Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Suspected malware infestation [Closed]

Started by VelvetClaw , Nov 10 2012 08:07 PM

  • This topic is locked This topic is locked

#1
VelvetClaw
Posted 10 November 2012 - 08:07 PM

VelvetClaw

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

Recenty I tried to log on to mail.com, but found this message starting in my face:

Please enable Java Script in your browser to log in.

which should NOT be a problem as I have that toggled on in my browser. I tried the same thing with Internet Explorer, and it also gave the same reply back. I tried several sites which I know use Java script, and they somehow worked fine.

So it seems that this might be a malware infection which my McAfee might not have picked up. Can someone check the log file generated by OTL and advise me on what I should do?

OTL logfile created on: 11/11/2012 9:47:45 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Renatus\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

3.91 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 58.98% Memory free
7.82 Gb Paging File | 5.02 Gb Available in Paging File | 64.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 332.92 Gb Free Space | 73.82% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 22.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 491.73 Mb Total Space | 341.09 Mb Free Space | 69.36% Space Free | Partition Type: FAT

Computer Name: GRANDEE | User Name: Renatus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/11 09:47:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Renatus\Downloads\OTL.exe
PRC - [2012/11/04 00:26:40 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/28 14:55:39 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/10/13 02:04:03 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/08/04 12:29:15 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2012/05/25 02:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Renatus\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/18 03:18:44 | 000,232,616 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/12/06 22:41:38 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Maxis Broadband\Maxis Broadband.exe
PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/20 01:34:32 | 002,013,168 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2011/08/20 01:34:32 | 000,096,240 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2011/08/20 01:34:28 | 002,451,440 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/06/29 22:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
PRC - [2011/06/28 09:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
PRC - [2011/05/21 01:16:10 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/04/23 00:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/22 09:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/14 00:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/11/18 01:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/18 00:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
PRC - [2010/11/18 00:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/11/06 13:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 13:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/06 11:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/06 11:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/04 00:26:39 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/13 02:04:03 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/09/24 07:24:28 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/09/24 07:24:26 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/09/24 07:24:26 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/09/24 07:24:26 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/09/24 07:24:25 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/07/05 22:06:48 | 000,015,800 | ---- | M] () -- C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2native.dll
MOD - [2012/06/15 20:56:02 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3ac345f23c9bf10342c5c12f2d2c5728\IAStorUtil.ni.dll
MOD - [2012/06/14 07:26:54 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0f59b7aebc4be73d5da020c88c72f33b\PresentationFramework.ni.dll
MOD - [2012/06/14 07:26:42 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\828e99a57411166ccc26d24be089ba44\System.Windows.Forms.ni.dll
MOD - [2012/06/14 07:26:36 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\502adc65e43b9d025cba1fd0bfa964a8\System.Drawing.ni.dll
MOD - [2012/06/14 07:26:34 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a6fc17fd5d463a675fa6c9bb7ed1ab73\PresentationCore.ni.dll
MOD - [2012/05/13 14:44:55 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\7dfba5d1d4bb05f6e4ea95ffa0f359a9\System.Core.ni.dll
MOD - [2012/05/13 14:43:54 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\23917a73056cd44ac791a08442c9848a\IAStorCommon.ni.dll
MOD - [2012/05/13 12:36:58 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96a5c5331595b2dbc3a891ad1249e519\PresentationFramework.Aero.ni.dll
MOD - [2012/05/13 12:36:29 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\12dc22db56f7933e84654ecc590beba5\System.Runtime.Remoting.ni.dll
MOD - [2012/05/13 12:35:56 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\5b10c18a074132f1ae4a86d860cf9615\WindowsBase.ni.dll
MOD - [2012/05/13 12:35:53 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb0e4de1afd3f2efbbf39a5e39f646a\System.Xml.ni.dll
MOD - [2012/05/13 12:35:50 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9447bd5b21a91081d4275b4c4401b1f9\System.ni.dll
MOD - [2012/05/13 12:35:50 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2a5cbab122112cd4291b684e67460c16\System.Configuration.ni.dll
MOD - [2012/05/13 12:35:44 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2ab531f4915cccb998c4e852fb7efd00\mscorlib.ni.dll
MOD - [2011/12/06 22:41:38 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Maxis Broadband\Maxis Broadband.exe
MOD - [2011/08/20 01:34:44 | 000,089,584 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2011/08/20 01:34:32 | 000,059,888 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2011/08/20 01:34:22 | 000,251,888 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/29 22:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
MOD - [2011/06/28 09:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
MOD - [2011/06/28 09:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
MOD - [2011/06/25 13:21:46 | 000,322,624 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
MOD - [2011/06/25 13:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
MOD - [2011/04/23 00:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2011/04/22 09:32:12 | 000,235,112 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010/11/25 12:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/18 00:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
MOD - [2010/11/18 00:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/11/18 00:35:28 | 000,657,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll
MOD - [2010/03/23 05:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
MOD - [2010/03/17 10:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
MOD - [2010/03/17 10:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
MOD - [2010/03/17 10:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
MOD - [2010/03/12 09:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
MOD - [2010/03/12 09:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
MOD - [2010/03/06 05:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
MOD - [2010/03/06 05:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
MOD - [2008/11/08 15:15:44 | 000,061,440 | R--- | M] () -- C:\Program Files (x86)\Maxis Broadband\XCodec.dll
MOD - [2008/11/08 15:15:38 | 000,061,440 | R--- | M] () -- C:\Program Files (x86)\Maxis Broadband\DeviceOperate.dll
MOD - [2008/11/08 15:15:32 | 000,151,552 | R--- | M] () -- C:\Program Files (x86)\Maxis Broadband\DetectDev.dll
MOD - [2008/11/08 15:15:26 | 000,552,960 | R--- | M] () -- C:\Program Files (x86)\Maxis Broadband\atcomm.dll
MOD - [2008/11/08 14:16:00 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Maxis Broadband\LocaleMgrPlugin.dll
MOD - [2008/11/08 14:15:08 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Maxis Broadband\SMSPlugin.dll
MOD - [2008/11/08 14:14:00 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Maxis Broadband\NotifyServicePlugin.dll
MOD - [2008/11/08 14:11:36 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Maxis Broadband\ConfigFilePlugin.dll
MOD - [2008/11/08 14:10:10 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Maxis Broadband\DeviceMgrPlugin.dll
MOD - [2008/11/08 14:07:30 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Maxis Broadband\NetInfoPlugin.dll
MOD - [2008/11/08 14:04:14 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Maxis Broadband\DialUpPlugin.dll
MOD - [2008/11/08 14:02:54 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Maxis Broadband\DeviceMgrUIPlugin.dll
MOD - [2008/11/08 13:52:52 | 000,860,160 | ---- | M] () -- C:\Program Files (x86)\Maxis Broadband\NDISAPI.dll
MOD - [2007/08/23 16:39:30 | 000,014,848 | R--- | M] () -- C:\Program Files (x86)\Maxis Broadband\isaputrace.dll
MOD - [2007/07/31 15:50:04 | 000,090,112 | R--- | M] () -- C:\Program Files (x86)\Maxis Broadband\FileManager.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/10 17:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/07/17 14:52:28 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/07/17 14:49:24 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/07/17 14:47:42 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/03/09 07:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2011/01/25 17:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/11/30 05:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/23 08:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/11/04 00:26:40 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/28 14:55:39 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/13 02:04:04 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/20 01:34:28 | 002,451,440 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/05/21 01:16:10 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/05/21 01:15:20 | 000,080,032 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/04/23 00:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/22 09:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/11/25 19:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 19:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/06 13:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/06 11:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/06 11:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/08/26 10:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/19 03:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/17 14:55:40 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/07/17 14:52:38 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/07/17 14:51:16 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/07/17 14:50:36 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/07/17 14:49:36 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/07/17 14:48:54 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/07/17 14:48:34 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/07 21:56:17 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/05/21 01:15:34 | 000,282,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/05/21 01:15:34 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/05/21 01:15:34 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/05/21 01:15:34 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/05/21 01:15:34 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/05/21 01:15:34 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/05/21 01:15:32 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/05/13 16:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/23 00:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/04/22 10:17:10 | 002,727,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/04/11 03:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 13:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/01/25 17:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/21 01:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/12/11 05:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/11 05:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/30 05:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/07 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/30 08:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/27 03:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/09/21 23:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/03/19 17:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/09/10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/07/24 15:52:14 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/25 10:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2006/11/02 02:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com?so...4E242877D2DAE63
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?s...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.8.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\system32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2011/12/02 12:53:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/12/02 13:00:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/12/02 13:00:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/12/02 13:00:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/09/30 22:47:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/04 00:26:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2012/10/25 23:28:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/04 00:26:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/13 21:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Renatus\AppData\Roaming\Mozilla\Extensions
[2012/11/11 09:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Renatus\AppData\Roaming\Mozilla\Firefox\Profiles\mud2gzsy.default\extensions
[2012/04/01 11:26:16 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\Renatus\AppData\Roaming\Mozilla\Firefox\Profiles\mud2gzsy.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
[2012/11/11 09:37:38 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Renatus\AppData\Roaming\Mozilla\Firefox\Profiles\mud2gzsy.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2012/05/04 20:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/04 00:26:40 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/04 20:53:20 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/11/04 00:26:39 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/01 11:26:21 | 000,002,127 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
[2012/05/04 20:53:20 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/04 20:53:20 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/11/04 00:26:39 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/05/04 20:53:20 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120617162209.dll (McAfee, Inc.)
O2:64bit: - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll (Visicom Media)
O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120617162209.dll (McAfee, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [NVHotkey] C:\windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Renatus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Act of War_ High Treason Registration.lnk = File not found
O4 - Startup: C:\Users\Renatus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Renatus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B36D860-7D9B-4B48-9E51-B7C0B413EF20}: DhcpNameServer = 172.9.1.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFEA2DA0-F29E-4F52-93E0-902982A70F4D}: NameServer = 58.71.136.10 58.71.132.10
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll (Sensible Vision )
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/22 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/21 18:45:28 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{02f14855-6b34-11e1-97e7-180373a9402c}\Shell - "" = AutoRun
O33 - MountPoints2\{02f14855-6b34-11e1-97e7-180373a9402c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{02f14861-6b34-11e1-97e7-180373a9402c}\Shell - "" = AutoRun
O33 - MountPoints2\{02f14861-6b34-11e1-97e7-180373a9402c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/22 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{02f1486c-6b34-11e1-97e7-180373a9402c}\Shell - "" = AutoRun
O33 - MountPoints2\{02f1486c-6b34-11e1-97e7-180373a9402c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/22 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7538ee7f-763f-11e1-bfb9-e4d53d1848d1}\Shell - "" = AutoRun
O33 - MountPoints2\{7538ee7f-763f-11e1-bfb9-e4d53d1848d1}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/22 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{800b0193-200a-11e1-a557-e4d53d1848d2}\Shell - "" = AutoRun
O33 - MountPoints2\{800b0193-200a-11e1-a557-e4d53d1848d2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/22 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{800b01a8-200a-11e1-a557-e4d53d1848d2}\Shell - "" = AutoRun
O33 - MountPoints2\{800b01a8-200a-11e1-a557-e4d53d1848d2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/22 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9b58161f-1407-11e2-9cdb-180373a9402c}\Shell - "" = AutoRun
O33 - MountPoints2\{9b58161f-1407-11e2-9cdb-180373a9402c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/22 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a5e26849-8c45-11e1-9f61-e4d53d1848d1}\Shell - "" = AutoRun
O33 - MountPoints2\{a5e26849-8c45-11e1-9f61-e4d53d1848d1}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/22 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c13aa02a-23f2-11e1-876d-e4d53d1848d1}\Shell - "" = AutoRun
O33 - MountPoints2\{c13aa02a-23f2-11e1-876d-e4d53d1848d1}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/22 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e53a1bfa-23cd-11e1-a358-e4d53d1848d1}\Shell - "" = AutoRun
O33 - MountPoints2\{e53a1bfa-23cd-11e1-a358-e4d53d1848d1}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/22 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/01/22 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/11 09:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/11/09 07:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\blender-2.42a-windows
[3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/11 09:25:28 | 000,196,394 | ---- | M] () -- C:\Users\Renatus\.recently-used.xbel
[2012/11/11 09:25:16 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/11 09:25:16 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/11 09:17:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/11 09:17:03 | 3148,222,464 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/11 09:03:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/10 21:17:00 | 000,779,788 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/11/10 21:17:00 | 000,665,232 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/11/10 21:17:00 | 000,125,678 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/11/09 04:31:34 | 000,000,024 | ---- | M] () -- C:\Users\Renatus\random.dat
[2012/11/09 04:29:18 | 000,000,046 | ---- | M] () -- C:\Users\Renatus\jagex_cl_runescape_LIVE.dat
[2012/10/28 18:57:07 | 000,000,023 | ---- | M] () -- C:\Users\Renatus\jagexappletviewer.preferences
[2012/10/21 21:37:49 | 000,002,066 | ---- | M] () -- C:\Users\Renatus\Desktop\RuneScape.lnk
[3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/11 09:25:28 | 000,196,394 | ---- | C] () -- C:\Users\Renatus\.recently-used.xbel
[2012/08/18 11:24:04 | 000,000,023 | ---- | C] () -- C:\Users\Renatus\jagexappletviewer.preferences
[2011/12/24 19:22:04 | 000,000,046 | ---- | C] () -- C:\Users\Renatus\jagex_cl_runescape_LIVE.dat
[2011/12/24 19:22:04 | 000,000,024 | ---- | C] () -- C:\Users\Renatus\random.dat
[2011/12/02 13:40:36 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/12/02 13:40:36 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/12/02 13:40:35 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/12/02 13:40:35 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/12/02 13:40:34 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/12/02 13:40:05 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/12/02 13:40:00 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/12/02 13:39:59 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/12/02 13:39:59 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/12/02 13:39:59 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/12/02 13:39:59 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/12/02 12:17:40 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011/12/02 12:13:22 | 000,788,116 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/02 12:10:41 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/08/20 01:34:44 | 000,089,584 | ---- | C] () -- C:\windows\SysWow64\FAIEExtension.dll
[2011/08/20 01:34:32 | 000,059,888 | ---- | C] () -- C:\windows\SysWow64\FAib.dll
[2011/08/20 01:34:22 | 000,251,888 | ---- | C] () -- C:\windows\SysWow64\FACrashRpt.dll
[2011/07/29 19:40:44 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/07/29 19:40:44 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/09 06:35:53 | 000,000,000 | ---D | M] -- C:\Users\Renatus\AppData\Roaming\.minecraft
[2012/10/26 21:46:31 | 000,000,000 | ---D | M] -- C:\Users\Renatus\AppData\Roaming\.minecraft - Copy
[2012/07/31 21:44:02 | 000,000,000 | ---D | M] -- C:\Users\Renatus\AppData\Roaming\Audacity
[2012/04/20 19:04:13 | 000,000,000 | ---D | M] -- C:\Users\Renatus\AppData\Roaming\DAEMON Tools Lite
[2012/11/11 09:26:22 | 000,000,000 | ---D | M] -- C:\Users\Renatus\AppData\Roaming\Dropbox
[2011/12/06 20:51:03 | 000,000,000 | ---D | M] -- C:\Users\Renatus\AppData\Roaming\Fingertapps
[2012/11/11 09:07:25 | 000,000,000 | ---D | M] -- C:\Users\Renatus\AppData\Roaming\foobar2000
[2012/11/11 06:11:59 | 000,000,000 | ---D | M] -- C:\Users\Renatus\AppData\Roaming\gtk-2.0
[2011/12/24 09:10:52 | 000,000,000 | ---D | M] -- C:\Users\Renatus\AppData\Roaming\IDT
[2011/12/11 15:46:06 | 000,000,000 | ---D | M] -- C:\Users\Renatus\AppData\Roaming\Leadertech
[2012/10/07 00:48:05 | 000,000,000 | ---D | M] -- C:\Users\Renatus\AppData\Roaming\mob
[2011/12/22 17:42:57 | 000,000,000 | ---D | M] -- C:\Users\Renatus\AppData\Roaming\PCDr
[2012/11/07 10:10:42 | 000,000,000 | ---D | M] -- C:\Users\Renatus\AppData\Roaming\SoftGrid Client
[2011/12/06 23:28:05 | 000,000,000 | ---D | M] -- C:\Users\Renatus\AppData\Roaming\The Creative Assembly
[2011/12/06 21:57:12 | 000,000,000 | ---D | M] -- C:\Users\Renatus\AppData\Roaming\TP

========== Purity Check ==========



< End of report >

Attached Files


  • 0

Advertisements

#2
WhiteHat
Posted 11 November 2012 - 09:07 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • Do not put your logs inside <Quote> and/or <Code> *important*
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.

In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.

LET'S START:

Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

NEXT:

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please post that

FINALLY:

  • Open OTL.exe
  • Click in the button Posted Image
  • Now on the Box Extra Registry, click in Use safe list
  • Next, click in the button Posted Image
  • It will be generated a log with a name Extras.txt. Post this log.

  • 0

#3
WhiteHat
Posted 02 December 2012 - 09:39 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP