

While waiting for the response, I ran Microsoft Safety Scanner that managed to discover the following:

Trojan:DOS/Alureon.E
Exploit:Java/CVE-2010-0840.FL
Exploit:Java/CVE-2010-4452.D
TrojanDownloader:Java/OpenConnection.OU

It then removed them all, except Alureon, which it reports to have removed "partially". However, the problem of spontaneous launches of IE remains. Should I start over with DDS logs, or proceed with your latest instructions?
gestalt
Active Member
 
Posts: 10
Joined: November 10th, 2011, 12:11 am

Re: Invected with fake anti-virus

Unread postby Gary R » November 12th, 2011, 11:46 am

Please proceed with my last instructions.

Alureon is another name for the TDSS rootkit which is unlikely to have been fully removed by Microsoft's safety scanner. TDSSKiller should detect whether there is still anything to deal with.

In any case there are a few other things that need attention, and OTL will give us the ability to address them.

DO NOT SHUT DOWN OR RE-BOOT YOUR COMPUTER UNTIL I'VE SEEN YOUR TDSSKILLER LOG

If the Alureon infection has not been fully removed your computer could become unbootable if you shut it down.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Invected with fake anti-virus

Unread postby gestalt » November 13th, 2011, 10:22 pm

Gary, thank you very much for looking into my problem. Before proceeding with your instructions, I ran Microsoft Safety Scanner (MSS) again, and it not only detected Alureon.E, but actually removed it and forced me to reboot. Thus, your warning against rebooting came late. And yes, this did make the computer unbootable. However, I managed to recover. The following may be of interest to you and others who are confronted with Alureon.E.

The reason the computer would not boot was that the virus (or removal of it by MSS) de-activated the partition of HD with Windows OS on it (drive C:). The repair utility that I tried to run from the Windows installation CD thus could not see the OS on HD and did not work. However, I could verify that the actual content of drive C: remained intact. I then manually reactivated the partition (diskpart command), repaired the Master Boot Record (bootrec.exe /FixMbr) - perhaps needlessly, but it did not do any harm either, - and had been able to boot from the HD. However, the computer would reboot automatically every 10 minutes or so. Restore from the recovery point that I made following your previous advice fixed that problem too.

I since ran a full scan with MSS (the only tool that had been able to detect and kill Alureon.E) and it came through clean. I can still run the diagnostics that you suggested, if you see a benefit in it at this point. The only remaining problem now is that my desperate efforts created a new drive (E:, titled RECOVERY in my file explorer) that I do not need and will have to remove as soon as I create a new recovery point and burn the system image on the DVD.

Thanks again.
Alex
gestalt
Active Member
 
Posts: 10
Joined: November 10th, 2011, 12:11 am

Re: Invected with fake anti-virus

Unread postby Gary R » November 14th, 2011, 5:38 am

Yes, please run the scans I asked for, it's likely your infection has been removed, but I'd like a visual check to make sure there are no orphans, and also I'd like to make sure there are no other issues that need addressing.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Invected with fake anti-virus

Unread postby gestalt » November 15th, 2011, 12:41 am

OTL.txt
OTL logfile created on: 14/11/2011 9:05:40 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alex\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 77.36% Memory free
15.99 Gb Paging File | 12.78 Gb Available in Paging File | 79.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.83 Gb Total Space | 721.45 Gb Free Space | 78.69% Space Free | Partition Type: NTFS

