View Full Version : another win32downlaoder.gen request
I have been trying to remove win32downloader.gen and I am not having any success. I have run spybot as an administrator five times now with no success. I changed spybot in the advanced mode to unclick teatimer. I also down loaded ERUNt but then realised I am running windows 7. Please find below the latest report from spybot. Thanks in advance for your help!
--- Search result list ---
Win32.Downloader.gen: [SBI $E6AD2227] Program directory (Directory, nothing done)
C:\Users\scotty\AppData\Local\Conduit\
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-12-01 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2014-01-08 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-01-08 Includes\Adware-C.sbi (*)
2014-01-08 Includes\Adware.sbi (*)
2014-01-03 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-08 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-08 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-01-08 Includes\Keyloggers-C.sbi (*)
2014-01-08 Includes\Keyloggers.sbi (*)
2013-10-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2014-01-06 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2013-10-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-08 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-12-11 Includes\TrojansC-02.sbi (*)
2013-12-10 Includes\TrojansC-03.sbi (*)
2014-01-07 Includes\TrojansC-04.sbi (*)
2013-06-13 Includes\TrojansC-05.sbi (*)
2013-08-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Absolute Notifier
command: "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
file: C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
size: 85672
MD5: 9CEF55257CBA29119DE88DEC175BE5E0
Located: HK_LM:Run, AccuWeatherWidget
command: "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
file: C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
size: 968048
MD5: 53EDBE9C1D6B0CEC11A573852B5B6DAD
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 932288
MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
size: 35736
MD5: E97140424C378ACBD47DF493A6AB7235
Located: HK_LM:Run, AMD AVT
command: Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
file: C:\Windows\system32\Cmd.exe
size: 302592
MD5: AD7B9C14083B52BC532FBA5948342B98
Located: HK_LM:Run, ApnUpdater
command: "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
file: C:\Program Files (x86)\Ask.com\Updater\Updater.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, AVG_UI
command: "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
file: C:\Program Files (x86)\AVG\AVG2014\avgui.exe
size: 4956176
MD5: 643F7A81B4FC27845886AB9650AD2C61
Located: HK_LM:Run, BCSSync
command: "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
file: C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
size: 89184
MD5: 187F4C75A89E3F412322C94526320074
Located: HK_LM:Run, Dell Webcam Central
command: "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
file: C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
size: 577024
MD5: 13F44960416C1D24DAAC3CBBBAE49D35
Located: HK_LM:Run, IAStorIcon
command: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
file: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
size: 56088
MD5: 5514B64F7F2D25E09E2FDAF5D62B688C
Located: HK_LM:Run, mcui_exe
command: "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
file: C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, NeroLauncher
command: C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
file: C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
size: 67496
MD5: 918850CDD168605454665D160B034837
Located: HK_LM:Run, SpeetItUpFree
command: "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
file: C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe
size: 7697496
MD5: 7FF64140B84F5394F4B86113A0578A9C
Located: HK_LM:Run, StartCCC
command: "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
file: c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 636032
MD5: 5217E9229B0590655A763F263B62753D
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254336
MD5: 5B6E8E09BE6401A7E022F52FDFCB2FF8
Located: HK_LM:Run, USB3MON
command: "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
file: C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
size: 291608
MD5: 6BA8D86746935498D64CB5CF6286F2EB
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC
Located: HK_CU:RunOnce, mctadmin
where: S-1-5-19...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC
Located: HK_CU:RunOnce, mctadmin
where: S-1-5-20...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, BackgroundContainer
where: S-1-5-21-3472192928-1086291339-420608945-1000...
command: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\scotty\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
file: C:\Windows\SysWOW64\Rundll32.exe
size: 44544
MD5: 51138BEEA3E2C21EC44D0932C71762A8
Located: HK_CU:Run, Facebook Update
where: S-1-5-21-3472192928-1086291339-420608945-1000...
command: "C:\Users\scotty\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
file: C:\Users\scotty\AppData\Local\Facebook\Update\FacebookUpdate.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, OfficeSyncProcess
where: S-1-5-21-3472192928-1086291339-420608945-1000...
command: "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
file: C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
size: 720064
MD5: C948AC73822CA662CF44185B909EA18B
Located: HK_CU:Run, Skype
where: S-1-5-21-3472192928-1086291339-420608945-1000...
command: "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
file: C:\Program Files (x86)\Skype\Phone\Skype.exe
size: 20584608
MD5: 58920E6A409046BA06548D9D139CE0F0
Located: Startup (user), ERUNT AutoBackup.lnk
where: C:\Users\scotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Users\scotty\Desktop\ERUNT\AUTOBACK.EXE
file: C:\Users\scotty\Desktop\ERUNT\AUTOBACK.EXE
size: 38912
MD5: E00DE20F0F6BED5CD2160247DDC9443B
--- Browser helper object list ---
{09B71986-2AC5-482d-B6CB-42EA34F4F85B} (Dell Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Dell Toolbar
Path: C:\Program Files\Dell Printable Web\
Long name: toolband.dll
Short name:
Date (created): 10/12/2008 11:10:06
Date (last access): 10/11/2012 18:01:42
Date (last write): 10/12/2008 11:10:06
Filesize: 253952
Attributes: archive
MD5: B2553363FD3DA02036C628DC62431C25
CRC32: 80677E85
Version: 1.8.12.0
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 16/11/2010 04:02:22
Date (last access): 27/10/2012 05:48:06
Date (last write): 16/11/2010 04:02:22
Filesize: 62376
Attributes: archive
MD5: 0EE9E4D28CC1C671061CAD0334C9B59F
CRC32: 145C5067
Version: 10.0.0.396
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\PROGRA~2\MICROS~3\Office14\
Long name: GROOVEEX.DLL
Short name:
Date (created): 09/03/2013 02:10:30
Date (last access): 26/11/2013 05:02:30
Date (last write): 09/03/2013 02:10:30
Filesize: 4171464
Attributes: archive
MD5: D1F438E9DFD869B33D1EDB635764C892
CRC32: C1505764
Version: 14.0.7011.1000
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 21/09/2010 21:08:38
Date (last access): 27/10/2012 05:47:04
Date (last write): 21/09/2010 21:08:38
Filesize: 439168
Attributes: archive
MD5: 6BF01E200063D7274F3AF06D226671F5
CRC32: C8953126
Version: 7.250.4225.0
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} (SkypeIEPluginBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: SkypeIEPluginBHO
CLSID name: Skype Browser Helper
Path: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\
Long name: skypeieplugin.dll
Short name: SKYPEI~1.DLL
Date (created): 09/10/2013 12:57:48
Date (last access): 27/10/2013 10:42:18
Date (last write): 09/10/2013 12:57:48
Filesize: 4502400
Attributes: archive
MD5: 363732CD59DC6BAE23BFAE6F5C13B6C1
CRC32: E7FBAAC8
Version: 6.13.0.13771
{B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: URLRedirectionBHO
CLSID name: Office Document Cache Handler
Path: C:\PROGRA~2\MICROS~3\Office14\
Long name: URLREDIR.DLL
Short name:
Date (created): 06/03/2013 09:37:48
Date (last access): 26/11/2013 05:02:28
Date (last write): 06/03/2013 09:37:48
Filesize: 562904
Attributes: archive
MD5: E04A1418B6CAA33EF61F7B4AE826FC94
CRC32: D4B370E1
Version: 14.0.7011.1000
{D4027C7F-154A-4066-A1AD-4243D8127440} (Ask Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Ask Toolbar BHO
CLSID name: Ask Toolbar
Path: C:\Program Files (x86)\Ask.com\
Long name: GenericAskToolbar.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre7\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 11/07/2013 12:06:28
Date (last access): 08/10/2013 08:47:58
Date (last write): 08/10/2013 08:47:58
Filesize: 171944
Attributes: archive
MD5: 78964B1DD1264B8D66FBE08F5944868F
CRC32: C938D74B
Version: 10.45.2.18
{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} (WiseConvert)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WiseConvert
CLSID name: WiseConvert Toolbar
Path: C:\Program Files (x86)\WiseConvert\
Long name: prxtbWis0.dll
Short name: PRXTBW~2.DLL
Date (created): 09/05/2011 11:49:38
Date (last access): 20/01/2013 12:49:30
Date (last write): 09/05/2011 11:49:38
Filesize: 176936
Attributes: archive
MD5: 4C163BD2A5905D18893EE311608E8C54
CRC32: 9A305B67
Version: 6.4.0.0
--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 10.45.2
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre7\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 11/07/2013 12:06:28
Date (last access): 08/10/2013 08:47:46
Date (last write): 08/10/2013 08:47:46
Filesize: 201640
Attributes: archive
MD5: C0357EA482E0F04BA9242D159095FF60
CRC32: 078C9551
Version: 10.45.2.18
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_37
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre7\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 11/07/2013 12:06:28
Date (last access): 08/10/2013 08:47:46
Date (last write): 08/10/2013 08:47:46
Filesize: 201640
Attributes: archive
MD5: C0357EA482E0F04BA9242D159095FF60
CRC32: 078C9551
Version: 10.45.2.18
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 10.45.2
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre7\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 11/07/2013 12:06:28
Date (last access): 08/10/2013 08:47:46
Date (last write): 08/10/2013 08:47:46
Filesize: 201640
Attributes: archive
MD5: C0357EA482E0F04BA9242D159095FF60
CRC32: 078C9551
Version: 10.45.2.18
--- Process list ---
PID: 0 ( 0) [System]
PID: 4428 (4996) C:\Windows\SysWOW64\Rundll32.exe
size: 44544
MD5: 51138BEEA3E2C21EC44D0932C71762A8
PID: 3600 (2948) C:\Windows\SysWOW64\runonce.exe
size: 50688
MD5: D44741F65A1D71F65814A12CF6E2400A
PID: 4668 (3600) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 3324 (2188) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
size: 465216
MD5: 8872B78D80682F2BE0A04EB0B3EAF554
PID: 4532 (2668) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
size: 4293952
MD5: BA90DF05FA2E9A2C15F3A74825315BD0
PID: 5008 (4916) C:\Program Files (x86)\Dell DataSafe Local Backup\RPLaunch.exe
size: 51008
MD5: B1A4F0DECDAAA62E58011025C0FD63F1
PID: 5068 (2668) C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
size: 2751808
MD5: F205CD085B25CFC491908EFE4E8AB8F5
PID: 4700 (5000) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
size: 706048
MD5: B3FBD40304DB227DCF4E7C9580ADB8FB
PID: 4 ( 0) System
PID: 352 ( 4) smss.exe
PID: 456 ( 444) avgrsa.exe
PID: 492 ( 456) avgcsrva.exe
PID: 756 ( 748) csrss.exe
PID: 920 ( 748) wininit.exe
size: 96256
PID: 940 ( 928) csrss.exe
PID: 988 ( 920) services.exe
PID: 1004 ( 920) lsass.exe
PID: 1012 ( 920) lsm.exe
PID: 772 ( 988) svchost.exe
size: 20992
PID: 720 ( 928) winlogon.exe
PID: 1032 ( 988) svchost.exe
size: 20992
PID: 1100 ( 988) atiesrxx.exe
PID: 1160 ( 988) svchost.exe
size: 20992
PID: 1196 ( 988) svchost.exe
size: 20992
PID: 1232 ( 988) svchost.exe
size: 20992
PID: 1272 ( 988) svchost.exe
size: 20992
PID: 1320 ( 988) stacsv64.exe
PID: 1564 ( 988) svchost.exe
size: 20992
PID: 1704 (1100) atieclxx.exe
PID: 1740 (1196) wlanext.exe
size: 77312
PID: 1748 ( 756) conhost.exe
PID: 1868 ( 988) spoolsv.exe
PID: 1884 (1272) taskeng.exe
size: 192000
PID: 1940 ( 988) svchost.exe
size: 20992
PID: 1444 ( 988) AbsoluteNotifierService.exe
PID: 1536 ( 988) avgfws.exe
PID: 1832 ( 988) avgidsagent.exe
PID: 1516 ( 988) avgwdsvc.exe
PID: 2072 ( 988) devmonsrv.exe
PID: 2156 ( 988) svchost.exe
size: 20992
PID: 2232 ( 988) dleacoms.exe
size: 598696
PID: 2280 ( 988) EvtEng.exe
PID: 2324 ( 988) HeciServer.exe
PID: 2380 ( 988) irstrtsv.exe
size: 193536
PID: 2460 ( 988) iSCTAgent.exe
PID: 2528 ( 988) Jhi_service.exe
PID: 2600 ( 988) RegSrvc.exe
PID: 2668 ( 988) SftService.exe
PID: 2696 ( 988) c2c_service.exe
PID: 2844 ( 988) svchost.exe
size: 20992
PID: 2888 ( 988) WLIDSVC.EXE
PID: 2984 ( 988) ZeroConfigService.exe
PID: 3032 ( 988) obexsrv.exe
PID: 2208 (1516) avgnsa.exe
PID: 2476 (1516) avgemca.exe
PID: 3152 (2888) WLIDSVCM.EXE
PID: 3316 ( 988) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 3576 ( 772) unsecapp.exe
PID: 3720 ( 772) WmiPrvSE.exe
PID: 4080 ( 988) svchost.exe
size: 20992
PID: 2716 ( 988) svchost.exe
size: 20992
PID: 4580 ( 988) BTHSAmpPalService.exe
PID: 4636 ( 988) BTHSSecurityMgr.exe
PID: 4796 (4764) GoogleUpdate.exe
PID: 4848 ( 988) IAStorDataMgrSvc.exe
PID: 4904 ( 988) LMS.exe
PID: 5020 ( 988) NASvc.exe
PID: 5060 ( 988) NOBuAgent.exe
PID: 2180 ( 988) wmpnetwk.exe
PID: 360 ( 988) SearchIndexer.exe
size: 427520
PID: 4404 (2208) avgcsrva.exe
PID: 3548 ( 988) UNS.exe
PID: 4784 ( 988) C:\Windows\System32\taskhost.exe
PID: 4300 (5060) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
size: 3381600
MD5: B5CA78F6CDDCB08DEB51D352EE674297
PID: 4996 (1272) C:\Windows\System32\taskeng.exe
size: 192000
MD5: 4F2659160AFCCA990305816946F69407
PID: 4140 (1196) C:\Windows\System32\dwm.exe
PID: 4840 (5104) C:\Windows\explorer.exe
size: 2871808
MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 2948 (4840) C:\Windows\System32\runonce.exe
size: 50688
MD5: D44741F65A1D71F65814A12CF6E2400A
PID: 5000 (1272) C:\Windows\System32\taskeng.exe
size: 192000
MD5: 4F2659160AFCCA990305816946F69407
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 14/01/2014 09:37:40
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://dell13.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/p/?LinkId=255141
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/p/?LinkId=255141
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 7: WindowsLive NSP
GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Namespace Provider 8: WindowsLive Local NSP
GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
--- Uninstall list ---
Intel(R) Rapid Start Technology 1.0.0.1024 (3D073343-CEEB-4ce7-85AC-A69A7631B5D6)
version (major): 1
install location: C:\Program Files (x86)\Intel\irstrt
uninstall cmd: C:\Program Files (x86)\Intel\irstrt\Uninstall\setup.exe -uninstall
publisher: Intel Corporation
(AddressBook)
Adobe AIR 2.6.0.19120 (Adobe AIR)
version (major): 2
version (minor): 6
install location: C:\Program Files (x86)\Common Files\Adobe AIR\
uninstall cmd: C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
publisher: Adobe Systems Incorporated
Adobe Flash Player 11 ActiveX 11.3.300.265 (Adobe Flash Player ActiveX)
version (major): 11
version (minor): 3
estimated size: 6144
uninstall cmd: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe -maintain activex
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/
Advanced Audio FX Engine 1.12.05 (Advanced Audio FX Engine)
version: 17563653
install location: C:\Program Files (x86)\Creative Live! Cam\AudioFX
uninstall cmd: RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
publisher: Creative Technology Ltd
(Connection Manager)
Dell Webcam Central 2.01.15 (Dell Webcam Central)
version: 33619983
install location: C:\Program Files (x86)\Dell Webcam\Dell Webcam Central
uninstall cmd: RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x9 /remove
publisher: Creative Technology Ltd
(DirectDrawEx)
ERUNT 1.1j (ERUNT_is1)
install location: C:\Users\scotty\Desktop\ERUNT\
uninstall cmd: C:\Users\scotty\Desktop\ERUNT\unins000.exe
publisher: Lars Hederer
help link: http://www.larshederer.homepage.t-online.de/erunt
(Fontcore)
Google Chrome 31.0.1650.63 (Google Chrome)
version (major): 1650
version (minor): 63
install date: 20130206
install location: C:\Program Files (x86)\Google\Chrome\Application
uninstall cmd: "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
publisher: Google Inc.
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
(InstallShield Uninstall Information)
Dell VideoStage 1.3.0.2513 (InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F})
version: 16973824
version (major): 1
version (minor): 3
estimated size: 138858
install date: 20121026
install location: c:\Program Files (x86)\Dell\VideoStage\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\setup.exe" /z-uninstall
publisher: CyberLink Corp.
help link: http://support.gocyberlink.com/
help telephone: +886-2-86671298
K-Lite Codec Pack 7.0.0 (Standard) 7.0.0 (KLiteCodecPack_is1)
estimated size: 37848
install date: 20130127
install location: C:\Program Files (x86)\K-Lite Codec Pack\
uninstall cmd: "C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
(MobileOptionPack)
MuseScore 1.3 1.3.0 (MuseScore)
uninstall cmd: C:\Program Files (x86)\MuseScore\Uninstall.exe
publisher: Werner Schweer and Others
contact: ws@wschweer.de
help link: http://www.musescore.org/
Microsoft Office Professional Plus 2010 14.0.7015.1000 (Office14.PROPLUSR)
install location: C:\Program Files (x86)\Microsoft Office
uninstall cmd: "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
publisher: Microsoft Corporation
(SchedulingAgent)
SpeedItup Free 7.85 (SpeedItup Free_is1)
estimated size: 9730
install date: 20130127
install location: C:\Program Files (x86)\SpeedItup Free\
uninstall cmd: "C:\Program Files (x86)\SpeedItup Free\unins000.exe"
publisher: SMicroSmarts LLC
(WIC)
WildTangent Games 1.0.2.5 (WildTangent dell Master Uninstall)
install location: C:\Program Files (x86)\WildTangent\Dell Games
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Uninstall.exe"
publisher: WildTangent
comments: OEM setup version DELL0903
9.3.0.6 (WildTangentGameProvider-dell-genres)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\Uninstall.exe"
publisher: WildTangent, Inc.
9.3.0.6 (WildTangentGameProvider-dell-main)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - main
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - main\Uninstall.exe"
publisher: WildTangent, Inc.
Windows Live Essentials 15.4.3508.1109 (WinLiveSuite)
install location: C:\Program Files (x86)\Windows Live\
uninstall cmd: C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
publisher: Microsoft Corporation
WiseConvert Toolbar 6.9.0.16 (WiseConvert Toolbar)
uninstall cmd: C:\Program Files (x86)\WiseConvert\uninstall.exe toolbar
publisher: WiseConvert
help link: http://WiseConvert.OurToolbar.com/help
Bejeweled 2 Deluxe 2.2.0.95 (WT089409)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Bejeweled 2 Deluxe
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Bejeweled 2 Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Blackhawk Striker 2 2.2.0.95 (WT089410)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Blackhawk Striker 2
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Blackhawk Striker 2\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Build-a-lot 2 2.2.0.95 (WT089411)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Build-a-lot 2
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Build-a-lot 2\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Cake Mania 2.2.0.95 (WT089412)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Cake Mania
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Cake Mania\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Chuzzle Deluxe 2.2.0.95 (WT089413)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Chuzzle Deluxe
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Chuzzle Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Diner Dash 2 Restaurant Rescue 2.2.0.95 (WT089414)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Diner Dash 2 Restaurant Rescue
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Dora's World Adventure 2.2.0.95 (WT089415)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Dora's World Adventure
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Dora's World Adventure\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
FATE 2.2.0.95 (WT089418)
install location: C:\Program Files (x86)\WildTangent\Dell Games\FATE
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\FATE\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Jewel Quest 2.2.0.95 (WT089420)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Jewel Quest
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Jewel Quest\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Jewel Quest Solitaire 2 2.2.0.95 (WT089422)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Jewel Quest Solitaire 2
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Jewel Quest Solitaire 2\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Poker Superstars III 2.2.0.95 (WT089426)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Poker Superstars III
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Poker Superstars III\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Virtual Villagers 4 - The Tree of Life 2.2.0.95 (WT089430)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Virtual Villagers 4 - The Tree of Life
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Virtual Villagers 4 - The Tree of Life\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Polar Golfer 2.2.0.95 (WT089433)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Polar Golfer
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Polar Golfer\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Escape Whisper Valley (TM) 2.2.0.95 (WT089434)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Escape Whisper Valley (TM)
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Escape Whisper Valley (TM)\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Namco All-Stars PAC-MAN 2.2.0.95 (WT089440)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Namco All-Stars PAC-MAN
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Namco All-Stars PAC-MAN\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Bounce Symphony 2.2.0.95 (WT089443)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Bounce Symphony
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Bounce Symphony\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Final Drive Nitro 2.2.0.95 (WT089444)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Final Drive Nitro
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Final Drive Nitro\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Penguins! 2.2.0.95 (WT089445)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Penguins!
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Penguins!\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Wedding Dash - Ready, Aim, Love! 2.2.0.95 (WT089446)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Wedding Dash - Ready, Aim, Love!
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Wedding Dash - Ready, Aim, Love!\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Zuma Deluxe 2.2.0.95 (WT089448)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Zuma Deluxe
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Zuma Deluxe\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Farm Frenzy 2.2.0.95 (WT089450)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Farm Frenzy
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Farm Frenzy\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Plants vs. Zombies - Game of the Year 2.2.0.95 (WT089452)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Plants vs. Zombies - Game of the Year
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Plants vs. Zombies - Game of the Year\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Final Drive Fury 2.2.0.95 (WT089499)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Final Drive Fury
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Final Drive Fury\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Samantha Swift 2.2.0.95 (WT089503)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Samantha Swift
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Samantha Swift\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Luxor 2.2.0.95 (WT089507)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Luxor
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Luxor\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Polar Bowler 2.2.0.95 (WT089508)
install location: C:\Program Files (x86)\WildTangent\Dell Games\Polar Bowler
uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Polar Bowler\Uninstall.exe"
publisher: WildTangent
comments: Distributed by WildTangent, Inc.
Zinio Reader 4 4.2.4164 (ZinioReader4)
install location: C:\Program Files (x86)\Zinio Reader 4\
uninstall cmd: msiexec /qb /x {7FB00B6B-6843-97EC-EED6-78BD6D35370A}
publisher: Zinio LLC
Catalyst Control Center 2012.0319.239.2671 ({0225D395-ADEC-76AC-9E63-3232EC84D048})
version (major): 2012
version (minor): 319
estimated size: 46137
install date: 20121026
install location: c:\Program Files (x86)\ATI Technologies\
install source: c:\dell\DHR2G\Packages\Apps\CCC2\Core-Static\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Dell Toolbar 1.8.12.0 ({09B71986-2AC5-482d-B6CB-42EA34F4F85B})
uninstall cmd: regsvr32.exe /s /u "C:\Program Files\Dell Printable Web\toolband.dll"
CCC Help Swedish 2012.0319.0238.2671 ({0A027644-0CF1-9862-D9C1-CA597C67AA81})
version (major): 2012
version (minor): 319
estimated size: 459
install date: 20121026
install location: c:\Program Files (x86)\ATI Technologies\
install source: c:\dell\DHR2G\Packages\Apps\CCC2\Help\sv\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Windows Live Installer 15.4.3502.0922 ({0B0F231F-CE6A-483D-AA23-77B364F75917})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 10300
install date: 20121026
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\a89868321cdb3f510\
uninstall cmd: MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
publisher: Microsoft Corporation
Dell DataSafe Local Backup 9.4.67 ({0ED7EE95-6A97-47AA-AD73-152C08A15B04})
version: 151257155
install date: 20121026
install location: C:\Program Files (x86)\Dell DataSafe Local Backup
install source: C:\dell\F214K\app\setup.exe
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\setup.exe" -runfromtemp -l0x0009 -removeonly
publisher: Dell Inc.
Windows Live Movie Maker 15.4.3502.0922 ({19BA08F7-C728-469C-8A35-BFBD3633BE08})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 172
install date: 20121026
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\adec5caf1cdb3f53b\
uninstall cmd: MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
publisher: Microsoft Corporation
({1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757)
({1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173)
({1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860)
({1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655)
({1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743)
({1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063)
({1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 9.0.30729.4148 ({1F1C2DFC-2D24-3E06-BCB8-725134ADF989})
version: 151025673
version (major): 9
estimated size: 596
install date: 20121026
install source: C:\550b113418025d171c37a206c559\
uninstall cmd: MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
publisher: Microsoft Corporation
Junk Mail filter update 15.4.3502.0922 ({1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 3512
install date: 20121026
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\a9d4ff361cdb3f51d\
uninstall cmd: MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
publisher: Microsoft Corporation
Windows Live SOXE Definitions 15.4.3502.0922 ({200FEC62-3C34-4D60-9CE8-EC372E01C08F})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 104
install date: 20121026
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\a8e6f59b1cdb3f514\
uninstall cmd: MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
publisher: Microsoft Corporation
CCC Help Italian 2012.0319.0238.2671 ({22CE7C3F-4952-8B46-54C3-8390BC0724B4})
version (major): 2012
version (minor): 319
estimated size: 471
install date: 20121026
install location: c:\Program Files (x86)\ATI Technologies\
install source: c:\dell\DHR2G\Packages\Apps\CCC2\Help\it\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Intel(R) USB 3.0 eXtensible Host Controller Driver 1.0.4.225 ({240C3DDD-C5E9-4029-9DF7-95650D040CF2})
version (major): 1
estimated size: 18942
install location: C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver
uninstall cmd: C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall
publisher: Intel Corporation
Nero Core Components 10 2.0.20500.9.16 ({2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F})
version: 33574932
version (major): 2
estimated size: 7980
install date: 20121026
install location: C:\Program Files (x86)\Nero\
install source: C:\dell\2y65v\install_files\applications\corecomponents\
uninstall cmd: MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
publisher: Nero AG
CCC Help German 2012.0319.0238.2671 ({2516CD06-49E8-1851-834E-D190304B34DA})
version (major): 2012
version (minor): 319
estimated size: 491
install date: 20121026
install location: c:\Program Files (x86)\ATI Technologies\
install source: c:\dell\DHR2G\Packages\Apps\CCC2\Help\de\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Java(TM) 6 Update 37 6.0.370 ({26A24AE4-039D-4CA4-87B4-2F83216037FF})
version: 100663666
version (major): 6
estimated size: 98095
install date: 20121103
install location: C:\Program Files (x86)\Java\jre6\
install source: C:\Users\scotty\AppData\LocalLow\Sun\Java\jre1.6.0_37\
uninstall cmd: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216037FF}
publisher: Oracle
contact: http://java.com
help link: http://java.com
readme: C:\Program Files (x86)\Java\jre6\README.txt
Java 7 Update 45 7.0.450 ({26A24AE4-039D-4CA4-87B4-2F83217025FF})
version: 117440762
version (major): 7
estimated size: 132403
install date: 20130711
install location: C:\Program Files (x86)\Java\jre7\
install source: C:\Users\scotty\AppData\LocalLow\Sun\Java\jre1.7.0_25\
uninstall cmd: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217025FF}
publisher: Oracle
contact: http://java.com
help link: http://java.com
readme: C:\Program Files (x86)\Java\jre7\README.txt
({26A24AE4-039D-4CA4-87B4-2F83217045FB})
Windows Live Mesh ActiveX Control for Remote Connections 15.4.5722.2 ({2902F983-B4C1-44BA-B85D-5C6D52E2C441})
version: 251926106
version (major): 15
version (minor): 4
estimated size: 5708
install date: 20121026
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\adfaa4f01cdb3f53e\
uninstall cmd: MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
publisher: Microsoft Corporation
CCC Help Japanese 2012.0319.0238.2671 ({2C40ACF7-C3A9-E39C-47E1-FD4A58E60C29})
version (major): 2012
version (minor): 319
estimated size: 523
install date: 20121026
install location: c:\Program Files (x86)\ATI Technologies\
install source: c:\dell\DHR2G\Packages\Apps\CCC2\Help\ja\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Update Installer for WildTangent Games App ({2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App)
install location: C:\Program Files (x86)\WildTangent Games\App
uninstall cmd: "C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe"
publisher: WildTangent
help link: http://support.wildgames.com
Windows Live Photo Gallery 15.4.3502.0922 ({3336F667-9049-4D46-98B6-4C743EEBC5B1})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 46992
install date: 20121026
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\ab6747c41cdb3f525\
uninstall cmd: MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
publisher: Microsoft Corporation
Windows Live Photo Gallery 15.4.3502.0922 ({34F4D9A4-42C2-4348-BEF4-E553C84549E7})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 6180
install date: 20121026
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\adc3e54a1cdb3f539\
uninstall cmd: MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
publisher: Microsoft Corporation
CCC Help Portuguese 2012.0319.0238.2671 ({35D47697-42E1-ED74-5904-FC04731EBE06})
version (major): 2012
version (minor): 319
estimated size: 475
install date: 20121026
install location: c:\Program Files (x86)\ATI Technologies\
install source: c:\dell\DHR2G\Packages\Apps\CCC2\Help\pt-BR\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
CCC Help Finnish 2012.0319.0238.2671 ({3B522C13-372A-685E-F2A0-02A761AF5DB2})
version (major): 2012
version (minor): 319
estimated size: 459
install date: 20121026
install location: c:\Program Files (x86)\ATI Technologies\
install source: c:\dell\DHR2G\Packages\Apps\CCC2\Help\fi\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Dell MusicStage 1.6.225.0 ({3BD7DD08-991B-4A2F-A165-614ED14EAADD})
version: 17170657
version (major): 1
version (minor): 6
install date: 20121026
install location: C:\Program Files (x86)\Dell Stage\MusicStage\
uninstall cmd: MsiExec.exe /X{3BD7DD08-991B-4A2F-A165-614ED14EAADD}
publisher: Fingertapps
comments: This installer database contains the logic and data required to install MusicStage.
Intel(R) Rapid Storage Technology 11.1.0.1006 ({3E29EE6C-963A-4aae-86C1-DC237C4A49FC})
version (major): 11
version (minor): 1
estimated size: 18942
install location: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology
uninstall cmd: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
publisher: Intel Corporation
SyncUP 1.12.12400.17.102 ({40F06490-8C14-43AA-99D3-EEEFDBAC3CFC})
version: 17576048
version (major): 1
version (minor): 12
estimated size: 205485
install date: 20130402
install location: C:\Program Files (x86)\Nero\
install source: C:\ProgramData\Nero\Agent\Repository\{DF7EBE00-B52E-4BB2-AA7D-7CB21312AB21}\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}\1.12.12400\
uninstall cmd: MsiExec.exe /X{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}
publisher: Nero AG
Blio 3.2.9594 ({431E2654-B0A4-4140-82A2-DD55B028B626})
version: 50472314
version (major): 3
version (minor): 2
estimated size: 81033
install date: 20121031
install location: C:\Program Files (x86)\K-NFB Reading Technology Inc\
install source: C:\Users\scotty\AppData\Local\Downloaded Installations\{0C6F5E3A-BFD9-468B-9E5C-4999C65DB549}\
uninstall cmd: MsiExec.exe /X{431E2654-B0A4-4140-82A2-DD55B028B626}
publisher: K-NFB Reading Technology, Inc.
contact: support@knfbreading.com
help telephone: 877 547 1500
Java Auto Updater 2.1.9.8 ({4A03706F-666A-4037-7777-5F2748764D10})
version: 33619977
version (major): 2
version (minor): 1
estimated size: 1214
install date: 20131019
install source: C:\Users\scotty\AppData\LocalLow\Sun\Java\AU\
publisher: Sun Microsystems, Inc.
Skype™ 6.11 6.11.102 ({4E76FF7E-AEBA-4C87-B788-CD47E5425B9D})
version: 101384294
version (major): 6
version (minor): 11
estimated size: 27847
install date: 20131206
install location: C:\Program Files (x86)\Skype\
install source: C:\ProgramData\Skype\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\
uninstall cmd: MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
publisher: Skype Technologies S.A.
help link: http://ui.skype.com/ui/0/6.11.0.102/en/help
PowerXpressHybrid 1.00.0000 ({51FDC2DE-0917-46B7-EAEC-5377504701DE})
version: 16777216
version (major): 1
estimated size: 7
install date: 20121026
install location: c:\Program Files (x86)\ATI Technologies\
install source: c:\dell\DHR2G\Packages\Apps\CCC2\PowerXpressHybrid\
uninstall cmd: MsiExec.exe /I{51FDC2DE-0917-46B7-EAEC-5377504701DE}
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Nero ControlCenter 10 Help (CHM) 10.2.10800 ({523B2B1B-D8DB-4B41-90FF-C4D799E2758A})
version: 167914032
version (major): 10
version (minor): 2
estimated size: 3246
install date: 20121026
install location: C:\Program Files (x86)\Nero\
install source: C:\dell\2y65v\install_files\applications\controlcenterhelpchm\
uninstall cmd: MsiExec.exe /X{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}
publisher: Nero AG
Windows Live UX Platform Language Pack 15.4.3508.1109 ({579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4})
version: 251923892
version (major): 15
version (minor): 4
estimated size: 28
install date: 20121026
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\ad1ae3971cdb3f52e\
uninstall cmd: MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
publisher: Microsoft Corporation
PX Profile Update 1.00.1. ({5A27CB1D-7A41-6926-9810-00D8214EAB80})
version: 16777217
version (major): 1
estimated size: 512
install date: 20121026
install location: c:\Program Files (x86)\ATI Technologies\
install source: c:\dell\DHR2G\Packages\Apps\PXProfile\
publisher: AMD
CCC Help English 2012.0319.0238.2671 ({61EF4A3D-2D5B-3C5C-0C99-DF567F2581F4})
version (major): 2012
version (minor): 319
estimated size: 463
install date: 20121026
install location: c:\Program Files (x86)\ATI Technologies\
install source: c:\dell\DHR2G\Packages\Apps\CCC2\Help\en-us\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Intel(R) Management Engine Components 8.0.4.1441 ({65153EA5-8B6E-43B6-857B-C6E4FC25798A})
version (major): 8
estimated size: 20959
install location: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components
uninstall cmd: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
publisher: Intel Corporation
Nero Update 11.0.11800.31.0 ({65BB0407-4CC8-4DC7-952E-3EEFDF05602A})
version: 184561176
version (major): 11
estimated size: 3092
install date: 20130320
install location: C:\Program Files (x86)\Nero\
install source: C:\ProgramData\Nero\Agent\Repository\{6A536445-D10A-4006-8AA5-2FFCEF1A1101}\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}\11.0.31.0\
uninstall cmd: MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
publisher: Nero AG
Windows Live SOXE 15.4.3502.0922 ({682B3E4F-696A-42DE-A41C-4C07EA1678B4})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 292
install date: 20121026
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\a8ebb85b1cdb3f515\
uninstall cmd: MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
publisher: Microsoft Corporation
Catalyst Control Center InstallProxy 2012.0319.239.2671 ({6A38D558-9D5E-9266-6143-07805FD559FE})
version (major): 2012
version (minor): 319
estimated size: 281
install date: 20121026
install location: c:\Program Files (x86)\ATI Technologies\
install source: c:\dell\DHR2G\Packages\Apps\CCC2\MOM-InstallProxy\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
CCC Help French 2012.0319.0238.2671 ({6CE671FF-DAD0-2A5D-C707-6C2D018EA25C})
version (major): 2012
version (minor): 319
estimated size: 483
install date: 20121026
install location: c:\Program Files (x86)\ATI Technologies\
install source: c:\dell\DHR2G\Packages\Apps\CCC2\Help\fr\
publisher: Advanced Micro Devices, Inc.
contact: AMD Customer Support
help link: http://support.amd.com
help telephone: 905-882-2600
Nero Control Center 10 10.6.13000.0.11 ({6DFB899F-17A2-48F0-A533-ED8D6866CF38})
version: 168178376
version (major): 10
version (minor): 6
estimated size: 9412
install date: 20130402
install location: C:\Program Files (x86)\Nero\
install source: C:\ProgramData\Nero\Agent\Repository\{3DEBC5B2-FD93-4492-A6B3-4F2C7943F34C}\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}\10.6.13000\
uninstall cmd: MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38}
publisher: Nero AG
WildTangent Games App (Dell Games) 4.0.10.5 ({70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell)
version (major): 4
install location: C:\Program Files (x86)\WildTangent Games\App
uninstall cmd: "C:\Program Files (x86)\WildTangent Games\Touchpoints\dell\Uninstall.exe"
publisher: WildTangent
help link: http://www.wildtangent.com/support?dp=delld
Microsoft Visual C++ 2005 Redistributable 8.0.61001 ({710f4c1c-cc18-4c49-8cbf-51240c89a1a2})
version: 134278729
version (major): 8
estimated size: 300
install date: 20121104
install source: C:\Windows\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
publisher: Microsoft Corporation
Dell Getting Started Guide 1.00.0000 ({7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045})
version: 16777216
version (major): 1
install date: 20121026
install location: C:\Program Files (x86)\Dell\Dell Welcome\
uninstall cmd: MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
publisher: Dell Inc.
Zinio Reader 4 4.2.4164 ({7FB00B6B-6843-97EC-EED6-78BD6D35370A})
version: 67244100
version (major): 4
version (minor): 2
estimated size: 4970
install date: 20121026
install location: C:\Program Files (x86)\Zinio Reader 4
install source: C:\Users\Administrator\AppData\Local\Temp\fla7742.tmp\
uninstall cmd: MsiExec.exe /I{7FB00B6B-6843-97EC-EED6-78BD6D35370A}
publisher: Zinio LLC
Windows Live Messenger 15.4.3502.0922 ({80956555-A512-4190-9CAD-B000C36D6B6B})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 11432
install date: 20121026
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\ad4ce07c1cdb3f533\
uninstall cmd: MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
publisher: Microsoft Corporation
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 9.0.30729 ({820B6609-4C97-3A2B-B644-573B06A0F0CC})
version: 151025673
version (major): 9
estimated size: 608
install date: 20121026
install source: c:\2e1b4b6816b0d480fa05d0b3fcbd9f\
uninstall cmd: MsiExec.exe /X{820B6609-4C97-3A2B-B644-573B06A0F0CC}
publisher: Microsoft Corporation
Windows Live PIMT Platform 15.4.3508.1109 ({83C292B7-38A5-440B-A731-07070E81A64F})
version: 251923892
version (major): 15
version (minor): 4
estimated size: 2112
install date: 20121026
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\a9142fc01cdb3f519\
uninstall cmd: MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
publisher: Microsoft Corporation
Hi and Welcome!! Zanny :)
My name is Robybel.
I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
Having said that....Let's get going!! ;)
========================
Scan with OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.
=============================== Next =======================================
Please download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.
Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
Allow it to update where necessary
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
On your next reply please post :
OTL.txt
Extras.txt
aswMBR log
Let me know if you have any problems in performing with the steps above or any questions you may have.
Good Day!
Thanks for getting back to me, sorry for the delay I closed the web browser to run OTL and couldnt log back in!
Please find below
OTL
OTL logfile created on: 14/01/2014 11:37:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\scotty\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
7.87 Gb Total Physical Memory | 5.63 Gb Available Physical Memory | 71.52% Memory free
15.74 Gb Paging File | 12.86 Gb Available in Paging File | 81.72% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216.62 Gb Total Space | 131.15 Gb Free Space | 60.54% Space Free | Partition Type: NTFS
Computer Name: SCOTTY-PC | User Name: scotty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\scotty\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Intel)
PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe (Nero AG)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe ()
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
PRC - C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe (Absolute Software)
PRC - C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Users\scotty\Desktop\ERUNT\AUTOBACK.EXE ()
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\c94852f43f7ac59fcbe4c54b119788d2\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\96afc74588c6581e299884469ea0dced\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a42743bb1ed71d59b6594b67cf6c9384\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4774201dc923674852e089053f76e76e\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\08d05898be584065b797a6dd48d9ad56\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c5f2c02bd940c74019ed4a183c7830c0\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1327ad2637aab17189c5461fbf30dc19\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\591b99d5681c59ed6c5e9544d7def0ea\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\DataService.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Polar Bowler\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Luxor\GDF.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Samantha Swift\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Final Drive Fury\GDF.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Plants vs. Zombies - Game of the Year\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Farm Frenzy\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Zuma Deluxe\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Wedding Dash - Ready, Aim, Love!\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Penguins!\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Final Drive Nitro\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Bounce Symphony\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Namco All-Stars PAC-MAN\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Escape Whisper Valley (TM)\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Polar Golfer\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Virtual Villagers 4 - The Tree of Life\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Poker Superstars III\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Jewel Quest Solitaire 2\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Jewel Quest\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\FATE\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Dora's World Adventure\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Diner Dash 2 Restaurant Rescue\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Chuzzle Deluxe\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Cake Mania\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Build-a-lot 2\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Blackhawk Striker 2\GDF.dll ()
MOD - C:\Program Files (x86)\WildTangent\Dell Games\Bejeweled 2 Deluxe\GDF.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadrs.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\DLEAcfg.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epoemdll.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epwizres.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epwizard.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\customui.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epfunct.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\eputil.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\imagutil.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll ()
MOD - C:\Windows\SysWOW64\DLEAsmr.dll ()
MOD - C:\Windows\SysWOW64\DLEAsm.dll ()
MOD - C:\Users\scotty\Desktop\ERUNT\AUTOBACK.EXE ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (ISCTAgent) -- c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ()
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (dlea_device) -- C:\Windows\SysNative\dleacoms.exe ( )
SRV:64bit: - (dleaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (GamesAppIntegrationService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AbsoluteNotifier) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe (Absolute Software)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (dleaCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV - (dlea_device) -- C:\Windows\SysWOW64\dleacoms.exe ( )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (WPRO_41_2001) -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys ()
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation)
DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\drivers\irstrtdv.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\drivers\Smb_driver.sys (Synaptics Incorporated)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD64.sys ()
DRV:64bit: - (imsevent) -- C:\Windows\SysNative\drivers\imsevent.sys ()
DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\drivers\ikbevent.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (GENERICDRV) -- C:\Users\scotty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I6RB1DGY\amifldrv64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F08F8B05-D76E-4149-BCDD-864B27844B1D}
IE:64bit: - HKLM\..\SearchScopes\{F08F8B05-D76E-4149-BCDD-864B27844B1D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {F08F8B05-D76E-4149-BCDD-864B27844B1D}
IE - HKLM\..\SearchScopes\{F08F8B05-D76E-4149-BCDD-864B27844B1D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {14FBB070-78F8-4CC2-BC1A-B60AFF97B143}
IE - HKCU\..\SearchScopes\{14FBB070-78F8-4CC2-BC1A-B60AFF97B143}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
IE - HKCU\..\SearchScopes\{84F214D6-11DC-402E-9F7E-E8263F24A71B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYGB&apn_uid=C9C61F15-5D6F-494E-8721-DAF1E5A9719B&apn_sauid=E55959EF-A147-4ECF-A65A-A84919CA536A
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\scotty\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
[2012/11/19 11:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=C9C61F15-5D6F-494E-8721-DAF1E5A9719B&apn_ptnrs=U3&apn_sauid=E55959EF-A147-4ECF-A65A-A84919CA536A&apn_dtid=OSJ000YYGB&q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: BrowserProtect (Enabled) = C:\Users\scotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Skype Click to Call = C:\Users\scotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Wallet = C:\Users\scotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WiseConvert Toolbar) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelMyWiFiDashboard] C:\Program Files\Intel\WiFi\bin\CCDashServer.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Absolute Notifier] C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [SpeetItUpFree] C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe (MicroSmarts LLC.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [BackgroundContainer] C:\Users\scotty\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKCU..\Run: [Facebook Update] "C:\Users\scotty\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - Startup: C:\Users\scotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Users\scotty\Desktop\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E799692-0B83-4D38-807C-4B4744A13ADD}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014/01/14 07:49:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/01/14 07:47:03 | 000,000,000 | ---D | C] -- C:\Users\scotty\Desktop\ERUNT
[2014/01/14 07:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/01/13 19:45:28 | 000,000,000 | ---D | C] -- C:\Users\scotty\AppData\Roaming\AVG2014
[2014/01/13 19:44:02 | 000,000,000 | ---D | C] -- C:\Users\scotty\AppData\Roaming\TuneUp Software
[2014/01/13 19:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/01/13 19:43:54 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/01/13 19:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/01/13 19:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014/01/13 19:32:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/01/13 19:32:22 | 000,000,000 | ---D | C] -- C:\Users\scotty\AppData\Local\MFAData
[2014/01/13 19:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/01/13 19:32:22 | 000,000,000 | ---D | C] -- C:\Users\scotty\AppData\Local\Avg2014
[2014/01/04 16:30:24 | 000,000,000 | ---D | C] -- C:\Users\scotty\AppData\Local\Conduit
[2013/12/15 14:45:19 | 000,000,000 | ---D | C] -- C:\Users\scotty\Desktop\change of address
[2012/11/06 20:23:32 | 006,246,216 | ---- | C] (Absolute Software Corp.) -- C:\Users\scotty\AppData\Roaming\LoJackSetup.exe
[53 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[53 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/14 11:11:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3472192928-1086291339-420608945-1000UA.job
[2014/01/14 11:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/14 08:57:03 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/14 08:57:03 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/14 08:54:12 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/14 08:54:12 | 000,664,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/14 08:54:12 | 000,125,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/14 08:54:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/14 08:49:53 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2014/01/14 08:49:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/14 08:49:48 | 2042,494,975 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/14 07:47:16 | 000,000,766 | ---- | M] () -- C:\Users\scotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/14 07:47:03 | 000,000,549 | ---- | M] () -- C:\Users\scotty\Desktop\ERUNT.lnk
[2014/01/13 20:11:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3472192928-1086291339-420608945-1000Core.job
[2014/01/13 19:44:02 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[53 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[53 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/01/14 07:47:16 | 000,000,766 | ---- | C] () -- C:\Users\scotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/14 07:47:03 | 000,000,549 | ---- | C] () -- C:\Users\scotty\Desktop\ERUNT.lnk
[2014/01/13 19:44:02 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/08/06 10:28:39 | 000,000,017 | ---- | C] () -- C:\Users\scotty\AppData\Local\resmon.resmoncfg
[2013/07/19 09:53:17 | 000,004,096 | -H-- | C] () -- C:\Users\scotty\AppData\Local\keyfile3.drm
[2013/06/20 11:51:40 | 000,007,168 | ---- | C] () -- C:\Users\scotty\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/27 13:52:01 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/12/05 20:03:55 | 000,000,516 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/10 18:01:33 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll
[2012/11/10 18:01:33 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll
[2012/11/10 18:01:32 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll
[2012/11/10 18:01:32 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll
[2012/11/10 18:01:32 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll
[2012/11/10 18:01:32 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll
[2012/11/10 18:01:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll
[2012/11/10 18:01:32 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll
[2012/11/10 18:01:31 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll
[2012/11/10 18:01:31 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll
[2012/11/10 18:01:31 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll
[2012/11/10 18:01:31 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll
[2012/11/10 18:01:31 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll
[2012/11/10 18:01:31 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll
[2012/11/10 18:01:30 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll
[2012/11/10 18:01:30 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe
[2012/11/10 18:01:30 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll
[2012/11/10 18:01:30 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe
[2012/11/10 18:01:29 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll
[2012/11/10 18:01:29 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe
[2012/11/10 18:01:29 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll
[2012/11/10 18:01:29 | 000,086,180 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll
[2012/11/10 18:00:29 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\DLEAsm.dll
[2012/11/10 18:00:29 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\DLEAsmr.dll
[2012/11/08 23:54:59 | 000,000,312 | ---- | C] () -- C:\Users\scotty\.stylerc2
[2012/11/08 23:54:59 | 000,000,175 | ---- | C] () -- C:\Users\scotty\.mffunctions
[2012/10/31 21:47:18 | 000,006,476 | ---- | C] () -- C:\Users\scotty\AppData\Roaming\AbsoluteReminder.xml
[2012/10/27 06:49:34 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/10/27 06:49:33 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/10/27 06:49:28 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/27 06:49:25 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012/10/27 06:49:23 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/10/27 06:49:23 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/10/27 06:49:20 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/10/27 05:40:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/27 05:40:22 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012/03/19 10:20:48 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/02/03 05:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/01/31 14:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
========== ZeroAccess Check ==========
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/11/06 21:02:20 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\Absolute Software
[2014/01/13 19:45:28 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\AVG2014
[2012/11/01 01:45:51 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\Blio
[2014/01/13 20:10:50 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\File Scout
[2012/10/31 21:47:44 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\Fingertapps
[2013/04/01 16:07:28 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\funkitron
[2012/11/03 11:39:23 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\IDT
[2013/08/05 11:49:04 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\MusE
[2012/11/03 19:25:08 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\PCDr
[2014/01/13 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\TuneUp Software
[2012/12/25 13:31:14 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\WildTangent
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2012/10/27 07:09:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/10/27 07:09:18 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/10/27 07:09:18 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/10/27 07:09:18 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/10/27 07:09:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/10/27 07:09:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: SERVICES.EXE >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
< %systemroot%\*. /rp /s >
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG SSD PM830 2.5\" 7
Partitions: 4
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 14.00GB
Starting Offset: 41943040
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 217.00GB
Starting Offset: 14870904832
Hidden sectors: 0
DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 8.00GB
Starting Offset: 247462887424
Hidden sectors: 0
========== Files - Unicode (All) ==========
[2013/03/22 17:01:30 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?·) -- C:\Windows\SysNative\㙠·
[2013/03/22 17:01:30 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?·) -- C:\Windows\SysNative\㙠·
< End of report >
EXTRAs
OTL Extras logfile created on: 14/01/2014 11:37:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\scotty\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
7.87 Gb Total Physical Memory | 5.63 Gb Available Physical Memory | 71.52% Memory free
15.74 Gb Paging File | 12.86 Gb Available in Paging File | 81.72% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216.62 Gb Total Space | 131.15 Gb Free Space | 60.54% Space Free | Partition Type: NTFS
Computer Name: SCOTTY-PC | User Name: scotty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\scotty\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\scotty\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1141D05D-CA24-4F75-9AB0-177D9D9BA675}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{127D0389-A90D-4DDB-AC6F-6D4A7FFD27CF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1ED3BAEB-2DDC-421E-AF9D-60359245328B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{20F61969-BF22-4ECA-967C-F3041AAD678F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22DD293B-2ED2-42C4-8AED-18CE5E572BF9}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{2664D633-366B-409C-BD11-134DC772D231}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FAE2445-5CE6-40DE-8C13-AABCAC0AFD2C}" = lport=137 | protocol=17 | dir=in | app=system |
"{31302B74-C88A-4058-9302-30EF23E9F73D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49EC8497-FC33-44D9-8E28-2D847B7F6D8C}" = rport=138 | protocol=17 | dir=out | app=system |
"{52FF6492-CCF1-4C60-B717-5BC911180FCB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5DD4768B-7783-466F-816F-95132990F998}" = rport=139 | protocol=6 | dir=out | app=system |
"{63B9FD41-D408-40A1-BB84-A0CBFCA86D06}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{69495EE8-A2AA-4C61-A06C-F00AE722F7D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7794608E-3761-426A-8A5D-3E909EBFC972}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{782DFAFF-7AFE-4ADF-BD32-E219AEE35FB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8954F897-F7C7-4876-A6EF-9568DB5658F5}" = lport=445 | protocol=6 | dir=in | app=system |
"{8A281309-82D8-4BBB-B2CA-C15AD8AEA618}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
"{986FDD27-B16C-4A17-A0D1-90CC808D0513}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E25BA32-58E5-4EF8-BAA5-3436755B2D6A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{A0B1FB7F-B875-45D5-9EC3-FA8F8C25EA4F}" = lport=138 | protocol=17 | dir=in | app=system |
"{A0FA6788-4EEC-4A7D-9D89-36A9D012AE32}" = rport=137 | protocol=17 | dir=out | app=system |
"{AB229307-A55E-4C80-95A0-324B4EF0F9D4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC41E593-F296-4148-9CB3-AF13764A1E79}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{B1959B0F-3E35-4DA0-9209-2DA1B36A0B4E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B60F362C-13E6-4815-A48B-350C23E5D82F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6CCA852-9D2F-4342-BFA7-91C65D45D6CC}" = lport=139 | protocol=6 | dir=in | app=system |
"{B7B8A311-4605-4BFA-83EF-966CE6B335B9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EA9DE415-831C-4C9C-AA55-FC38B4A6A4AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F1A71EBD-0F78-449F-8B35-2DEAB020F0E2}" = rport=445 | protocol=6 | dir=out | app=system |
"{FCD4539E-529E-45E6-8EA3-114B8F954471}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004EA2B9-C7B7-4429-9404-6CA2B5258CED}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{016EC74B-DF13-4DC0-AB82-CD750E1D6AD7}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe |
"{018D0BFA-8A67-43E4-BA31-D28CD17AA04B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{059FD820-8E10-458E-914F-A8DDE939EA55}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{09528CA4-E448-4DD1-9D10-A1BFFA4C2E01}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{0B494649-AE75-488D-BDAE-DAF5AA448223}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{10F22DE5-F3BA-4B92-B098-9B94CCACEE7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{14364C07-1F39-4E69-886F-2FC291739FDF}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{1FB3845E-B4F3-4592-844A-83C0E50FCC00}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2E172482-7980-4FF2-ADEF-9B01E7935946}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{32FC9CA3-EFB4-4C45-847D-C11F9C4CD6E5}" = dir=out | app=c:\program files\intel\wifi\bin\ccdashserver.exe |
"{33B74003-61D6-4075-9756-1B0DD75B4344}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{35246E14-BE1F-4BD0-A3EE-E4BA1153CDE6}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{3AECD0D1-D6AE-4553-8C9F-9BD1CE75726B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{52C1A61D-8612-47EE-98A1-B054DFD40D2A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{5B7AE686-8126-4587-9946-DA5782D2B1EE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{5BFCD432-0210-4E86-8E5A-11DF93E975B9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5DB71E44-41ED-491F-8116-CB86C64F2610}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{5F3EC9EB-F3F2-474D-963D-413D037A255E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{63AAE701-A23C-4CE7-AC1D-F779A6C9A697}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{642A43AD-5699-4D7D-A012-D01EEEA8F79D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{661540D2-EFDB-4236-96AF-A85618C6257E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{66479555-26B1-4E79-965F-D42D22123E95}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6B2D2D7E-98E9-483D-B66D-39E1AB95D296}" = dir=out | app=c:\program files\intel\wifi\bin\ccdash.exe |
"{6C248607-EEA6-4E13-8853-F0CF52A6CB0C}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{6E290521-270A-4505-8771-FD3E88D46264}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{72F4B330-EFA3-48D2-96A3-88F7B82DAB25}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{79F60B54-5B8D-4352-A6D1-9CCB8C0AA61C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A6B5902-E5A2-489C-84CD-0CE9AFD372F8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{7D0046BF-2367-4A60-871D-528CF9824B70}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7DB8F58A-F970-4059-A7D7-BE4114DCFA87}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{7E40A7B8-B376-4A5D-BD9A-04E396E7EDDD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{82681C0D-B93C-45CE-A15E-CACE86AAA703}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{852FAC85-4E5D-443B-AEE9-A2C224EA968B}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{8D63EF4D-9681-4892-8F0A-FFF64551BE61}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{912F1242-9159-43EE-A1CD-B6FB1AE31696}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{96A234B5-989A-4796-858B-874A4DBF0BDA}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{9A97C5A4-2AB5-413A-85D5-B9C1AE296276}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{9C7C2A5C-72F9-4D4F-9C33-70808951C92F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CAE5904-E97B-414F-8BCF-D1E95E5BACEC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CAE8142-82B3-446B-A7C8-4A780092C224}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{9DE6B383-9ED3-4657-BEC9-5F560A76FCFC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A66B8B83-A104-45A5-9293-8B2CB77BFE09}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A72C8FA3-4DB6-4838-ADB7-EFA07D245597}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A83CACD8-0303-4285-A4FC-2971DC79BA2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AB11D256-4298-408E-89B9-0AA5E35FA5B5}" = dir=in | app=c:\users\scotty\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{AE0614FD-F15E-4553-AFCC-5F5306E84F65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B5DE4D70-B903-45A6-9A1B-1A5376C7D544}" = protocol=6 | dir=out | app=system |
"{BC4D857F-5409-4C31-B2C4-973DF7748CA8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{BF31304B-8EDD-42C9-8E66-7F4514B9AE58}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{C167BCE6-2425-465E-AF78-3DF79610100F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1C354F3-BC46-4507-9FF2-979B5007CAA6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2355C06-0766-41AD-900C-C9229959F1BA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C29F324C-E099-40F7-B84E-34E6BBF6E862}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{C3280548-E749-459E-BFED-D9A3FA2B629E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9B63E7E-7417-4CDE-BC1D-76BC6EA605D7}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{D1E2DD9E-AA59-4818-96D6-94514E8FF696}" = dir=in | app=c:\program files\intel\wifi\bin\ccdash.exe |
"{D2E524C3-9666-4993-B7FB-86724D9F7F35}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{D4A2238D-7CF7-4337-A509-8B119760A51A}" = dir=in | app=c:\program files\intel\wifi\bin\ccdashserver.exe |
"{D63A2F3B-C32A-466C-B5FF-1A2A413AA9D5}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{DEA5D910-170C-4F67-8A83-835527F456A4}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{E46D59CF-B01B-400E-A2F1-3B760C591545}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E4E6AAF8-B0FC-401B-B49C-ECBF73C71C71}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{EE99D4E4-EC3E-45CD-B542-3677B6BEA759}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{F4A93A7F-ACAA-4D2F-B003-32B2AAB15C20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB9FB4EA-C885-46D5-9EEF-20D7BEE5D727}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe |
"{FFE49255-1B0F-4328-A103-63B5B638B607}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{04C3CD7E-6872-40E0-BBF9-D755D44FC604}C:\program files (x86)\dell\stage remote\stageremoteservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"UDP Query User{80405B22-9BCD-4049-A574-E374E4E271D1}C:\program files (x86)\dell\stage remote\stageremoteservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1" = Open Freely
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5117E283-B934-79AB-6FEF-82BFEBFF1899}" = AMD AVIVO64 Codecs
"{520C4DD4-2BC7-409B-BA48-E1A4F832662D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{54EB8041-1115-4406-AA4B-44D236E84B3B}" = Intel® PROSet/Wireless WiFi Software
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7F624BD1-4FE0-432F-B928-68302E156D04}" = AVG 2014
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92D988EC-0FC4-DA46-CE73-496F2CD22DB3}" = AMD Accelerated Video Transcoding
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1B033E8-A077-4B0D-9831-5798E19E861E}" = Intel(R) Smart Connect Technology 2.0 x64
"{D2C14714-B63F-FADB-740D-47424E5617BF}" = AMD Catalyst Install Manager
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F0AFAB37-12C4-26CF-5E40-728AA59F37A6}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2014
"Dell V310-V510 Series" = Dell V310-V510 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = My Dell
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225D395-ADEC-76AC-9E63-3232EC84D048}" = Catalyst Control Center
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar
"{0A027644-0CF1-9862-D9C1-CA597C67AA81}" = CCC Help Swedish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22CE7C3F-4952-8B46-54C3-8390BC0724B4}" = CCC Help Italian
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2516CD06-49E8-1851-834E-D190304B34DA}" = CCC Help German
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C40ACF7-C3A9-E39C-47E1-FD4A58E60C29}" = CCC Help Japanese
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D47697-42E1-ED74-5904-FC04731EBE06}" = CCC Help Portuguese
"{3B522C13-372A-685E-F2A0-02A761AF5DB2}" = CCC Help Finnish
"{3BD7DD08-991B-4A2F-A165-614ED14EAADD}" = Dell MusicStage
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{431E2654-B0A4-4140-82A2-DD55B028B626}" = Blio
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{51FDC2DE-0917-46B7-EAEC-5377504701DE}" = PowerXpressHybrid
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A27CB1D-7A41-6926-9810-00D8214EAB80}" = PX Profile Update
"{61EF4A3D-2D5B-3C5C-0C99-DF567F2581F4}" = CCC Help English
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A38D558-9D5E-9266-6143-07805FD559FE}" = Catalyst Control Center InstallProxy
"{6CE671FF-DAD0-2A5D-C707-6C2D018EA25C}" = CCC Help French
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9019E2CC-B5A5-191D-840E-E14B675B9971}" = Catalyst Control Center Localization All
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA7C7EF-5772-2F3A-71A6-DFE6A51CAD1B}" = CCC Help Norwegian
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A5F90AE3-7BB9-EBB5-0362-006D353F0AB1}" = CCC Help Dutch
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7DA95E1-954E-5180-220F-B5484F388E5C}" = CCC Help Spanish
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C53BCCBE-9268-4C09-82E9-611444A73B3F}" = Dell DataSafe Online
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB0F4DF9-3AEA-F571-322B-A97FD1062FF7}" = CCC Help Chinese Traditional
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47490E6-97F8-C742-0DC0-B7C5994CDAC5}" = CCC Help Russian
"{D8DD96BD-6E49-0D98-040E-6E566F629D1C}" = CCC Help Korean
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DB788C65-F9E6-1826-5563-6A65C3034263}" = Catalyst Control Center Profiles Mobile
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBE939ED-4612-45FD-A39E-77AC199C4273}" = Absolute Notifier
"{EC539703-F8DF-41B3-91C1-9630EAD18E46}" = Catalyst Control Center - Branding
"{F04259A5-F38C-7553-10CD-6CFA76F08197}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FC45E4D6-FEA5-4091-B172-4351D130C2E1}" = Dell Stage
"{FD94B93E-F717-C636-A7BD-158F6463B423}" = CCC Help Danish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Dell Webcam Central" = Dell Webcam Central
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"MuseScore" = MuseScore 1.3
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SpeedItup Free_is1" = SpeedItup Free 7.85
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WiseConvert Toolbar" = WiseConvert Toolbar
"WT089409" = Bejeweled 2 Deluxe
"WT089410" = Blackhawk Striker 2
"WT089411" = Build-a-lot 2
"WT089412" = Cake Mania
"WT089413" = Chuzzle Deluxe
"WT089414" = Diner Dash 2 Restaurant Rescue
"WT089415" = Dora's World Adventure
"WT089418" = FATE
"WT089420" = Jewel Quest
"WT089422" = Jewel Quest Solitaire 2
"WT089426" = Poker Superstars III
"WT089430" = Virtual Villagers 4 - The Tree of Life
"WT089433" = Polar Golfer
"WT089434" = Escape Whisper Valley (TM)
"WT089440" = Namco All-Stars PAC-MAN
"WT089443" = Bounce Symphony
"WT089444" = Final Drive Nitro
"WT089445" = Penguins!
"WT089446" = Wedding Dash - Ready, Aim, Love!
"WT089448" = Zuma Deluxe
"WT089450" = Farm Frenzy
"WT089452" = Plants vs. Zombies - Game of the Year
"WT089499" = Final Drive Fury
"WT089503" = Samantha Swift
"WT089507" = Luxor
"WT089508" = Polar Bowler
"ZinioReader4" = Zinio Reader 4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19/08/2013 07:57:12 | Computer Name = scotty-PC | Source = ISCT Agent | ID = 1003
Description =
Error - 19/08/2013 07:57:12 | Computer Name = scotty-PC | Source = ISCT Agent | ID = 1003
Description =
Error - 19/08/2013 07:57:13 | Computer Name = scotty-PC | Source = WinMgmt | ID = 10
Description =
Error - 19/08/2013 08:08:32 | Computer Name = scotty-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerUpdateService.exe, version:
11.6.602.180, time stamp: 0x51a4ab8c Faulting module name: ntdll.dll, version: 6.1.7601.18205,
time stamp: 0x51db9710 Exception code: 0xc0000005 Fault offset: 0x0002e243 Faulting
process id: 0x1d88 Faulting application start time: 0x01ce9cd4bf921099 Faulting application
path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 105d5b8e-08c8-11e3-b36e-84a6c8cf2807
Error - 19/08/2013 08:59:41 | Computer Name = scotty-PC | Source = ISCT Agent | ID = 1003
Description =
Error - 19/08/2013 08:59:41 | Computer Name = scotty-PC | Source = ISCT Agent | ID = 1003
Description =
Error - 19/08/2013 08:59:42 | Computer Name = scotty-PC | Source = WinMgmt | ID = 10
Description =
Error - 19/08/2013 09:08:02 | Computer Name = scotty-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerUpdateService.exe, version:
11.6.602.180, time stamp: 0x51a4ab8c Faulting module name: ntdll.dll, version: 6.1.7601.18205,
time stamp: 0x51db9710 Exception code: 0xc0000005 Fault offset: 0x0002e243 Faulting
process id: 0x1eac Faulting application start time: 0x01ce9cdd21594702 Faulting application
path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 603d2d9a-08d0-11e3-821b-84a6c8cf2807
Error - 19/08/2013 09:14:46 | Computer Name = scotty-PC | Source = ISCT Agent | ID = 1003
Description =
Error - 19/08/2013 09:14:46 | Computer Name = scotty-PC | Source = ISCT Agent | ID = 1003
Description =
Error - 19/08/2013 09:14:46 | Computer Name = scotty-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 21/12/2012 23:20:31 | Computer Name = scotty-PC | Source = MCUpdate | ID = 0
Description = 03:20:31 - Error connecting to the internet. 03:20:31 - Unable
to contact server..
Error - 21/12/2012 23:20:38 | Computer Name = scotty-PC | Source = MCUpdate | ID = 0
Description = 03:20:36 - Error connecting to the internet. 03:20:36 - Unable
to contact server..
Error - 22/12/2012 00:20:56 | Computer Name = scotty-PC | Source = MCUpdate | ID = 0
Description = 04:20:56 - Error connecting to the internet. 04:20:56 - Unable
to contact server..
Error - 22/12/2012 00:21:05 | Computer Name = scotty-PC | Source = MCUpdate | ID = 0
Description = 04:21:01 - Error connecting to the internet. 04:21:01 - Unable
to contact server..
Error - 22/12/2012 01:21:13 | Computer Name = scotty-PC | Source = MCUpdate | ID = 0
Description = 05:21:13 - Error connecting to the internet. 05:21:13 - Unable
to contact server..
Error - 22/12/2012 01:21:20 | Computer Name = scotty-PC | Source = MCUpdate | ID = 0
Description = 05:21:18 - Error connecting to the internet. 05:21:18 - Unable
to contact server..
Error - 22/12/2012 02:21:28 | Computer Name = scotty-PC | Source = MCUpdate | ID = 0
Description = 06:21:28 - Error connecting to the internet. 06:21:28 - Unable
to contact server..
Error - 22/12/2012 02:21:35 | Computer Name = scotty-PC | Source = MCUpdate | ID = 0
Description = 06:21:33 - Error connecting to the internet. 06:21:33 - Unable
to contact server..
[ System Events ]
Error - 13/01/2014 13:44:40 | Computer Name = scotty-PC | Source = Service Control Manager | ID = 7024
Description = The AVG Firewall service terminated with service-specific error %%-536805289.
Error - 13/01/2014 14:01:47 | Computer Name = scotty-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:00:18 on ?13/?01/?2014 was unexpected.
Error - 13/01/2014 14:01:50 | Computer Name = scotty-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService
service to connect.
Error - 13/01/2014 14:01:50 | Computer Name = scotty-PC | Source = Service Control Manager | ID = 7000
Description = The dleaCATSCustConnectService service failed to start due to the
following error: %%1053
Error - 14/01/2014 02:04:55 | Computer Name = scotty-PC | Source = DCOM | ID = 10010
Description =
Error - 14/01/2014 02:05:31 | Computer Name = scotty-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService
service to connect.
Error - 14/01/2014 02:05:31 | Computer Name = scotty-PC | Source = Service Control Manager | ID = 7000
Description = The dleaCATSCustConnectService service failed to start due to the
following error: %%1053
Error - 14/01/2014 02:49:16 | Computer Name = scotty-PC | Source = DCOM | ID = 10010
Description =
Error - 14/01/2014 02:49:53 | Computer Name = scotty-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService
service to connect.
Error - 14/01/2014 02:49:53 | Computer Name = scotty-PC | Source = Service Control Manager | ID = 7000
Description = The dleaCATSCustConnectService service failed to start due to the
following error: %%1053
< End of report >
and aswMBR
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-14 11:48:01
-----------------------------
11:48:01.825 OS Version: Windows x64 6.1.7601 Service Pack 1
11:48:01.826 Number of processors: 4 586 0x3A09
11:48:01.826 ComputerName: SCOTTY-PC UserName: scotty
11:48:02.066 Initialize success
11:52:12.831 AVAST engine defs: 14011400
11:55:04.955 The log file has been saved successfully to "C:\Users\scotty\Documents\zanna\misc\computer\fix files\aswMBR.txt"
I couldnt find MBR.dat
Hi Zanny ;)
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Next
http://i.imgur.com/81mYIKe.jpg AdwCleaner
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
----------
http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
Next
Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) and save it to your desktop.
Quit all other programs
Start RogueKiller.exe
Wait until the Prescan has finished ...
Click on Scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png
Wait for the end of the scan
A report will be created on your desktop.
Click on the Delete button
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRDelete.png
Next click on the ShortcutsFix
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRShortcutsFix.png
another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.
On your next reply please post :
Checkup.txt
AdwCleaner[R0].txt
JRT.txt
All RKreport.txt
Let me know if you have any problems in performing with the steps above or any questions you may have.
Good Day!
Good morning!
Hopefully I did all that ok! Hopefully the files requested are attached!
thanks
I just noticed my windows update had new updates to be installed, so I did. I hope this wasnt the wrong thing to do right now. Here is the log for what was installed.
thanks!
Security Update for Windows 7 for x64-based Systems (KB2862330)
Installation date: 15/01/2014 09:31
Installation status: Successful
Update type: Important
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
More information:
http://support.microsoft.com/kb/2862330
Help and Support:
http://support.microsoft.com
Security Update for Windows 7 for x64-based Systems (KB2913602)
Installation date: 15/01/2014 09:31
Installation status: Successful
Update type: Important
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
More information:
http://support.microsoft.com/kb/2913602
Help and Support:
http://support.microsoft.com
Update for Windows 7 for x64-based Systems (KB2913431)
Installation date: 15/01/2014 09:31
Installation status: Successful
Update type: Recommended
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
More information:
http://support.microsoft.com/kb/2913431
Help and Support:
http://support.microsoft.com
Windows Malicious Software Removal Tool x64 - January 2014 (KB890830)
Installation date: 15/01/2014 09:31
Installation status: Successful
Update type: Important
After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you start your computer. A new version of the tool will be offered every month. If you want to manually run the tool on your computer, you can download a copy from the Microsoft Download Center, or you can run an online version from microsoft.com. This tool is not a replacement for an antivirus product. To help protect your computer, you should use an antivirus product.
More information:
http://support.microsoft.com/kb/890830
Help and Support:
http://support.microsoft.com
Definition Update for Windows Defender - KB915597 (Definition 1.165.1783.0)
Installation date: 15/01/2014 05:31
Installation status: Successful
Update type: Important
Install this update to revise the definition files used to detect spyware and other potentially unwanted software. Once you have installed this item, it cannot be removed.
More information:
http://www.microsoft.com/athome/security/spyware/software/about/overview.mspx
Help and Support:
http://go.microsoft.com/fwlink/?LinkId=52661
Hi Zanny
Do you remember in my first post? :yes:
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
:friend:
Please Only Copy And Paste Reports Into Topic - Do Not Attach Thanks
------------------------------------------
http://i.imgur.com/81mYIKe.jpg AdwCleaner
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Next
Please read through these instructions to familarize yourself with what to expect when this tool runs
Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
* IMPORTANT- Save ComboFix.exe to your Desktop
====================================================
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)
====================================================
Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
On your next reply please post :
AdwCleaner[S0].txt
C:\ComboFix.txt
Let me know if you have any problems in performing with the steps above or any questions you may have.
Good Day!
First two points noted.
I followed the instructions, but I did not get the window to save combofix to the desktop it ran immediately.
Here are the log files
Adwcleaner
# AdwCleaner v3.017 - Report created 15/01/2014 at 23:58:04
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : scotty - SCOTTY-PC
# Running from : C:\Users\scotty\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\boost_interprocess
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\scotty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Deleted : C:\Users\scotty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\Browser Manager
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKCU\Software\532da8fb36de910
Key Deleted : HKLM\SOFTWARE\532da8fb36de910
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{748E8CA1-084F-4156-9E0F-D82ABD29752B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AFF3485-59BB-455B-9972-CEB7C8F75AFB}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\wscontb
Key Deleted : HKCU\Software\WiseConvert
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\WiseConvert
Key Deleted : HKLM\Software\WiseConvert
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\scotty\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [9322 octets] - [15/01/2014 05:29:25]
AdwCleaner[R1].txt - [5269 octets] - [15/01/2014 23:50:34]
AdwCleaner[S0].txt - [5107 octets] - [15/01/2014 23:58:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5167 octets] ##########
combofix file
ComboFix 14-01-14.02 - scotty 16/01/2014 0:20.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8058.5376 [GMT 2:00]
Running from: c:\users\scotty\Downloads\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6422\AddOnDownloaded\1ad2478a-f061-4c93-bd0d-d1433323fd23.dll
c:\programdata\PCDr\6422\AddOnDownloaded\25859408-d118-4a4d-a622-6f6b98c8b7a4.dll
c:\programdata\PCDr\6422\AddOnDownloaded\2ff77179-a156-48e2-9210-92584330fa1e.dll
c:\programdata\PCDr\6422\AddOnDownloaded\4024761b-0217-45f9-98b3-a2cd8c309252.dll
c:\programdata\PCDr\6422\AddOnDownloaded\433f450c-7cfc-4bb7-9084-d52289cd0b0f.dll
c:\programdata\PCDr\6422\AddOnDownloaded\538ed073-443d-4773-bf99-d9acbd2ae75f.dll
c:\programdata\PCDr\6422\AddOnDownloaded\58073f58-c256-45c9-a26d-2c9c44ad6b03.dll
c:\programdata\PCDr\6422\AddOnDownloaded\712ff270-978b-4b35-9eb6-621f6ff35d6e.dll
c:\programdata\PCDr\6422\AddOnDownloaded\721f0e40-f9ae-403d-b919-f31f136f926d.dll
c:\programdata\PCDr\6422\AddOnDownloaded\a4f460a6-e6cd-457f-931d-cb0fc7d56d03.dll
c:\programdata\PCDr\6422\AddOnDownloaded\b0bf6cc9-ca1b-4293-aa54-f533d6b586c7.dll
c:\programdata\PCDr\6422\AddOnDownloaded\b46fef86-eb4a-44db-ad48-0c00477a0097.dll
c:\programdata\PCDr\6422\AddOnDownloaded\ca984d5b-37f4-4f56-8ca3-2a0d6cdba833.dll
c:\programdata\PCDr\6422\AddOnDownloaded\cce4ac4d-7353-4099-b347-95166f07f05e.dll
c:\programdata\Roaming
c:\programdata\SPL1FEB.tmp
c:\programdata\SPL2D76.tmp
c:\programdata\SPL2FC.tmp
c:\programdata\SPL3D2E.tmp
c:\programdata\SPL3D8C.tmp
c:\programdata\SPL3E47.tmp
c:\programdata\SPL3E66.tmp
c:\programdata\SPL3F60.tmp
c:\programdata\SPL3F7F.tmp
c:\programdata\SPL3F80.tmp
c:\programdata\SPL3FAE.tmp
c:\programdata\SPL40D6.tmp
c:\programdata\SPL40F5.tmp
c:\programdata\SPL4114.tmp
c:\programdata\SPL4143.tmp
c:\programdata\SPL421E.tmp
c:\programdata\SPL425C.tmp
c:\programdata\SPL427B.tmp
c:\programdata\SPL42BA.tmp
c:\programdata\SPL4401.tmp
c:\programdata\SPL44AD.tmp
c:\programdata\SPL450A.tmp
c:\programdata\SPL4836.tmp
c:\programdata\SPL4845.tmp
c:\programdata\SPL494E.tmp
c:\programdata\SPL4AE4.tmp
c:\programdata\SPL4B9F.tmp
c:\programdata\SPL4C3B.tmp
c:\programdata\SPL4C6A.tmp
c:\programdata\SPL4C99.tmp
c:\programdata\SPL4D06.tmp
c:\programdata\SPL4FE3.tmp
c:\programdata\SPL50AE.tmp
c:\programdata\SPL534D.tmp
c:\programdata\SPL54F2.tmp
c:\programdata\SPL557E.tmp
c:\programdata\SPL55DC.tmp
c:\programdata\SPL5678.tmp
c:\programdata\SPL56D6.tmp
c:\programdata\SPL586B.tmp
c:\programdata\SPL58B9.tmp
c:\programdata\SPL5917.tmp
c:\programdata\SPL67E.tmp
c:\programdata\SPL6CA6.tmp
c:\programdata\SPL6CB6.tmp
c:\programdata\SPL7359.tmp
c:\programdata\SPL7F1A.tmp
c:\programdata\SPL90C7.tmp
c:\programdata\SPL9117.tmp
c:\programdata\SPL9951.tmp
c:\programdata\SPL9C7F.tmp
c:\programdata\SPLE9D1.tmp
c:\programdata\SPLFA07.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-12-15 to 2014-01-15 )))))))))))))))))))))))))))))))
.
.
2014-01-15 22:24 . 2014-01-15 22:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-15 22:03 . 2014-01-15 22:03 -------- d-----w- c:\programdata\boost_interprocess
2014-01-15 21:46 . 2014-01-15 21:59 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2014-01-15 05:30 . 2014-01-15 05:30 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 03:40 . 2014-01-15 03:40 -------- d-----w- c:\windows\ERUNT
2014-01-15 03:31 . 2013-11-27 01:42 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 03:31 . 2013-11-27 01:42 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 03:31 . 2013-11-27 01:42 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 03:31 . 2013-11-27 01:42 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 03:31 . 2013-11-27 01:42 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 03:31 . 2013-11-27 01:42 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 03:31 . 2013-11-27 01:42 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 03:31 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 03:31 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 03:31 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFA394BD-FD36-419F-9B4C-9E1F7519F6E6}\mpengine.dll
2014-01-15 03:29 . 2014-01-15 21:58 -------- d-----w- C:\AdwCleaner
2014-01-13 17:45 . 2014-01-13 17:45 -------- d-----w- c:\users\scotty\AppData\Roaming\AVG2014
2014-01-13 17:44 . 2014-01-13 17:44 -------- d-----w- c:\users\scotty\AppData\Roaming\TuneUp Software
2014-01-13 17:43 . 2014-01-13 17:44 -------- d-----w- c:\programdata\AVG2014
2014-01-13 17:43 . 2014-01-13 17:43 -------- d-----w- C:\$AVG
2014-01-13 17:43 . 2014-01-13 17:43 -------- d-----w- c:\program files (x86)\AVG
2014-01-13 17:32 . 2014-01-15 21:52 -------- d-----w- c:\programdata\MFAData
2014-01-13 17:32 . 2014-01-13 18:03 -------- d-----w- c:\users\scotty\AppData\Local\Avg2014
2014-01-13 17:32 . 2014-01-13 17:32 -------- d--h--w- c:\programdata\Common Files
2014-01-13 17:32 . 2014-01-13 17:32 -------- d-----w- c:\users\scotty\AppData\Local\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-15 21:59 . 2012-10-27 03:35 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2014-01-15 07:30 . 2012-11-03 09:08 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-11-26 11:54 . 2013-12-11 03:01 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 03:01 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 03:01 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 03:01 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 03:01 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 03:01 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 03:01 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 03:01 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 03:01 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 03:01 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 03:01 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 03:01 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 03:01 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 03:01 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 03:01 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 03:01 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 03:01 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 03:01 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 03:01 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 03:01 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 03:01 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 03:01 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 03:01 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 03:01 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-26 03:04 . 2013-11-26 03:04 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-26 03:04 . 2013-11-26 03:04 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-26 03:04 . 2013-11-26 03:04 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-26 03:04 . 2013-11-26 03:04 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-26 03:04 . 2013-11-26 03:04 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-26 03:04 . 2013-11-26 03:04 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-26 03:04 . 2013-11-26 03:04 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-26 03:04 . 2013-11-26 03:04 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-26 03:04 . 2013-11-26 03:04 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-26 03:04 . 2013-11-26 03:04 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-26 03:04 . 2013-11-26 03:04 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-26 03:04 . 2013-11-26 03:04 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-26 03:04 . 2013-11-26 03:04 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-26 03:04 . 2013-11-26 03:04 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-26 03:04 . 2013-11-26 03:04 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-26 03:04 . 2013-11-26 03:04 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-26 03:04 . 2013-11-26 03:04 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-26 03:04 . 2013-11-26 03:04 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-26 03:04 . 2013-11-26 03:04 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-26 03:04 . 2013-11-26 03:04 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-26 03:04 . 2013-11-26 03:04 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-26 03:04 . 2013-11-26 03:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-26 03:04 . 2013-11-26 03:04 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-26 03:04 . 2013-11-26 03:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-26 03:04 . 2013-11-26 03:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-26 03:04 . 2013-11-26 03:04 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-26 03:04 . 2013-11-26 03:04 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-26 03:04 . 2013-11-26 03:04 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-26 03:04 . 2013-11-26 03:04 413696 ----a-w- c:\windows\system32\html.iec
2013-11-26 03:04 . 2013-11-26 03:04 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 03:04 . 2013-11-26 03:04 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-26 03:04 . 2013-11-26 03:04 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-26 03:04 . 2013-11-26 03:04 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-26 03:04 . 2013-11-26 03:04 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-26 03:04 . 2013-11-26 03:04 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-26 03:04 . 2013-11-26 03:04 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-26 03:04 . 2013-11-26 03:04 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-26 03:04 . 2013-11-26 03:04 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-26 03:04 . 2013-11-26 03:04 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-26 03:04 . 2013-11-26 03:04 235520 ----a-w- c:\windows\system32\url.dll
2013-11-26 03:04 . 2013-11-26 03:04 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-26 03:04 . 2013-11-26 03:04 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-26 03:04 . 2013-11-26 03:04 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-26 03:04 . 2013-11-26 03:04 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-26 03:04 . 2013-11-26 03:04 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-26 03:04 . 2013-11-26 03:04 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-26 03:04 . 2013-11-26 03:04 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-26 03:04 . 2013-11-26 03:04 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-26 03:04 . 2013-11-26 03:04 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-26 03:04 . 2013-11-26 03:04 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-26 03:04 . 2013-11-26 03:04 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-26 03:04 . 2013-11-26 03:04 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-26 03:04 . 2013-11-26 03:04 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-26 03:04 . 2013-11-26 03:04 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-26 03:04 . 2013-11-26 03:04 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-26 03:04 . 2013-11-26 03:04 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-26 03:04 . 2013-11-26 03:04 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-26 03:04 . 2013-11-26 03:04 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-26 03:04 . 2013-11-26 03:04 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-23 18:26 . 2013-12-10 22:44 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-10 22:44 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 03:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-12 02:23 . 2013-12-10 22:44 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-10 22:44 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-11-05 19:55 . 2013-11-05 19:55 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-11-04 19:52 . 2013-11-04 19:52 240920 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-10-31 21:00 . 2013-10-31 21:00 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-10-31 20:49 . 2013-10-31 20:49 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-10-30 02:32 . 2013-12-10 22:44 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-10 22:44 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-24 20:25 . 2013-10-24 20:25 194872 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-10-19 02:18 . 2013-12-10 22:44 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-10 22:44 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-19 636032]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2012-03-06 577024]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2011-05-10 85672]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\scotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\users\scotty\Desktop\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\dleaserv.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe;c:\windows\SYSNATIVE\dleacoms.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys;c:\windows\SYSNATIVE\DRIVERS\irstrtdv.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-15 22:03 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-06 19:30]
.
2013-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cef0c387dd926e.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-06 19:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-13 1425408]
"IntelMyWiFiDashboard"="c:\program files\Intel\WiFi\bin\CCDashServer.exe" [2012-03-30 4966912]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-03-29 4756240]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-22 11406608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-28 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-28 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-28 439576]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2011-01-24 139944]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-SpeedItup Free_is1 - c:\program files (x86)\SpeedItup Free\unins000.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-16 00:26:45
ComboFix-quarantined-files.txt 2014-01-15 22:26
.
Pre-Run: 141,162,426,368 bytes free
Post-Run: 140,834,770,944 bytes free
.
- - End Of File - - 9342E3917B350ECB843A0C0560A667F1
Hi zanny
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean
Next
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/products/malwarebytes_free/) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://whatthetech.com/ldtate/Images/MBAM.PNG
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Next
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://www.eset.com/online-scanner-popup/)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
Push the Back button.
Select Uninstall application on close check box and push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please let me know how your machine is running and if there are any outstanding issues
On your next reply please post :
MBAM report
Eset report
Let me know if you have any problems in performing with the steps above or any questions you may have.
Good Day!
Thanks for your reply
That seemed to go fine. The scans were clean until the last one which identified some infected files (spybot files?).
Generally the computer seems to be running well, with a lot of annoying things gone!
Thanks
Here are the logs requested.
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.18.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
scotty :: SCOTTY-PC [administrator]
Protection: Enabled
18/01/2014 14:32:31
mbam-log-2014-01-18 (14-32-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213482
Time elapsed: 2 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO13.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO18.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO23.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO28.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO8.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO13.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO18.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO23.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO28.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO8.zip Win32/Bagle.gen.zip worm
Hi Zanny
Very good job ;)
(spybot files?).
Yes, these are files that are located in quarantine's folder of spybot
------------------------------------
Please follow all previous instructions regarding security programs.
Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.
Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
ClearJavaCache
In the notepad
Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.
This will start ComboFix again.Close all browser/windows first.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Next
Re-Run OTL
Open OTL again and click the Quick Scan button
Post the OTL.txt log it produces in your next reply.
Unfortunately I came across problems here. When I did what you said for Combofix (I think (the program is in the download file as I could not save it to the desktop), the window stalled, I left it for the whole day, when I came back the computer had gone to sleep, wouldnt reboot and I had to force the computer to turn of and restart. I did not do the second step.
Thanks
z
Ok zanny ;)
Please run the second step. No problem :)
good morning, here is the second log from OTL
OTL logfile created on: 23/01/2014 06:46:19 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\scotty\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
7.87 Gb Total Physical Memory | 4.46 Gb Available Physical Memory | 56.73% Memory free
15.74 Gb Paging File | 11.53 Gb Available in Paging File | 73.27% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216.62 Gb Total Space | 130.84 Gb Free Space | 60.40% Space Free | Partition Type: NTFS
Drive F: | 7.39 Gb Total Space | 0.36 Gb Free Space | 4.83% Space Free | Partition Type: FAT32
Computer Name: SCOTTY-PC | User Name: scotty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\scotty\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\scotty\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Users\scotty\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\scotty\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Intel)
PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe (Nero AG)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe ()
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
PRC - C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe (Absolute Software)
PRC - C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\c94852f43f7ac59fcbe4c54b119788d2\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\96afc74588c6581e299884469ea0dced\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\0907f7b4f6806e1b4f5ece93a49865ef\System.Data.Entity.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a42743bb1ed71d59b6594b67cf6c9384\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4774201dc923674852e089053f76e76e\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\78ae7334cd4505ed06c32045ec670927\ReachFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\5393c55b8dd50b54e60bc59f175478ee\PresentationUI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0a7b20934d7587787e7dae923d1614f4\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\65fa27da96ef57affcac61ac16c111e0\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\08d05898be584065b797a6dd48d9ad56\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c5f2c02bd940c74019ed4a183c7830c0\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\03dc83fbe48384390aed7a455e949789\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1327ad2637aab17189c5461fbf30dc19\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\591b99d5681c59ed6c5e9544d7def0ea\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c04ee50363f97f7d8163c318a29ae851\System.DirectoryServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Printing\079fad14e3994552238179d60fe7d7cb\System.Printing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3ea679e79eda32e3465d8cf36e838a00\PresentationCFFRasterizer.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\033da6b735d41afaa20309b5e87e2ae0\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\8f4a3d09bd38a742ccfe4a20a126fff5\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\28acf866ccc5092b2241bc8206091ba1\Microsoft.VisualC.ni.dll ()
MOD - C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll ()
MOD - C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll ()
MOD - C:\Program Files (x86)\Nero\SyncUP\AdbDetect.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\DataService.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadrs.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\DLEAcfg.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epoemdll.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epwizres.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epwizard.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\customui.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epfunct.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\eputil.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\imagutil.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll ()
MOD - C:\Windows\SysWOW64\DLEAsmr.dll ()
MOD - C:\Windows\SysWOW64\DLEAsm.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (ISCTAgent) -- c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ()
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (dlea_device) -- C:\Windows\SysNative\dleacoms.exe ( )
SRV:64bit: - (dleaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (GamesAppIntegrationService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Users\scotty\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Users\scotty\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AbsoluteNotifier) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe (Absolute Software)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (dleaCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV - (dlea_device) -- C:\Windows\SysWOW64\dleacoms.exe ( )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (WPRO_41_2001) -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys ()
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation)
DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\drivers\irstrtdv.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\drivers\Smb_driver.sys (Synaptics Incorporated)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD64.sys ()
DRV:64bit: - (imsevent) -- C:\Windows\SysNative\drivers\imsevent.sys ()
DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\drivers\ikbevent.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F08F8B05-D76E-4149-BCDD-864B27844B1D}
IE:64bit: - HKLM\..\SearchScopes\{F08F8B05-D76E-4149-BCDD-864B27844B1D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{F08F8B05-D76E-4149-BCDD-864B27844B1D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {F08F8B05-D76E-4149-BCDD-864B27844B1D}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\scotty\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
[2012/11/19 09:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=C9C61F15-5D6F-494E-8721-DAF1E5A9719B&apn_ptnrs=U3&apn_sauid=E55959EF-A147-4ECF-A65A-A84919CA536A&apn_dtid=OSJ000YYGB&q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: BrowserProtect (Enabled) = C:\Users\scotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Skype Click to Call = C:\Users\scotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Wallet = C:\Users\scotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
O1 HOSTS File: ([2014/01/15 22:25:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelMyWiFiDashboard] C:\Program Files\Intel\WiFi\bin\CCDashServer.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Absolute Notifier] C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E799692-0B83-4D38-807C-4B4744A13ADD}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/20 00:52:53 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/01/18 12:29:54 | 000,000,000 | ---D | C] -- C:\Users\scotty\AppData\Roaming\Malwarebytes
[2014/01/18 12:29:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/18 12:29:48 | 000,000,000 | ---D | C] -- C:\Users\scotty\Desktop\Malwarebytes' Anti-Malware
[2014/01/18 12:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/18 12:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/18 12:28:07 | 000,000,000 | ---D | C] -- C:\Users\scotty\AppData\Local\Programs
[2014/01/15 22:26:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/15 22:26:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/15 22:19:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/15 22:19:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/15 22:19:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/15 22:15:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/15 22:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2014/01/15 05:30:16 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/01/15 03:40:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/15 03:31:25 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/15 03:31:25 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/15 03:31:17 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/15 03:29:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/14 05:49:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/01/13 17:45:28 | 000,000,000 | ---D | C] -- C:\Users\scotty\AppData\Roaming\AVG2014
[2014/01/13 17:44:02 | 000,000,000 | ---D | C] -- C:\Users\scotty\AppData\Roaming\TuneUp Software
[2014/01/13 17:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/01/13 17:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/01/13 17:43:54 | 000,000,000 | ---D | C] -- C:\$AVG
[2014/01/13 17:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014/01/13 17:32:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/01/13 17:32:22 | 000,000,000 | ---D | C] -- C:\Users\scotty\AppData\Local\MFAData
[2014/01/13 17:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/01/13 17:32:22 | 000,000,000 | ---D | C] -- C:\Users\scotty\AppData\Local\Avg2014
[2012/11/06 18:23:32 | 006,246,216 | ---- | C] (Absolute Software Corp.) -- C:\Users\scotty\AppData\Roaming\LoJackSetup.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/23 05:52:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/22 23:14:04 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/22 23:14:04 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/22 23:13:06 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/22 23:13:06 | 000,664,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/22 23:13:06 | 000,125,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/22 23:07:08 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/22 23:06:54 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2014/01/22 23:06:47 | 2042,494,975 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/22 19:26:00 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Dell DataSafe Online.lnk
[2014/01/18 12:29:49 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/15 22:25:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/01/15 22:04:27 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/15 07:33:54 | 000,416,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/15 05:30:14 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/01/15 05:30:14 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/01/15 05:30:14 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/01/15 05:30:14 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/01/13 17:44:02 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/01/22 09:18:41 | 000,530,571 | ---- | C] () -- C:\Users\scotty\Documents\suz drew tax return.pdf
[2014/01/18 12:29:49 | 000,000,793 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/15 22:19:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/15 22:19:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/15 22:19:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/15 22:19:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/15 22:19:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/13 17:44:02 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/08/06 08:28:39 | 000,000,017 | ---- | C] () -- C:\Users\scotty\AppData\Local\resmon.resmoncfg
[2013/07/19 07:53:17 | 000,004,096 | -H-- | C] () -- C:\Users\scotty\AppData\Local\keyfile3.drm
[2013/06/20 09:51:40 | 000,007,168 | ---- | C] () -- C:\Users\scotty\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/27 11:52:01 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/12/05 18:03:55 | 000,000,516 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/10 16:01:33 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll
[2012/11/10 16:01:33 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll
[2012/11/10 16:01:32 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll
[2012/11/10 16:01:32 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll
[2012/11/10 16:01:32 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll
[2012/11/10 16:01:32 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll
[2012/11/10 16:01:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll
[2012/11/10 16:01:32 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll
[2012/11/10 16:01:31 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll
[2012/11/10 16:01:31 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll
[2012/11/10 16:01:31 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll
[2012/11/10 16:01:31 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll
[2012/11/10 16:01:31 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll
[2012/11/10 16:01:31 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll
[2012/11/10 16:01:30 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll
[2012/11/10 16:01:30 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe
[2012/11/10 16:01:30 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll
[2012/11/10 16:01:30 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe
[2012/11/10 16:01:29 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll
[2012/11/10 16:01:29 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe
[2012/11/10 16:01:29 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll
[2012/11/10 16:01:29 | 000,086,180 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll
[2012/11/10 16:00:29 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\DLEAsm.dll
[2012/11/10 16:00:29 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\DLEAsmr.dll
[2012/11/08 21:54:59 | 000,000,312 | ---- | C] () -- C:\Users\scotty\.stylerc2
[2012/11/08 21:54:59 | 000,000,175 | ---- | C] () -- C:\Users\scotty\.mffunctions
[2012/10/31 19:47:18 | 000,006,476 | ---- | C] () -- C:\Users\scotty\AppData\Roaming\AbsoluteReminder.xml
[2012/10/27 04:49:34 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/10/27 04:49:33 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/10/27 04:49:28 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/27 04:49:25 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012/10/27 04:49:23 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/10/27 04:49:23 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/10/27 04:49:20 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/10/27 03:40:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/27 03:40:22 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012/03/19 08:20:48 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/02/03 03:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/01/31 12:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
========== ZeroAccess Check ==========
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Files - Unicode (All) ==========
[2013/03/22 15:01:30 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?·) -- C:\Windows\SysNative\㙠·
[2013/03/22 15:01:30 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?·) -- C:\Windows\SysNative\㙠·
< End of report >
Hi zanny :)
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
O3 - HKLM\..\Toolbar: (no name) Locked - No CLSID value found
O4 - HKLM..\Run: [] File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
:Files
ipconfig /flushdns /c
:Commands
[EMPTYFLASH]
[REBOOT]
[RESETHOSTS]
[CREATERESTOREPOINT]
Then click the Run Fix button at the top
Let the program run unhindered.
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
Reset browsers
Mozilla Firefox
■ Go to "Start / Run"
■ Enter the following command:firefox -safe-mode
■ In the open window (upon launching safe mode), select "Reset preferences to default Firefox"
■ Click "Make Changes and Restart"
■ You can now browse properly on Firefox.
Internet Explorer
■ Start Internet Explorer.
■ On the Tools menu, click Internet Options.
■ On the Advanced tab, click Reset under Reset Internet Explorer settings.
■ Check Delete personal settings
■ In the Reset Internet Explorer Settings dialog box, click Reset to confirm.
Google Chrome
■ Exit Google Chrome completely.
■ Enter the keyboard shortcut Windows key + E to open Windows Explorer.
■ In the Windows Explorer window that appears enter the following in the address bar : %USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data\
Locate the folder called "Default" in the directory window that opens and rename it as "Backup default."
Try opening Google Chrome again. A new "Default" folder is automatically created as you start using the browser.
Hi thanks for that,
All went smoothly, but had to save some docs on the reboot after OTL and there was no report in notepad.
thanks!
zanny
Hi zanny
Ok good job
IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :) SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :)
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
Removing/Uninstalling AdwCleaner:
Double click on AdwCleaner.exe to run the tool again.
Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.
Clean up with OTL:
Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
MOST IMPORTANT: You Need to Update Windows and IE to get all the Latest Security Patches to protect your computer from the malware that is around on the internet.
Here are some tips to reduce the potential for spyware infection in the future:
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:
NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)
2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
Open Internet Explorer
Click on Tools > Internet Options
Press Security tab
Select Internet zone then place check next to Enable Protected Mode if not already done
Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html). **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
5.SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:
How Did I Get Infected In The First Place? (http://forums.whatthetech.com/So_how_did_I_get_infected_first_place_t57817.html) by TonyKlein
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)by miekiemoes
PC Safety and Security--What Do I Need? (http://www.techsupportforum.com/forums/f112/pc-safety-and-security-what-do-i-need-525915.html)
6. Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
7. WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
Hi there
I tried to uninstall combofix, but it crashed my computer again. Everything else went smoothly.
I was interested to see that before funning OTL the CPU was 90% and physical memory 85% in the task manager, this dropped to 27 and 41 after. There still seem to be a lot of process still running about 40, is this normal?
I am running AvG with its firewall and regularly use spybot, would you recommend anything else, for instance I have two days left on the Malwarebytes trial.
I am reading through the literature you posted, thanks for that.
At present the computer seems to be running fine.
Thank you so much for your help.
Hi there
I tried to uninstall combofix, but it crashed my computer again. Everything else went smoothly.Ok. try to reboot your pc and re-run combofix uninstall.
I was interested to see that before funning OTL the CPU was 90% and physical memory 85% in the task manager, this dropped to 27 and 41 after. There still seem to be a lot of process still running about 40, is this normal?. Yes this is normal There are many processes of your Dell
I am running AvG with its firewall and regularly use spybot, would you recommend anything else, for instance I have two days left on the Malwarebytes trial. Just to follow my latest step
I am reading through the literature you posted, thanks for that.
At present the computer seems to be running fine.
Thank you so much for your help
Very good job
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please follow the instructions here http://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-(Please-read-this-Procedure-Before-Requesting-Assistance)
and start a New Topic