Computer Name: HERCULES | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 21:02:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Downloads\OTL.exe
PRC - [2011/10/29 22:49:09 | 000,641,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/10/26 08:57:28 | 000,162,816 | ---- | M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
PRC - [2011/09/05 09:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/01 02:46:40 | 000,458,752 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn.exe
PRC - [2011/07/01 02:46:40 | 000,099,328 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/11/17 08:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/10/29 12:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/10/26 03:27:00 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010/10/01 14:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2010/08/25 22:45:22 | 001,853,248 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/08/20 00:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/08/19 16:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/08/11 16:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/02/22 13:25:08 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2010/02/22 13:25:08 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2010/02/22 13:24:42 | 002,409,800 | ---- | M] (Sensible Vision ) -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/15 09:03:08 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll
MOD - [2011/10/14 18:13:34 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/14 18:13:01 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/14 18:12:47 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/14 18:12:40 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/14 18:12:37 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/14 18:12:35 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/14 18:12:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/14 18:12:30 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/14 18:12:19 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/14 18:12:17 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/14 18:12:10 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/30 19:06:02 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/09/26 19:12:30 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2011/07/01 02:46:40 | 000,458,752 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn.exe
MOD - [2011/07/01 02:46:40 | 000,099,328 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
MOD - [2011/07/01 02:46:40 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\lzo2.dll
MOD - [2011/05/26 12:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/11/24 20:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/20 20:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/11/17 08:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/08/11 16:19:34 | 000,077,024 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/08/11 16:19:32 | 000,109,792 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/08/11 16:19:32 | 000,072,928 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/08/11 16:19:30 | 000,232,672 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/08/11 16:19:30 | 000,126,176 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/08/11 16:19:30 | 000,119,008 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/08/11 16:19:28 | 000,023,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2010/08/11 16:19:28 | 000,023,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2010/08/11 16:19:26 | 001,121,504 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/08/11 16:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/02/22 13:25:56 | 000,089,416 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2010/02/22 13:25:12 | 000,059,208 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2010/02/22 13:24:10 | 000,247,624 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/06 15:37:32 | 000,199,008 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/08/19 14:59:28 | 000,158,832 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/08/19 14:50:56 | 000,208,272 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/06/23 14:23:52 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/11/25 14:59:16 | 000,007,168 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Dell\OSD\DellOSDservice.exe -- (DellOSDservice)
SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/21 13:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/01 23:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/26 08:57:28 | 000,162,816 | ---- | M] (Dell Products, LP.) [Auto | Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2011/09/05 09:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/07/01 02:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011/06/15 04:28:25 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/25 03:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 03:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/26 16:26:58 | 000,236,016 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/25 18:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/20 00:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/22 13:24:42 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/05 17:47:34 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2011/08/15 09:00:06 | 000,642,824 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/08/15 09:00:06 | 000,481,504 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/08/15 09:00:06 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/08/15 09:00:06 | 000,228,752 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/08/15 09:00:06 | 000,158,584 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/08/15 09:00:06 | 000,100,904 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/08/15 09:00:06 | 000,075,672 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/08/15 09:00:06 | 000,065,128 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/07/01 02:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/21 14:22:42 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/21 13:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/08/12 08:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/07/14 16:17:58 | 000,033,792 | ---- | M] (Nuvoton Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuviocir_win7_x64.sys -- (nuviocir)
DRV:64bit: - [2010/04/06 17:57:08 | 000,073,784 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/04/06 17:57:08 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/04/03 09:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2010/03/23 07:13:00 | 000,371,072 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerPola.sys -- (AVerPola)
DRV:64bit: - [2010/03/19 01:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/09 11:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/02/01 23:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/01 23:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/01 23:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/24 17:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\Alex\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\Alex\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys -- (SASKUTIL)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-489840705-870049178-1846842719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-489840705-870049178-1846842719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-489840705-870049178-1846842719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-489840705-870049178-1846842719-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 71 8C BC 7A 7F FB 0D C7 48 7E BE 12 BE E1 AD BE 28 [binary data]
IE - HKU\S-1-5-21-489840705-870049178-1846842719-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://echo.msk.ru"
FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.0
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/06/15 04:08:26 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/06/15 04:08:26 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/10/31 20:41:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/11/07 21:20:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 23:30:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/24 20:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2011/11/10 00:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8m8aa8g8.default\extensions
[2011/11/09 23:32:12 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8m8aa8g8.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/09/24 20:11:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8m8aa8g8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/10 00:18:27 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8m8aa8g8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/09/24 20:11:05 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8m8aa8g8.default\extensions\engine@conduit.com
[2011/11/09 23:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/07 21:20:21 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2011/11/09 23:30:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/22 18:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 23:30:47 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111012231759.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20111012231759.dll (McAfee, Inc.)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StickyNotesWidget] c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe ()
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-489840705-870049178-1846842719-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-489840705-870049178-1846842719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-489840705-870049178-1846842719-1000\..Trusted Domains: ([]msn in Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.29.3.221 172.29.3.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48E2AF60-CD23-4423-809E-D0D70A031EA4}: DhcpNameServer = 172.29.3.221 172.29.3.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7817E592-0806-4B58-8743-B89365B31185}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\FastAccess: DllName - (c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfevtp - C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {43DBFCAC-569E-3338-F678-1B44F60BF1C8} - Themes Setup
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C2C20980-0958-BBF8-C972-BC2F4815BFE6} - Java (Sun)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F16DE901-D268-560C-09D5-64F861354281} - Internet Explorer
ActiveX: {F591588C-636C-5DE6-059F-DFD9B9A65841} - DirectX
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/14 20:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/11/14 20:07:00 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
[2011/11/14 19:37:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{0F6E828B-2897-4B8B-9F5C-08E0092A51D3}
[2011/11/14 19:36:17 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A69EAD6A-7D44-4F73-8BE8-6AE3233FBA4B}
[2011/11/13 18:48:39 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C51DD6CE-89B9-4A60-91D3-B13FE9EDAA54}
[2011/11/13 18:47:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{5221A750-D83D-49E6-AFC6-D471CC79816C}
[2011/11/13 01:33:38 | 000,000,000 | -HSD | C] -- C:\Boot
[2011/11/12 01:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/12 00:46:58 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Spyware Remover Pro
[2011/11/12 00:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Remover Pro
[2011/11/12 00:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SP1Data
[2011/11/11 19:48:31 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{9FBBD305-CC47-47C2-9853-2292EA8F3FD4}
[2011/11/11 19:48:22 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{EFB8B806-6C1D-4093-BA4A-C880D05A0B71}
[2011/11/11 07:16:53 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{3C9664AF-D914-4DDF-AACB-E6B2D05981A5}
[2011/11/11 07:16:50 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{029AC701-4506-43EA-B9C2-70E2CEBDCFB7}
[2011/11/10 19:15:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{30237A4E-6EA2-48C0-86DA-61B8632FE7C8}
[2011/11/10 19:14:57 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{703E7C38-E143-4D99-AD03-C547F9C45234}
[2011/11/10 19:14:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{955449E0-AE14-4EEC-9152-245650BC196E}
[2011/11/10 06:57:46 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{3B91E719-BF67-4D46-8C7E-8B2AD2FD3CA7}
[2011/11/10 06:57:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A0AFCC31-5E5D-4278-A227-AE350CDC3A9D}
[2011/11/10 00:07:06 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2011/11/09 18:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/09 18:56:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{F7192B13-4E0D-4756-A62B-55555948D1AC}
[2011/11/09 18:55:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{5AC48A65-F70E-4EE2-B7BF-8C4DB12145E5}
[2011/11/08 19:33:16 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{9EDB4344-CB10-4A06-894B-DA5FFA90021E}
[2011/11/08 19:31:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FED61E1E-8A54-4EAE-B988-D225E281DB8D}
[2011/11/08 19:01:17 | 000,000,000 | ---D | C] -- C:\52d68c364344d967b33097
[2011/11/08 18:55:59 | 050,295,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011/11/08 18:48:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Sammsoft
[2011/11/07 21:29:53 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{24190DD4-862A-4C51-89DF-7969FA9D2476}
[2011/11/07 21:29:16 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{CFEE8127-6B7B-4D7D-A4CB-4019EA49A1C7}
[2011/11/07 20:31:45 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/11/07 19:32:44 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{1B4F8561-2786-4862-BEDC-41C807F8DB20}
[2011/11/07 19:31:39 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{5A244EF5-84AC-464A-8F28-E76C2FF82A42}
[2011/11/06 20:53:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{7BEE95B6-6B0C-4900-B90F-D02FD9383DF1}
[2011/11/06 20:52:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{25C09036-F8B7-491E-B371-0C1948FF6B7E}
[2011/11/06 08:52:03 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{2B46CC7A-E80F-482F-82F1-71296D7516A0}
[2011/11/06 08:50:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{D8EB5CBC-9C57-4D89-A83B-BA8171E8A060}
[2011/11/05 20:02:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{7B779C31-A751-468C-B261-5BAD2028444F}
[2011/11/05 20:02:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{30FBC544-8AE6-4054-8AFF-CC90BF66840B}
[2011/11/05 08:01:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{1EF8E2CF-8CDC-4556-8B40-4D727DDD3EE9}
[2011/11/05 08:01:30 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{7F761140-C939-4B24-8BF1-D479BCC749D8}
[2011/11/04 19:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StepForwardAdmin
[2011/11/04 18:45:07 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{F469BE58-E46A-407D-AF06-ED842CBBC91C}
[2011/11/04 18:44:03 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{CCA93615-2AD0-407E-B9BF-751CEA74416D}
[2011/11/03 19:06:48 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C38D37F7-ABC6-42E6-9754-761FF5B2E1C0}
[2011/11/03 19:06:16 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{DD7DCFC1-965B-4766-B1C0-678C848E8C45}
[2011/11/02 18:53:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{B94FC51C-2874-4422-8DCE-D096A30DD35C}
[2011/11/02 18:52:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FC88A71A-D1DD-4C85-A882-F811AC684764}
[2011/11/01 18:14:03 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{AFAE05AE-A3C6-4A91-923F-7729568005B1}
[2011/11/01 18:12:27 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A2AA007D-6690-4C5F-9360-3D5E173C8E1A}
[2011/10/31 18:31:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{263727D7-A107-4839-8189-F21B0C547E4A}
[2011/10/31 18:30:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{CD487BF2-F7D4-460A-A2B4-CD5A502B6613}
[2011/10/30 22:44:09 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FB679E7D-300E-4155-8A5D-03D61914FC57}
[2011/10/30 10:09:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{8F191CE8-8F39-4F68-8928-22E0632E93B5}
[2011/10/30 10:08:35 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{D25A1EC6-7A4A-4376-B9E7-28D595BCA532}
[2011/10/29 22:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011/10/29 22:46:16 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\uTorrent
[2011/10/29 20:30:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{E96CB59D-5E15-4E33-8E2F-909ED1482B9C}
[2011/10/29 20:29:52 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C1B881DB-004E-4EB3-B3BA-2CBF4B27BA61}
[2011/10/29 08:29:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{234A3D1F-86AC-4487-80ED-70D8BDDBEEB5}
[2011/10/29 08:28:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{01358DE2-6BB4-46CE-B477-74A410250C1A}
[2011/10/28 20:27:50 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{7234F3F1-D852-4AB7-AD2D-B8363F3D5BA1}
[2011/10/28 20:27:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{F3FF803B-5EB6-477D-B67B-B7B653B8EFFE}
[2011/10/27 18:24:30 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{893E98CB-3F41-4AB2-959A-A33A0D9A3E8D}
[2011/10/27 18:24:09 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{CBC69AAA-294B-49B6-9532-430FBB04EC96}
[2011/10/26 17:36:52 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{9ED28368-0386-4857-96A8-AC2ABEC4B90C}
[2011/10/26 17:35:22 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{93BFB955-554A-4A96-9298-CE2E84A9EC53}
[2011/10/25 18:05:46 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{82D89231-7A11-4796-AB17-4A032EE8DD28}
[2011/10/25 18:04:34 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C78B1856-EBD1-489A-A254-6ED3918459A9}
[2011/10/24 18:49:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{740A888B-36FD-49C4-AE61-97120ABE23E5}
[2011/10/24 18:48:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{501313BC-FDC3-4E3E-9A21-DBF4C9CF156D}
[2011/10/23 21:22:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{0BFD9D20-9FDA-4C88-BA34-B8A712C08D8D}
[2011/10/23 21:21:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{79A3C2FC-0BC9-4302-8EF3-D314604BB687}
[2011/10/23 14:24:39 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Sonic_Solutions
[2011/10/23 09:20:11 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{7F99C657-FDF3-4C46-BB79-E72523ED01E3}
[2011/10/23 09:18:57 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{8DB07DC1-5D34-4931-A7FD-4D22A5EC26C0}
[2011/10/22 21:18:07 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C56125CE-E71E-4536-981D-92DB1FCD380C}
[2011/10/22 21:17:00 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{9E34FA16-B2F1-4FCA-AD6C-B5E5C0ACB2DD}
[2011/10/22 19:14:33 | 000,000,000 | -H-D | C] -- C:\Program Files\eclipse3
[2011/10/22 19:08:35 | 000,000,000 | ---D | C] -- C:\Users\Alex\workspace
[2011/10/22 19:02:50 | 000,000,000 | ---D | C] -- C:\eclipse-SDK-3.5.1-win32
[2011/10/22 17:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StepForwardClient
[2011/10/22 17:43:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
[2011/10/22 08:51:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{B27CEB9B-1FF1-4ED7-A7D6-973328F77EFD}
[2011/10/22 08:49:45 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A91C72A4-1382-491E-A763-CBDC055954CA}
[2011/10/21 18:44:57 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{5A5D661F-AB72-4AAF-BD0E-A03678537884}
[2011/10/21 18:43:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{7B494376-481C-4555-A7CB-36560123A754}
[2011/10/20 18:45:26 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{F268828C-7678-45CF-8008-6A445D7568C6}
[2011/10/20 18:44:11 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{0A9085E1-A89F-4C5D-8BC4-7F8ED8BB0116}
[2011/10/19 17:29:54 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{AD2C6965-B913-4FDF-9E63-1E287263C124}
[2011/10/19 17:28:57 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A9BDE37B-7F5F-4200-A9B6-50647BCBE5B2}
[2011/10/18 17:31:34 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{6B421DF5-16B8-4F0D-9038-094508856E8E}
[2011/10/18 17:29:47 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{568C5453-37C0-41CD-ADA7-327EA3A6CCF7}
[2011/10/17 17:49:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2011/10/17 17:29:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C025218F-EE77-467B-916A-2F1509F38C6A}
[2011/10/17 17:29:06 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FE9F16C7-90E1-43D2-AB66-CFAF862786DC}
[2011/10/16 14:24:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{B17CF388-64DC-4D4A-9437-2E2735914A70}
[2011/10/16 14:23:27 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{113CEDD0-A60A-4697-8125-1AB52DF2B420}
[1 C:\Users\Alex\AppData\Local\*.tmp files -> C:\Users\Alex\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/14 20:22:06 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/14 20:13:59 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/14 20:13:59 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/14 20:11:07 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/11/14 20:06:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/14 20:06:28 | 2144,292,863 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/13 10:16:39 | 000,730,492 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/13 10:16:39 | 000,150,318 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/13 10:16:38 | 000,872,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/09 23:48:59 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/09 23:32:17 | 000,002,050 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/09 18:43:06 | 000,349,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/08 18:28:46 | 007,796,137 | ---- | M] () -- C:\Users\Alex\AppData\Local\census.cache
[2011/11/08 18:28:02 | 000,000,000 | ---- | M] () -- C:\Users\Alex\AppData\Local\ars.cache
[2011/11/08 18:16:20 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/27 22:04:56 | 050,295,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011/10/23 14:21:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/10/22 18:07:52 | 171,319,438 | ---- | M] () -- C:\eclipse-SDK-3.5.zip
[1 C:\Users\Alex\AppData\Local\*.tmp files -> C:\Users\Alex\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/13 01:59:41 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2011/10/23 14:21:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/10/22 18:09:43 | 171,319,438 | ---- | C] () -- C:\eclipse-SDK-3.5.zip
[2011/10/17 17:49:43 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/10/17 17:49:39 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/10/01 16:46:49 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/09/27 18:42:54 | 000,000,051 | ---- | C] () -- C:\Windows\ScreenHunter.INI
[2011/09/21 17:21:30 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\{3026D4CB-7707-440C-9EC7-D78C68701BFA}
[2011/09/12 17:33:03 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\{5DA6C031-7F4F-4082-971F-181039EFEEB3}
[2011/09/11 06:41:16 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\{556873B6-3D4B-4856-A865-87E0CB8F5FEA}
[2011/08/30 17:47:27 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\{E6191C77-F621-42CF-8C8C-99B5C922FBFF}
[2011/08/24 17:57:03 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\{D0D8004C-CB90-4DD7-A701-3C2DB24D1DE1}
[2011/08/23 22:14:36 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\{DE2FFBAA-7AEB-473E-B660-4E4A2AB0E633}
[2011/08/22 20:14:22 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\{B2954C9A-6BF5-4AFF-BE7F-B03690C3962F}
[2011/08/22 20:12:35 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\{12EF8963-E62C-4D23-BDBC-6056BEC3B56F}
[2011/08/12 18:04:51 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\{5832C2C9-D78E-47B8-9F56-742528145EDB}
[2011/08/11 20:32:16 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\{4E1A34C5-D77C-4E4D-86F2-DF6A6DFBBB9E}
[2011/08/05 17:42:39 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\{CF5072A6-0C28-486F-A5AA-5F630A464594}
[2011/07/30 11:25:16 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\{6345231C-C77D-4A07-9576-02E65A452ACA}
[2011/07/19 22:28:19 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\{338FBE17-D3C2-45DC-B361-1FE14AA9F62D}
[2011/07/15 03:28:15 | 007,796,137 | ---- | C] () -- C:\Users\Alex\AppData\Local\census.cache
[2011/07/15 03:24:05 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\ars.cache
[2011/06/15 06:00:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/15 04:29:07 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/06/15 04:29:07 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/06/15 04:29:07 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/06/15 04:28:58 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/06/15 04:28:58 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/04/29 13:41:43 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/04/16 08:22:33 | 000,000,036 | ---- | C] () -- C:\Users\Alex\AppData\Local\housecall.guid.cache
[2011/04/14 20:24:32 | 000,011,992 | -HS- | C] () -- C:\Users\Alex\AppData\Local\1729997856
[2011/02/10 09:10:51 | 000,763,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/25 12:01:47 | 002,748,303 | ---- | C] () -- C:\Users\Alex\AppData\Local\IconCache (1).db
[2010/12/25 10:52:04 | 000,064,160 | ---- | C] () -- C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1 (1).DAT
[2010/02/22 13:25:56 | 000,089,416 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010/02/22 13:25:12 | 000,059,208 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2010/02/22 13:24:10 | 000,247,624 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/09/24 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AnvSoft
[2011/09/24 20:06:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ChemTable Software
[2011/09/24 20:06:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\CoreCodec
[2011/09/24 20:06:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\F-Secure
[2011/09/24 20:06:43 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FreeBurner
[2011/09/24 20:07:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\GrabIt
[2011/09/24 20:11:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org
[2011/09/24 13:02:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PCDr
[2011/11/08 19:27:23 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sammsoft
[2011/09/24 20:11:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SoftGrid Client
[2011/11/12 00:46:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spyware Remover Pro
[2011/01/15 22:11:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TP
[2011/11/14 21:13:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent
[2011/09/24 20:13:20 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Windows Live Writer
[2011/11/08 18:16:20 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/13 22:08:49 | 000,025,084 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/14 20:22:06 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/11/20 20:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2008/10/04 09:13:24 | 000,000,076 | ---- | M] () -- C:\cdrlog.txt
[2003/11/09 06:39:16 | 000,005,347 | RH-- | M] () -- C:\DELL (1).SDR
[2010/11/09 22:59:51 | 000,004,437 | RH-- | M] () -- C:\dell (2).sdr
[2011/06/15 05:48:38 | 000,031,792 | RH-- | M] () -- C:\dell.sdr
[2010/01/03 18:32:14 | 000,000,356 | ---- | M] () -- C:\drmHeader.bin
[2011/10/22 18:07:52 | 171,319,438 | ---- | M] () -- C:\eclipse-SDK-3.5.zip
[2011/11/14 20:06:28 | 2144,292,863 | -HS- | M] () -- C:\hiberfil.sys
[2003/11/09 07:05:19 | 000,000,453 | -H-- | M] () -- C:\IPH.PH
[2011/11/09 00:30:36 | 000,000,080 | ---- | M] () -- C:\log.txt
[2011/11/14 20:06:47 | 000,288,201 | ---- | M] () -- C:\OSD_Log.txt
[2011/11/14 20:06:30 | 4290,715,647 | -HS- | M] () -- C:\pagefile.sys
[2011/06/15 04:17:07 | 000,000,014 | ---- | M] () -- C:\PowerSetting.txt
[2006/01/02 19:55:59 | 000,002,165 | ---- | M] () -- C:\StepForwardHype.rtf
[2010/11/09 21:49:58 | 001,174,674 | ---- | M] () -- C:\vcredist_x86 (1).log
[2011/06/15 04:33:44 | 001,174,258 | ---- | M] () -- C:\vcredist_x86.log


< MD5 for: AGP440.SYS >
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2010/11/20 20:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 20:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/10 23:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/10 23:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/10 23:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/10 23:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 20:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 20:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 20:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 20:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVRAID.SYS >
[2011/03/10 23:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\drivers\nvraid.sys
[2011/03/10 23:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvraid.sys
[2011/03/10 23:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2010/11/20 20:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvraid.sys
[2010/11/20 20:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2011/03/10 23:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2011/03/10 23:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/10 23:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/10 23:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/10 23:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 20:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 20:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010/11/20 20:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 20:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 20:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 20:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %PROGRAMFILES%\*. >
[2011/06/15 04:47:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/11/07 21:20:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011/11/07 21:20:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2011/11/07 21:20:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011/06/15 04:21:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2011/11/07 21:20:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/11/07 21:20:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cozi Express
[2011/11/07 21:20:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
[2011/11/07 21:20:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative Live! Cam
[2011/11/07 21:20:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2011/11/07 21:20:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell
[2011/11/14 20:17:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell DataSafe Local Backup
[2011/11/13 10:40:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Digital Delivery
[2011/06/15 04:58:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Stage
[2011/06/15 04:34:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Touch Software Suite
[2011/06/15 04:35:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Webcam
[2011/06/15 04:28:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\eBay
[2011/06/15 04:56:31 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/11/13 09:53:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/09/30 21:59:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2011/06/15 04:46:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Jagex
[2011/09/30 19:03:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/10/19 17:26:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee
[2011/09/28 21:50:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee.com
[2011/09/26 18:29:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/09/26 19:12:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011/09/26 19:08:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SDKs
[2011/10/14 18:05:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/09/28 22:48:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server
[2011/09/26 19:08:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/09/26 19:08:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/06/15 04:09:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Touch Pack for Windows 7
[2011/09/26 19:09:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2011/06/15 04:07:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft XNA
[2011/09/26 19:11:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011/11/09 23:32:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/09/25 02:20:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011/06/15 04:17:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Multimedia Card Reader(6366)
[2011/06/15 04:15:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nuvoton Technology Corp
[2011/09/30 19:05:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3
[2011/09/27 19:23:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenVPN
[2011/09/30 21:57:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2011/09/29 20:03:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Radmin
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/06/15 04:52:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio
[2011/06/15 04:28:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sensible Vision
[2011/10/30 17:42:10 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2011/11/13 01:20:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spyware Remover Pro
[2011/11/04 19:35:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StepForwardAdmin
[2011/10/22 17:50:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StepForwardClient
[2011/06/15 04:46:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TrustedID
[2009/07/13 21:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2011/10/29 22:49:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2011/06/15 04:08:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Virtual Earth 3D
[2011/06/15 04:21:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent
[2011/06/15 04:22:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent Games
[2011/11/13 09:53:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/09/28 22:32:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/11/13 09:53:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/11/13 09:53:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/11/13 09:53:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/11/13 09:53:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/11/13 09:53:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/09/27 18:42:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free
[2011/11/04 19:35:23 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Zero G Registry

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents >

========== Files - Unicode (All) ==========
[2010/06/20 17:43:00 | 000,001,362 | ---- | M] ()(C:\Users\Alex\Desktop\22 ???? - ???????.lnk) -- C:\Users\Alex\Desktop\22 июня - Солонин.lnk
[2010/05/11 00:04:53 | 000,001,362 | ---- | C] ()(C:\Users\Alex\Desktop\22 ???? - ???????.lnk) -- C:\Users\Alex\Desktop\22 июня - Солонин.lnk

< End of report >
gestalt
Active Member
 
Posts: 10
Joined: November 10th, 2011, 12:11 am

Re: Invected with fake anti-virus

Unread postby gestalt » November 15th, 2011, 12:43 am

Extras.txt
OTL Extras logfile created on: 14/11/2011 9:05:40 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Alex\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 77.36% Memory free
15.99 Gb Paging File | 12.78 Gb Available in Paging File | 79.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.83 Gb Total Space | 721.45 Gb Free Space | 78.69% Space Free | Partition Type: NTFS

Computer Name: HERCULES | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08627866-B869-8C66-C375-14D64CFF448B}" = ccc-utility64
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{277C688D-1948-4CF2-8EFC-6328C6AE85BB}" = SetDisplayConfig
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{362A3FDF-B12E-436A-9097-1B795A9FFCC5}" = Microsoft SQL Server 2008 R2 Native Client
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 Management Studio
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6448F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio
"{79FB3E7E-FD92-49A9-AAD1-193EE4CB85D3}" = Microsoft SQL Server 2008 R2 Setup (English)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{876F4556-6811-4341-A6D7-78C3F15420E2}" = FastAccess
"{89B91433-49FF-45E6-9B89-02E761A5ACB9}" = DellOSD
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
"Dell Support Center" = Dell Support Center
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{04DA0C9B-0BD8-835A-7BCB-58B4E2F57CED}" = ccc-core-static
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0807242D-4BB5-4F6C-BEA8-EC9D75A51C51}" = Multimedia Card Reader
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6ABC33-35FF-CBCA-595D-2B095BC35C5C}" = CCC Help Polish
"{0DCDDAAC-CB9D-27E5-ED83-CDD88DCCF85F}" = Skins
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C1473A1-1A26-4C8F-9548-A52D03066CE7}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{27612481-2FDB-E7A6-F76C-68E60F582219}" = CCC Help Swedish
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FAECEAF-0EBE-48FF-B60A-B4577C0EFDAB}" = CIR Tool Kit
"{309ECB18-F25E-F405-DF6C-8B1B4CEDD11B}" = Catalyst Control Center InstallProxy
"{31045ECE-019D-4DDF-A5C8-5C51A3FE50EE}" = Dell Digital Delivery
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{43CD1466-73DF-5CE8-2FF7-CB33A87CA754}" = CCC Help German
"{45F26F68-35F6-12D5-A83D-DE5C39786BA6}" = Catalyst Control Center Graphics Previews Vista
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DBA3785-6268-DEE0-BDE4-129776FAE34D}" = CCC Help Finnish
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5467C8DB-D7D5-411A-B2C7-2639B68627EF}" = StickyNotes
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5D965998-4756-C622-6785-B3C23BD4F8AC}" = CCC Help Japanese
"{61D7A655-D59B-1312-C69D-4D85082B8836}" = CCC Help Danish
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66F07F97-D1F1-4633-9D0A-C6AD0DC864D9}" = Dell Touch Software Suite Games
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{76A65EED-98BF-83CD-2989-97546A94572D}" = CCC Help Spanish
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FCAED3F-AA2D-7AE1-B367-61723135891D}" = CCC Help Chinese Traditional
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89AD7D28-F70D-2F9D-EBB7-771127521063}" = CCC Help Dutch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7B2D54-C5A4-07E0-D92E-462ECB95F352}" = CCC Help Chinese Standard
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{92A9F8A5-1EC6-A1EC-18FE-47098D074CFE}" = CCC Help Hungarian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A65A5ADE-F093-4840-4A52-0E4510ABE00F}" = CCC Help Thai
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A81F2341-5207-ADA5-127A-A96CE606BA17}" = CCC Help Turkish
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B2F5F3EA-BB20-BF63-A070-4EFA017F14F0}" = CCC Help Russian
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCFAD826-D8CA-C72B-52DD-B05167161515}" = CCC Help Italian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D15718E4-CD90-A107-2FDB-AF770B9AAEA8}" = CCC Help French
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}" = Dell Stage
"{DCA8B341-3DA6-7500-C145-4397E1447C4E}" = CCC Help Czech
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DCE3D214-E9B1-7AFD-85F7-79BA7612C859}" = CCC Help Portuguese
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DE7B593E-8227-071D-A768-CA3077D225E2}" = CCC Help English
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E0860139-60E3-FCD8-9081-157839572587}" = CCC Help Greek
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0C0979D-05BF-4B3E-0272-602BB817B249}" = Catalyst Control Center Localization All
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9486293-4A94-55A8-A389-B693CFE4E280}" = CCC Help Norwegian
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F161CEF1-E88E-5515-3AB1-F79A016B30AA}" = CCC Help Korean
"{F2B83C93-3F61-8971-7350-1FD2C6C310CC}" = Catalyst Control Center Graphics Previews Common
"{F336F89D-8C5A-432C-8EA9-DA19377AD591}" = Dell MusicStage
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Dell Webcam Central" = Dell Webcam Central
"InstallShield_{0807242D-4BB5-4F6C-BEA8-EC9D75A51C51}" = Multimedia Card Reader
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSC" = McAfee SecurityCenter
"OpenVPN" = OpenVPN 2.2.1
"Remote Administrator v2.2" = Remote Administrator v2.2
"StepForward Client" = StepForward Client
"StepForwardAdmin" = StepForwardAdmin
"uTorrent" = µTorrent
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"WT089409" = Bejeweled 2 Deluxe
"WT089410" = Blackhawk Striker 2
"WT089411" = Build-a-lot 2
"WT089412" = Cake Mania
"WT089413" = Chuzzle Deluxe
"WT089414" = Diner Dash 2 Restaurant Rescue
"WT089415" = Dora's World Adventure
"WT089418" = FATE
"WT089420" = Jewel Quest
"WT089422" = Jewel Quest Solitaire 2
"WT089426" = Poker Superstars III
"WT089430" = Virtual Villagers 4 - The Tree of Life
"WT089433" = Polar Golfer
"WT089434" = Escape Whisper Valley (TM)
"WT089440" = Namco All-Stars PAC-MAN
"WT089443" = Bounce Symphony
"WT089444" = Final Drive Nitro
"WT089445" = Penguins!
"WT089446" = Wedding Dash - Ready, Aim, Love!
"WT089448" = Zuma Deluxe
"WT089450" = Farm Frenzy
"WT089452" = Plants vs. Zombies - Game of the Year
"WT089499" = Final Drive Fury
"WT089503" = Samantha Swift
"WT089507" = Luxor
"WT089508" = Polar Bowler

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/11/2011 5:34:33 PM | Computer Name = HERCULES | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 13/11/2011 9:43:28 PM | Computer Name = HERCULES | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 13/11/2011 11:24:44 PM | Computer Name = HERCULES | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 13/11/2011 11:30:38 PM | Computer Name = HERCULES | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 14/11/2011 12:18:23 AM | Computer Name = HERCULES | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 14/11/2011 12:18:23 AM | Computer Name = HERCULES | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 14/11/2011 10:32:57 PM | Computer Name = HERCULES | Source = WinMgmt | ID = 10
Description =

Error - 14/11/2011 10:44:01 PM | Computer Name = HERCULES | Source = WinMgmt | ID = 10
Description =

Error - 14/11/2011 10:55:56 PM | Computer Name = HERCULES | Source = WinMgmt | ID = 10
Description =

Error - 14/11/2011 11:06:47 PM | Computer Name = HERCULES | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 09/11/2011 3:31:16 AM | Computer Name = HERCULES | Source = WLAN-Tray | ID = 0
Description = 00:31:15, Wed, Nov 09, 11 Error - Unable to gain access to user store


[ Dell Events ]
Error - 25/09/2011 6:02:48 AM | Computer Name = HERCULES | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 25/09/2011 6:02:48 AM | Computer Name = HERCULES | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 29/09/2011 10:51:49 PM | Computer Name = HERCULES | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 29/09/2011 10:51:49 PM | Computer Name = HERCULES | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 23/10/2011 2:40:33 AM | Computer Name = HERCULES | Source = DCOM | ID = 10016
Description =

Error - 23/10/2011 2:51:10 AM | Computer Name = HERCULES | Source = DCOM | ID = 10016
Description =

Error - 23/10/2011 11:39:34 AM | Computer Name = HERCULES | Source = DCOM | ID = 10016
Description =

Error - 23/10/2011 5:21:42 PM | Computer Name = HERCULES | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 23/10/2011 5:21:43 PM | Computer Name = HERCULES | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 23/10/2011 5:21:44 PM | Computer Name = HERCULES | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 23/10/2011 8:21:02 PM | Computer Name = HERCULES | Source = DCOM | ID = 10016
Description =

Error - 24/10/2011 1:21:04 AM | Computer Name = HERCULES | Source = DCOM | ID = 10016
Description =

Error - 02/11/2011 8:24:06 PM | Computer Name = HERCULES | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 02/11/2011 8:24:06 PM | Computer Name = HERCULES | Source = VDS Basic Provider | ID = 33554433
Description =


< End of report >

report.txt
21:35:18.0232 5208 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
21:35:19.0153 5208 ============================================================
21:35:19.0153 5208 Current date / time: 2011/11/14 21:35:19.0153
21:35:19.0153 5208 SystemInfo:
21:35:19.0153 5208
21:35:19.0153 5208 OS Version: 6.1.7601 ServicePack: 1.0
21:35:19.0153 5208 Product type: Workstation
21:35:19.0153 5208 ComputerName: HERCULES
21:35:19.0153 5208 UserName: Alex
21:35:19.0153 5208 Windows directory: C:\Windows
21:35:19.0153 5208 System windows directory: C:\Windows
21:35:19.0153 5208 Running under WOW64
21:35:19.0153 5208 Processor architecture: Intel x64
21:35:19.0153 5208 Number of processors: 4
21:35:19.0153 5208 Page size: 0x1000
21:35:19.0153 5208 Boot type: Normal boot
21:35:19.0153 5208 ============================================================
21:35:21.0571 5208 Initialize success
21:35:27.0692 3876 ============================================================
21:35:27.0692 3876 Scan started
21:35:27.0692 3876 Mode: Manual;
21:35:27.0692 3876 ============================================================
21:35:28.0550 3876 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:35:28.0566 3876 1394ohci - ok
21:35:28.0644 3876 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:35:28.0660 3876 ACPI - ok
21:35:28.0691 3876 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:35:28.0691 3876 AcpiPmi - ok
21:35:28.0753 3876 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:35:28.0769 3876 adp94xx - ok
21:35:28.0800 3876 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:35:28.0800 3876 adpahci - ok
21:35:28.0831 3876 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:35:28.0831 3876 adpu320 - ok
21:35:28.0925 3876 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:35:28.0925 3876 AFD - ok
21:35:28.0956 3876 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:35:28.0956 3876 agp440 - ok
21:35:28.0972 3876 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:35:28.0972 3876 aliide - ok
21:35:29.0003 3876 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:35:29.0003 3876 amdide - ok
21:35:29.0050 3876 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:35:29.0050 3876 AmdK8 - ok
21:35:29.0206 3876 amdkmdag (b64724ca6c9f3d8325f0f1a02c6adfaf) C:\Windows\system32\DRIVERS\atikmdag.sys
21:35:29.0330 3876 amdkmdag - ok
21:35:29.0408 3876 amdkmdap (18f03be6118ba9d8a9dc0b98997dc98e) C:\Windows\system32\DRIVERS\atikmpag.sys
21:35:29.0408 3876 amdkmdap - ok
21:35:29.0549 3876 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:35:29.0549 3876 AmdPPM - ok
21:35:29.0611 3876 amdsata (cc3021d064eb6d3c2f949530e2b0ba47) C:\Windows\system32\drivers\amdsata.sys
21:35:29.0611 3876 amdsata - ok
21:35:29.0642 3876 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:35:29.0642 3876 amdsbs - ok
21:35:29.0658 3876 amdxata (ffc5a0f6263574ef0d5467496b721f77) C:\Windows\system32\drivers\amdxata.sys
21:35:29.0674 3876 amdxata - ok
21:35:29.0705 3876 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:35:29.0705 3876 AppID - ok
21:35:29.0767 3876 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:35:29.0767 3876 arc - ok
21:35:29.0798 3876 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:35:29.0798 3876 arcsas - ok
21:35:29.0845 3876 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:35:29.0845 3876 AsyncMac - ok
21:35:29.0876 3876 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:35:29.0876 3876 atapi - ok
21:35:29.0954 3876 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys
21:35:29.0954 3876 AtiPcie - ok
21:35:30.0001 3876 AVerPola (da2f7699f8f10b4cd18374017163f39c) C:\Windows\system32\DRIVERS\AVerPola.sys
21:35:30.0001 3876 AVerPola - ok
21:35:30.0032 3876 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:35:30.0048 3876 b06bdrv - ok
21:35:30.0079 3876 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:35:30.0079 3876 b57nd60a - ok
21:35:30.0126 3876 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
21:35:30.0126 3876 BCM42RLY - ok
21:35:30.0235 3876 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:35:30.0251 3876 BCM43XX - ok
21:35:30.0282 3876 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
21:35:30.0282 3876 BcmVWL - ok
21:35:30.0313 3876 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:35:30.0313 3876 Beep - ok
21:35:30.0360 3876 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:35:30.0360 3876 blbdrive - ok
21:35:30.0422 3876 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:35:30.0422 3876 bowser - ok
21:35:30.0454 3876 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:35:30.0454 3876 BrFiltLo - ok
21:35:30.0485 3876 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:35:30.0485 3876 BrFiltUp - ok
21:35:30.0532 3876 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:35:30.0532 3876 Brserid - ok
21:35:30.0563 3876 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:35:30.0563 3876 BrSerWdm - ok
21:35:30.0578 3876 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:35:30.0578 3876 BrUsbMdm - ok
21:35:30.0610 3876 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:35:30.0844 3876 BrUsbSer - ok
21:35:30.0875 3876 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:35:31.0078 3876 BTHMODEM - ok
21:35:31.0124 3876 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:35:31.0312 3876 cdfs - ok
21:35:31.0327 3876 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:35:31.0343 3876 cdrom - ok
21:35:31.0390 3876 cfwids (75f91554e5fa6e962b880405fecc97a1) C:\Windows\system32\drivers\cfwids.sys
21:35:31.0390 3876 cfwids - ok
21:35:31.0421 3876 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:35:31.0421 3876 circlass - ok
21:35:31.0483 3876 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:35:31.0483 3876 CLFS - ok
21:35:31.0530 3876 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:35:31.0530 3876 CmBatt - ok
21:35:31.0546 3876 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:35:31.0546 3876 cmdide - ok
21:35:31.0577 3876 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:35:31.0577 3876 CNG - ok
21:35:31.0608 3876 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:35:31.0608 3876 Compbatt - ok
21:35:31.0655 3876 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:35:31.0655 3876 CompositeBus - ok
21:35:31.0670 3876 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:35:31.0686 3876 crcdisk - ok
21:35:31.0733 3876 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:35:31.0733 3876 CtClsFlt - ok
21:35:31.0748 3876 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:35:31.0764 3876 DfsC - ok
21:35:31.0780 3876 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:35:31.0780 3876 discache - ok
21:35:31.0795 3876 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:35:31.0795 3876 Disk - ok
21:35:31.0842 3876 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:35:31.0858 3876 drmkaud - ok
21:35:31.0889 3876 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:35:31.0904 3876 DXGKrnl - ok
21:35:31.0998 3876 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:35:32.0076 3876 ebdrv - ok
21:35:32.0107 3876 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:35:32.0107 3876 elxstor - ok
21:35:32.0138 3876 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:35:32.0138 3876 ErrDev - ok
21:35:32.0170 3876 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:35:32.0170 3876 exfat - ok
21:35:32.0216 3876 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
21:35:32.0216 3876 FACAP - ok
21:35:32.0263 3876 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:35:32.0263 3876 fastfat - ok
21:35:32.0294 3876 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:35:32.0294 3876 fdc - ok
21:35:32.0341 3876 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:35:32.0341 3876 FileInfo - ok
21:35:32.0357 3876 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:35:32.0372 3876 Filetrace - ok
21:35:32.0404 3876 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:35:32.0404 3876 flpydisk - ok
21:35:32.0450 3876 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:35:32.0450 3876 FltMgr - ok
21:35:32.0497 3876 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:35:32.0497 3876 FsDepends - ok
21:35:32.0513 3876 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:35:32.0513 3876 Fs_Rec - ok
21:35:32.0528 3876 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:35:32.0528 3876 fvevol - ok
21:35:32.0560 3876 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:35:32.0560 3876 gagp30kx - ok
21:35:32.0591 3876 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:35:32.0591 3876 GEARAspiWDM - ok
21:35:32.0622 3876 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:35:32.0622 3876 hcw85cir - ok
21:35:32.0653 3876 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:35:32.0653 3876 HDAudBus - ok
21:35:32.0684 3876 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:35:32.0684 3876 HidBatt - ok
21:35:32.0700 3876 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:35:32.0716 3876 HidBth - ok
21:35:32.0747 3876 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:35:32.0747 3876 HidIr - ok
21:35:32.0778 3876 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:35:32.0778 3876 HidUsb - ok
21:35:32.0825 3876 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:35:32.0825 3876 HpSAMD - ok
21:35:32.0872 3876 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:35:32.0887 3876 HTTP - ok
21:35:32.0903 3876 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:35:32.0903 3876 hwpolicy - ok
21:35:32.0934 3876 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:35:32.0934 3876 i8042prt - ok
21:35:33.0012 3876 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:35:33.0012 3876 iaStorV - ok
21:35:33.0059 3876 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:35:33.0059 3876 iirsp - ok
21:35:33.0168 3876 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
21:35:33.0184 3876 IntcAzAudAddService - ok
21:35:33.0215 3876 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:35:33.0215 3876 intelide - ok
21:35:33.0230 3876 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
21:35:33.0230 3876 intelppm - ok
21:35:33.0262 3876 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:35:33.0277 3876 IpFilterDriver - ok
21:35:33.0293 3876 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:35:33.0293 3876 IPMIDRV - ok
21:35:33.0324 3876 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:35:33.0324 3876 IPNAT - ok
21:35:33.0340 3876 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:35:33.0340 3876 IRENUM - ok
21:35:33.0355 3876 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:35:33.0355 3876 isapnp - ok
21:35:33.0402 3876 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:35:33.0402 3876 iScsiPrt - ok
21:35:33.0433 3876 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:35:33.0433 3876 kbdclass - ok
21:35:33.0449 3876 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:35:33.0464 3876 kbdhid - ok
21:35:33.0480 3876 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:35:33.0496 3876 KSecDD - ok
21:35:33.0527 3876 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:35:33.0527 3876 KSecPkg - ok
21:35:33.0542 3876 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:35:33.0542 3876 ksthunk - ok
21:35:33.0589 3876 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:35:33.0589 3876 lltdio - ok
21:35:33.0620 3876 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:35:33.0620 3876 LSI_FC - ok
21:35:33.0652 3876 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:35:33.0652 3876 LSI_SAS - ok
21:35:33.0667 3876 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:35:33.0683 3876 LSI_SAS2 - ok
21:35:33.0730 3876 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:35:33.0730 3876 LSI_SCSI - ok
21:35:33.0761 3876 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:35:33.0761 3876 luafv - ok
21:35:33.0870 3876 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:35:33.0870 3876 megasas - ok
21:35:33.0901 3876 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:35:33.0901 3876 MegaSR - ok
21:35:33.0979 3876 mfeapfk (eac376dd77ec9e95d38108a27c261dca) C:\Windows\system32\drivers\mfeapfk.sys
21:35:33.0979 3876 mfeapfk - ok
21:35:34.0026 3876 mfeavfk (f55f50b11d635658f346db0457bb2b79) C:\Windows\system32\drivers\mfeavfk.sys
21:35:34.0042 3876 mfeavfk - ok
21:35:34.0057 3876 mfeavfk01 - ok
21:35:34.0104 3876 mfefirek (33b8e35c5839a83d6700aab3e464553b) C:\Windows\system32\drivers\mfefirek.sys
21:35:34.0104 3876 mfefirek - ok
21:35:34.0135 3876 mfehidk (ada8c105c8f9a61284c75157c170585b) C:\Windows\system32\drivers\mfehidk.sys
21:35:34.0151 3876 mfehidk - ok
21:35:34.0166 3876 mfenlfk (c52ee6d1e1e5a69c989acc478051964e) C:\Windows\system32\DRIVERS\mfenlfk.sys
21:35:34.0166 3876 mfenlfk - ok
21:35:34.0182 3876 mferkdet (b000720e19ef733f938a6269d630f5dd) C:\Windows\system32\drivers\mferkdet.sys
21:35:34.0182 3876 mferkdet - ok
21:35:34.0244 3876 mfewfpk (62717ab68b38efee54678b85e19b0538) C:\Windows\system32\drivers\mfewfpk.sys
21:35:34.0260 3876 mfewfpk - ok
21:35:34.0291 3876 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:35:34.0291 3876 Modem - ok
21:35:34.0322 3876 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:35:34.0322 3876 monitor - ok
21:35:34.0354 3876 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:35:34.0354 3876 mouclass - ok
21:35:34.0369 3876 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:35:34.0369 3876 mouhid - ok
21:35:34.0385 3876 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:35:34.0385 3876 mountmgr - ok
21:35:34.0416 3876 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:35:34.0416 3876 mpio - ok
21:35:34.0447 3876 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:35:34.0447 3876 mpsdrv - ok
21:35:34.0494 3876 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:35:34.0494 3876 MRxDAV - ok
21:35:34.0556 3876 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:35:34.0572 3876 mrxsmb - ok
21:35:34.0666 3876 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:35:34.0666 3876 mrxsmb10 - ok
21:35:34.0697 3876 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:35:34.0697 3876 mrxsmb20 - ok
21:35:34.0728 3876 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:35:34.0728 3876 msahci - ok
21:35:34.0744 3876 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:35:34.0759 3876 msdsm - ok
21:35:34.0790 3876 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:35:34.0790 3876 Msfs - ok
21:35:34.0822 3876 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:35:34.0822 3876 mshidkmdf - ok
21:35:34.0837 3876 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:35:34.0837 3876 msisadrv - ok
21:35:34.0884 3876 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:35:34.0900 3876 MSKSSRV - ok
21:35:34.0915 3876 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:35:34.0915 3876 MSPCLOCK - ok
21:35:34.0946 3876 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:35:34.0946 3876 MSPQM - ok
21:35:34.0978 3876 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:35:34.0978 3876 MsRPC - ok
21:35:35.0009 3876 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:35:35.0009 3876 mssmbios - ok
21:35:35.0040 3876 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:35:35.0040 3876 MSTEE - ok
21:35:35.0071 3876 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:35:35.0071 3876 MTConfig - ok
21:35:35.0087 3876 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:35:35.0087 3876 Mup - ok
21:35:35.0149 3876 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:35:35.0165 3876 NativeWifiP - ok
21:35:35.0196 3876 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
21:35:35.0212 3876 NDIS - ok
21:35:35.0243 3876 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:35:35.0243 3876 NdisCap - ok
21:35:35.0258 3876 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:35:35.0258 3876 NdisTapi - ok
21:35:35.0274 3876 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:35:35.0274 3876 Ndisuio - ok
21:35:35.0290 3876 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:35:35.0290 3876 NdisWan - ok
21:35:35.0305 3876 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:35:35.0305 3876 NDProxy - ok
21:35:35.0321 3876 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:35:35.0336 3876 NetBIOS - ok
21:35:35.0352 3876 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:35:35.0368 3876 NetBT - ok
21:35:35.0414 3876 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:35:35.0414 3876 nfrd960 - ok
21:35:35.0461 3876 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:35:35.0461 3876 Npfs - ok
21:35:35.0492 3876 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:35:35.0492 3876 nsiproxy - ok
21:35:35.0586 3876 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:35:35.0633 3876 Ntfs - ok
21:35:35.0648 3876 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:35:35.0648 3876 Null - ok
21:35:35.0695 3876 nuviocir (be29aa3cba78480ab8591873197cb56a) C:\Windows\system32\DRIVERS\nuviocir_win7_x64.sys
21:35:35.0695 3876 nuviocir - ok
21:35:35.0742 3876 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:35:35.0742 3876 nvraid - ok
21:35:35.0773 3876 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:35:35.0789 3876 nvstor - ok
21:35:35.0820 3876 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:35:35.0820 3876 nv_agp - ok
21:35:35.0836 3876 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:35:35.0836 3876 ohci1394 - ok
21:35:35.0882 3876 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:35:35.0882 3876 Parport - ok
21:35:35.0914 3876 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:35:35.0914 3876 partmgr - ok
21:35:36.0007 3876 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
21:35:36.0007 3876 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
21:35:36.0054 3876 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:35:36.0054 3876 pci - ok
21:35:36.0085 3876 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:35:36.0085 3876 pciide - ok
21:35:36.0116 3876 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:35:36.0116 3876 pcmcia - ok
21:35:36.0148 3876 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:35:36.0148 3876 pcw - ok
21:35:36.0179 3876 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:35:36.0194 3876 PEAUTH - ok
21:35:36.0241 3876 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:35:36.0241 3876 PptpMiniport - ok
21:35:36.0272 3876 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:35:36.0288 3876 Processor - ok
21:35:36.0350 3876 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:35:36.0350 3876 Psched - ok
21:35:36.0413 3876 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:35:36.0413 3876 PxHlpa64 - ok
21:35:36.0475 3876 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:35:36.0522 3876 ql2300 - ok
21:35:36.0553 3876 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:35:36.0553 3876 ql40xx - ok
21:35:36.0569 3876 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:35:36.0569 3876 QWAVEdrv - ok
21:35:36.0600 3876 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:35:36.0600 3876 RasAcd - ok
21:35:36.0631 3876 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:35:36.0647 3876 RasAgileVpn - ok
21:35:36.0662 3876 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:35:36.0662 3876 Rasl2tp - ok
21:35:36.0678 3876 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:35:36.0694 3876 RasPppoe - ok
21:35:36.0694 3876 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:35:36.0694 3876 RasSstp - ok
21:35:36.0740 3876 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:35:36.0756 3876 rdbss - ok
21:35:36.0787 3876 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:35:36.0787 3876 rdpbus - ok
21:35:36.0818 3876 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:35:36.0818 3876 RDPCDD - ok
21:35:36.0834 3876 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:35:36.0834 3876 RDPENCDD - ok
21:35:36.0865 3876 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:35:36.0865 3876 RDPREFMP - ok
21:35:36.0896 3876 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:35:36.0896 3876 RDPWD - ok
21:35:36.0943 3876 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:35:36.0943 3876 rdyboost - ok
21:35:37.0021 3876 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
21:35:37.0021 3876 RsFx0150 - ok
21:35:37.0052 3876 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:35:37.0052 3876 rspndr - ok
21:35:37.0115 3876 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:35:37.0115 3876 RTL8167 - ok
21:35:37.0318 3876 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Users\Alex\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS
21:35:37.0318 3876 SASDIFSV - ok
21:35:37.0396 3876 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Users\Alex\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS
21:35:37.0396 3876 SASKUTIL - ok
21:35:37.0442 3876 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:35:37.0442 3876 sbp2port - ok
21:35:37.0458 3876 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:35:37.0458 3876 scfilter - ok
21:35:37.0489 3876 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:35:37.0489 3876 secdrv - ok
21:35:37.0520 3876 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:35:37.0520 3876 Serenum - ok
21:35:37.0536 3876 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:35:37.0536 3876 Serial - ok
21:35:37.0583 3876 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:35:37.0583 3876 sermouse - ok
21:35:37.0630 3876 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:35:37.0630 3876 sffdisk - ok
21:35:37.0661 3876 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:35:37.0661 3876 sffp_mmc - ok
21:35:37.0708 3876 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:35:37.0708 3876 sffp_sd - ok
21:35:37.0754 3876 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:35:37.0754 3876 sfloppy - ok
21:35:37.0786 3876 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:35:37.0786 3876 SiSRaid2 - ok
21:35:37.0817 3876 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:35:37.0817 3876 SiSRaid4 - ok
21:35:37.0848 3876 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:35:37.0864 3876 Smb - ok
21:35:37.0895 3876 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:35:37.0910 3876 spldr - ok
21:35:37.0973 3876 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:35:37.0988 3876 srv - ok
21:35:38.0020 3876 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:35:38.0020 3876 srv2 - ok
21:35:38.0066 3876 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:35:38.0082 3876 srvnet - ok
21:35:38.0113 3876 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:35:38.0113 3876 stexstor - ok
21:35:38.0144 3876 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:35:38.0144 3876 swenum - ok
21:35:38.0207 3876 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
21:35:38.0207 3876 tap0901 - ok
21:35:38.0300 3876 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:35:38.0332 3876 Tcpip - ok
21:35:38.0363 3876 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:35:38.0378 3876 TCPIP6 - ok
21:35:38.0425 3876 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:35:38.0425 3876 tcpipreg - ok
21:35:38.0472 3876 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:35:38.0472 3876 TDPIPE - ok
21:35:38.0519 3876 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:35:38.0519 3876 TDTCP - ok
21:35:38.0581 3876 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:35:38.0581 3876 tdx - ok
21:35:38.0628 3876 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
21:35:38.0628 3876 TermDD - ok
21:35:38.0675 3876 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:35:38.0675 3876 tssecsrv - ok
21:35:38.0706 3876 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:35:38.0706 3876 TsUsbFlt - ok
21:35:38.0737 3876 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:35:38.0737 3876 TsUsbGD - ok
21:35:38.0800 3876 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:35:38.0800 3876 tunnel - ok
21:35:38.0831 3876 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:35:38.0831 3876 uagp35 - ok
21:35:38.0862 3876 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:35:38.0862 3876 udfs - ok
21:35:38.0924 3876 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:35:38.0924 3876 uliagpkx - ok
21:35:38.0956 3876 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:35:38.0956 3876 umbus - ok
21:35:38.0987 3876 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:35:38.0987 3876 UmPass - ok
21:35:39.0034 3876 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:35:39.0049 3876 USBAAPL64 - ok
21:35:39.0096 3876 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
21:35:39.0096 3876 usbccgp - ok
21:35:39.0127 3876 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:35:39.0143 3876 usbcir - ok
21:35:39.0190 3876 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:35:39.0190 3876 usbehci - ok
21:35:39.0236 3876 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:35:39.0236 3876 usbhub - ok
21:35:39.0252 3876 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:35:39.0252 3876 usbohci - ok
21:35:39.0283 3876 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
21:35:39.0283 3876 usbprint - ok
21:35:39.0314 3876 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:35:39.0314 3876 USBSTOR - ok
21:35:39.0346 3876 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:35:39.0361 3876 usbuhci - ok
21:35:39.0424 3876 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
21:35:39.0424 3876 usbvideo - ok
21:35:39.0470 3876 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:35:39.0470 3876 vdrvroot - ok
21:35:39.0486 3876 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:35:39.0486 3876 vga - ok
21:35:39.0502 3876 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:35:39.0502 3876 VgaSave - ok
21:35:39.0533 3876 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:35:39.0533 3876 vhdmp - ok
21:35:39.0564 3876 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:35:39.0564 3876 viaide - ok
21:35:39.0595 3876 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:35:39.0611 3876 volmgr - ok
21:35:39.0626 3876 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:35:39.0626 3876 volmgrx - ok
21:35:39.0689 3876 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:35:39.0689 3876 volsnap - ok
21:35:39.0720 3876 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:35:39.0720 3876 vsmraid - ok
21:35:39.0767 3876 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:35:39.0767 3876 vwifibus - ok
21:35:39.0798 3876 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:35:39.0798 3876 vwififlt - ok
21:35:39.0829 3876 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:35:39.0829 3876 WacomPen - ok
21:35:39.0876 3876 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:35:39.0876 3876 WANARP - ok
21:35:39.0892 3876 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:35:39.0892 3876 Wanarpv6 - ok
21:35:39.0938 3876 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:35:39.0938 3876 Wd - ok
21:35:39.0970 3876 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:35:39.0985 3876 Wdf01000 - ok
21:35:40.0016 3876 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:35:40.0016 3876 WfpLwf - ok
21:35:40.0063 3876 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
21:35:40.0079 3876 WimFltr - ok
21:35:40.0094 3876 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:35:40.0094 3876 WIMMount - ok
21:35:40.0188 3876 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:35:40.0188 3876 WinUsb - ok
21:35:40.0235 3876 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:35:40.0250 3876 WmiAcpi - ok
21:35:40.0266 3876 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:35:40.0266 3876 ws2ifsl - ok
21:35:40.0313 3876 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:35:40.0313 3876 WSDPrintDevice - ok
21:35:40.0360 3876 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:35:40.0360 3876 WudfPf - ok
21:35:40.0391 3876 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:35:40.0391 3876 WUDFRd - ok
21:35:40.0453 3876 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:35:40.0469 3876 \Device\Harddisk0\DR0 - ok
21:35:40.0484 3876 Boot (0x1200) (66534a3676cb61a35286c5f6aba501dd) \Device\Harddisk0\DR0\Partition0
21:35:40.0484 3876 \Device\Harddisk0\DR0\Partition0 - ok
21:35:40.0484 3876 Boot (0x1200) (5384b7a7f80ff2db309061284792cffb) \Device\Harddisk0\DR0\Partition1
21:35:40.0484 3876 \Device\Harddisk0\DR0\Partition1 - ok
21:35:40.0484 3876 ============================================================
21:35:40.0484 3876 Scan finished
21:35:40.0484 3876 ============================================================
21:35:40.0500 5652 Detected object count: 0
21:35:40.0500 5652 Actual detected object count: 0
gestalt
Active Member
 
Posts: 10
Joined: November 10th, 2011, 12:11 am

Re: Invected with fake anti-virus

Unread postby Gary R » November 15th, 2011, 5:17 am

OK, there's a few things to attend to .....

First

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Java(TM) 6 Update 24 (64-bit)
J2SE Runtime Environment 5.0 Update 22
Java(TM) 6 Update 22
Java(TM) 6 Update 24
µTorrent


Old java versions can be exploited.

Use of P2P programs is the surest way to contract an infection that I know of, even the legit programs are not safe to use. Over 80% of people coming here for help had P2P programs on their computers. In return for our help, this forum insists that all P2P programs are removed and since we introduced this "no P2P" policy, the number of "re-infectees" we see has dropped dramatically.

Reboot your computer when finished.

Now download and install JDK 6 Update 29 (JDK or JRE).

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
[2011/11/09 23:32:12 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8m8aa8g8.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/11/10 00:18:27 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8m8aa8g8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/09/24 20:11:05 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8m8aa8g8.default\extensions\engine@conduit.com
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)

:files
C:\Users\Alex\AppData\Local\{0F6E828B-2897-4B8B-9F5C-08E0092A51D3}
C:\Users\Alex\AppData\Local\{A69EAD6A-7D44-4F73-8BE8-6AE3233FBA4B}
C:\Users\Alex\AppData\Local\{C51DD6CE-89B9-4A60-91D3-B13FE9EDAA54}
C:\Users\Alex\AppData\Local\{5221A750-D83D-49E6-AFC6-D471CC79816C}
C:\Users\Alex\AppData\Local\{9FBBD305-CC47-47C2-9853-2292EA8F3FD4}
C:\Users\Alex\AppData\Local\{EFB8B806-6C1D-4093-BA4A-C880D05A0B71}
C:\Users\Alex\AppData\Local\{3C9664AF-D914-4DDF-AACB-E6B2D05981A5}
C:\Users\Alex\AppData\Local\{029AC701-4506-43EA-B9C2-70E2CEBDCFB7}
C:\Users\Alex\AppData\Local\{30237A4E-6EA2-48C0-86DA-61B8632FE7C8}
C:\Users\Alex\AppData\Local\{703E7C38-E143-4D99-AD03-C547F9C45234}
C:\Users\Alex\AppData\Local\{955449E0-AE14-4EEC-9152-245650BC196E}
C:\Users\Alex\AppData\Local\{3B91E719-BF67-4D46-8C7E-8B2AD2FD3CA7}
C:\Users\Alex\AppData\Local\{A0AFCC31-5E5D-4278-A227-AE350CDC3A9D}
C:\Users\Alex\AppData\Local\{F7192B13-4E0D-4756-A62B-55555948D1AC}
C:\Users\Alex\AppData\Local\{5AC48A65-F70E-4EE2-B7BF-8C4DB12145E5}
C:\Users\Alex\AppData\Local\{9EDB4344-CB10-4A06-894B-DA5FFA90021E}
C:\Users\Alex\AppData\Local\{FED61E1E-8A54-4EAE-B988-D225E281DB8D}
C:\Users\Alex\AppData\Local\{24190DD4-862A-4C51-89DF-7969FA9D2476}
C:\Users\Alex\AppData\Local\{CFEE8127-6B7B-4D7D-A4CB-4019EA49A1C7}
C:\Users\Alex\AppData\Local\{1B4F8561-2786-4862-BEDC-41C807F8DB20}
C:\Users\Alex\AppData\Local\{5A244EF5-84AC-464A-8F28-E76C2FF82A42}
C:\Users\Alex\AppData\Local\{7BEE95B6-6B0C-4900-B90F-D02FD9383DF1}
C:\Users\Alex\AppData\Local\{25C09036-F8B7-491E-B371-0C1948FF6B7E}
C:\Users\Alex\AppData\Local\{2B46CC7A-E80F-482F-82F1-71296D7516A0}
C:\Users\Alex\AppData\Local\{D8EB5CBC-9C57-4D89-A83B-BA8171E8A060}
C:\Users\Alex\AppData\Local\{7B779C31-A751-468C-B261-5BAD2028444F}
C:\Users\Alex\AppData\Local\{30FBC544-8AE6-4054-8AFF-CC90BF66840B}
C:\Users\Alex\AppData\Local\{1EF8E2CF-8CDC-4556-8B40-4D727DDD3EE9}
C:\Users\Alex\AppData\Local\{7F761140-C939-4B24-8BF1-D479BCC749D8}
C:\Users\Alex\AppData\Local\{F469BE58-E46A-407D-AF06-ED842CBBC91C}
C:\Users\Alex\AppData\Local\{CCA93615-2AD0-407E-B9BF-751CEA74416D}
C:\Users\Alex\AppData\Local\{C38D37F7-ABC6-42E6-9754-761FF5B2E1C0}
C:\Users\Alex\AppData\Local\{DD7DCFC1-965B-4766-B1C0-678C848E8C45}
C:\Users\Alex\AppData\Local\{B94FC51C-2874-4422-8DCE-D096A30DD35C}
C:\Users\Alex\AppData\Local\{FC88A71A-D1DD-4C85-A882-F811AC684764}
C:\Users\Alex\AppData\Local\{AFAE05AE-A3C6-4A91-923F-7729568005B1}
C:\Users\Alex\AppData\Local\{A2AA007D-6690-4C5F-9360-3D5E173C8E1A}
C:\Users\Alex\AppData\Local\{263727D7-A107-4839-8189-F21B0C547E4A}
C:\Users\Alex\AppData\Local\{CD487BF2-F7D4-460A-A2B4-CD5A502B6613}
C:\Users\Alex\AppData\Local\{FB679E7D-300E-4155-8A5D-03D61914FC57}
C:\Users\Alex\AppData\Local\{8F191CE8-8F39-4F68-8928-22E0632E93B5}
C:\Users\Alex\AppData\Local\{D25A1EC6-7A4A-4376-B9E7-28D595BCA532}
C:\Users\Alex\AppData\Local\{E96CB59D-5E15-4E33-8E2F-909ED1482B9C}
C:\Users\Alex\AppData\Local\{C1B881DB-004E-4EB3-B3BA-2CBF4B27BA61}
C:\Users\Alex\AppData\Local\{234A3D1F-86AC-4487-80ED-70D8BDDBEEB5}
C:\Users\Alex\AppData\Local\{01358DE2-6BB4-46CE-B477-74A410250C1A}
C:\Users\Alex\AppData\Local\{7234F3F1-D852-4AB7-AD2D-B8363F3D5BA1}
C:\Users\Alex\AppData\Local\{F3FF803B-5EB6-477D-B67B-B7B653B8EFFE}
C:\Users\Alex\AppData\Local\{893E98CB-3F41-4AB2-959A-A33A0D9A3E8D}
C:\Users\Alex\AppData\Local\{CBC69AAA-294B-49B6-9532-430FBB04EC96}
C:\Users\Alex\AppData\Local\{9ED28368-0386-4857-96A8-AC2ABEC4B90C}
C:\Users\Alex\AppData\Local\{93BFB955-554A-4A96-9298-CE2E84A9EC53}
C:\Users\Alex\AppData\Local\{82D89231-7A11-4796-AB17-4A032EE8DD28}
C:\Users\Alex\AppData\Local\{C78B1856-EBD1-489A-A254-6ED3918459A9}
C:\Users\Alex\AppData\Local\{740A888B-36FD-49C4-AE61-97120ABE23E5}
C:\Users\Alex\AppData\Local\{501313BC-FDC3-4E3E-9A21-DBF4C9CF156D}
C:\Users\Alex\AppData\Local\{0BFD9D20-9FDA-4C88-BA34-B8A712C08D8D}
C:\Users\Alex\AppData\Local\{79A3C2FC-0BC9-4302-8EF3-D314604BB687}
C:\Users\Alex\AppData\Local\{7F99C657-FDF3-4C46-BB79-E72523ED01E3}
C:\Users\Alex\AppData\Local\{8DB07DC1-5D34-4931-A7FD-4D22A5EC26C0}
C:\Users\Alex\AppData\Local\{C56125CE-E71E-4536-981D-92DB1FCD380C}
C:\Users\Alex\AppData\Local\{9E34FA16-B2F1-4FCA-AD6C-B5E5C0ACB2DD}
C:\Users\Alex\AppData\Local\{B27CEB9B-1FF1-4ED7-A7D6-973328F77EFD}
C:\Users\Alex\AppData\Local\{A91C72A4-1382-491E-A763-CBDC055954CA}
C:\Users\Alex\AppData\Local\{5A5D661F-AB72-4AAF-BD0E-A03678537884}
C:\Users\Alex\AppData\Local\{7B494376-481C-4555-A7CB-36560123A754}
C:\Users\Alex\AppData\Local\{F268828C-7678-45CF-8008-6A445D7568C6}
C:\Users\Alex\AppData\Local\{0A9085E1-A89F-4C5D-8BC4-7F8ED8BB0116}
C:\Users\Alex\AppData\Local\{AD2C6965-B913-4FDF-9E63-1E287263C124}
C:\Users\Alex\AppData\Local\{A9BDE37B-7F5F-4200-A9B6-50647BCBE5B2}
C:\Users\Alex\AppData\Local\{6B421DF5-16B8-4F0D-9038-094508856E8E}
C:\Users\Alex\AppData\Local\{568C5453-37C0-41CD-ADA7-327EA3A6CCF7}
C:\Users\Alex\AppData\Local\{C025218F-EE77-467B-916A-2F1509F38C6A}
C:\Users\Alex\AppData\Local\{FE9F16C7-90E1-43D2-AB66-CFAF862786DC}
C:\Users\Alex\AppData\Local\{B17CF388-64DC-4D4A-9437-2E2735914A70}
C:\Users\Alex\AppData\Local\{113CEDD0-A60A-4697-8125-1AB52DF2B420}
C:\Users\Alex\AppData\Local\{3026D4CB-7707-440C-9EC7-D78C68701BFA}
C:\Users\Alex\AppData\Local\{5DA6C031-7F4F-4082-971F-181039EFEEB3}
C:\Users\Alex\AppData\Local\{556873B6-3D4B-4856-A865-87E0CB8F5FEA}
C:\Users\Alex\AppData\Local\{E6191C77-F621-42CF-8C8C-99B5C922FBFF}
C:\Users\Alex\AppData\Local\{D0D8004C-CB90-4DD7-A701-3C2DB24D1DE1}
C:\Users\Alex\AppData\Local\{DE2FFBAA-7AEB-473E-B660-4E4A2AB0E633}
C:\Users\Alex\AppData\Local\{B2954C9A-6BF5-4AFF-BE7F-B03690C3962F}
C:\Users\Alex\AppData\Local\{12EF8963-E62C-4D23-BDBC-6056BEC3B56F}
C:\Users\Alex\AppData\Local\{5832C2C9-D78E-47B8-9F56-742528145EDB}
C:\Users\Alex\AppData\Local\{4E1A34C5-D77C-4E4D-86F2-DF6A6DFBBB9E}
C:\Users\Alex\AppData\Local\{CF5072A6-0C28-486F-A5AA-5F630A464594}
C:\Users\Alex\AppData\Local\{6345231C-C77D-4A07-9576-02E65A452ACA}
C:\Users\Alex\AppData\Local\{338FBE17-D3C2-45DC-B361-1FE14AA9F62D}
C:\Users\Alex\AppData\Roaming\uTorrent
C:\Program Files (x86)\uTorrent
C:\Users\Alex\AppData\Local\uTorrent

:Commands
[CreateRestorePoint]
[EmptyTemp]
[ResetHosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

OTL shows that your homepage in Firefox is set to "http://echo.msk.ru" ....... did you set it to this ?

There is also a file on your desktop with Cyrillic (Russian) characters .... C:\Users\Alex\Desktop\22 июня - Солонин.lnk

Do you know what it is there for ?

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL fix log
  • E-Set log
  • Answer to the questions about the Russian web site and the Russian file on your desktop.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Invected with fake anti-virus

Unread postby gestalt » November 16th, 2011, 11:30 pm

1. I ran OTL 3 times, but it failed to produce the log.
I removed old Java and replaced it with version 6_29. However, I must keep Java 5 because it is required by my accounting package. I also removed uTorrent.

2. http://echo.msk.ru is the website of the Russian radio station, that I regularly listen to (I speak Russian). C:\Users\Alex\Desktop\22 июня - Солонин.lnk is a text file on the history of WW2. Both are benign.

3. The following is the ESET log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-16 03:07:29
# local_time=2011-11-15 08:07:29 (-0700, Mountain Standard Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777213 100 75 0 21785493 0 0
# compatibility_mode=5893 16776573 100 94 0 72956299 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=7
# found=0
# cleaned=0
# scan_time=146
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-16 12:06:23
# local_time=2011-11-16 05:06:23 (-0700, Mountain Standard Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777213 100 75 0 21789144 0 0
# compatibility_mode=5893 16776573 100 94 0 72956350 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=559776
# found=8
# cleaned=0
# scan_time=32281 I
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Radmin\raddrv.dll Win32/RemoteAdmin application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Radmin\radmin.exe Win32/RAdmin.22 application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Radmin\r_server.exe Win32/RAdmin.22 application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\592655a1-518a8bbc a variant of Java/Agent.BP trojan (unable to clean) 00000000000000000000000000000000 I

Note that Remote Admin is a program to remotely connect to another Windows machine (not unlike rdesktop); I use it to connect to my clients. It is benign, albeit antiquated.

Thank you very much for your help.
gestalt
Active Member
 
Posts: 10
Joined: November 10th, 2011, 12:11 am

Re: Invected with fake anti-virus

Unread postby Gary R » November 17th, 2011, 2:54 am

You should be able to find the OTL log in the following location .....

C:\_OTL\MovedFiles

There will be a file named ....

mmddyyyy_hhmmss.log (where mdyhms are replaced by numbers representing the date and time the log was created)

These logs can be opened using Notepad.

If there is more than one, just post me the one that relates to the first of the 3 fix attempts you ran.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Invected with fake anti-virus

Unread postby gestalt » November 17th, 2011, 3:03 am

The file's content is:

Files\Folders moved on Reboot...
File move failed. C:\Users\Alex\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

And the FXSAPIDebugLogFile.txt file is empty.
gestalt
Active Member
 
Posts: 10
Joined: November 10th, 2011, 12:11 am

Re: Invected with fake anti-virus

Unread postby Gary R » November 17th, 2011, 6:22 am

Should be a bit more than that in the log, if there's more than one log file in the MovedFiles folder please post me the contents of each.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Invected with fake anti-virus

Unread postby gestalt » November 17th, 2011, 10:27 pm

Here is the content of C:\_OTL\MovedFiles:

C:\_OTL\MovedFiles\11152011_193437\C_Users\Alex\AppData\Local\{0A9085E1-A89F-4C5D-8BC4-7F8ED8BB0116} (empty dir)
C:\_OTL\MovedFiles\11152011_193437\C_Users\Alex\AppData\Local\{...about 90 more directories like the above...} (empty dir)
C:\_OTL\MovedFiles\11152011_194159\C_Users\Alex\AppData\Local\Temp\FXSAPIDebugLogFile.txt (empty file)
C:\_OTL\MovedFiles\11162011_200634 (empty dir)
C:\_OTL\MovedFiles\11152011_194159.log (see the previous post)

Every OTL run ended in the reboot, but produced nothing beyond what I listed.

Is there some other test I could run to meet your requirements?

Thanks,
Alex
gestalt
Active Member
 
Posts: 10
Joined: November 10th, 2011, 12:11 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 130 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware