Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: another win32downlaoder.gen request

  1. #1
    Junior Member
    Join Date
    Jan 2014
    Posts
    12

    Default another win32downlaoder.gen request

    I have been trying to remove win32downloader.gen and I am not having any success. I have run spybot as an administrator five times now with no success. I changed spybot in the advanced mode to unclick teatimer. I also down loaded ERUNt but then realised I am running windows 7. Please find below the latest report from spybot. Thanks in advance for your help!


    --- Search result list ---
    Win32.Downloader.gen: [SBI $E6AD2227] Program directory (Directory, nothing done)
    C:\Users\scotty\AppData\Local\Conduit\


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2012-12-01 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2014-01-08 Includes\Adware-000.sbi (*)
    2014-01-08 Includes\Adware-001.sbi (*)
    2014-01-08 Includes\Adware-C.sbi (*)
    2014-01-08 Includes\Adware.sbi (*)
    2014-01-03 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2014-01-08 Includes\Dialer-000.sbi (*)
    2014-01-08 Includes\Dialer-001.sbi (*)
    2014-01-08 Includes\Dialer-C.sbi (*)
    2014-01-08 Includes\Dialer.sbi (*)
    2013-04-11 Includes\DialerC.sbi (*)
    2013-04-11 Includes\HeavyDuty.sbi (*)
    2014-01-08 Includes\Hijackers-000.sbi (*)
    2014-01-08 Includes\Hijackers-001.sbi (*)
    2014-01-08 Includes\Hijackers-C.sbi (*)
    2014-01-08 Includes\Hijackers.sbi (*)
    2013-04-11 Includes\HijackersC.sbi (*)
    2014-01-08 Includes\iPhone-000.sbi (*)
    2014-01-08 Includes\iPhone.sbi (*)
    2014-01-08 Includes\Keyloggers-000.sbi (*)
    2014-01-08 Includes\Keyloggers-C.sbi (*)
    2014-01-08 Includes\Keyloggers.sbi (*)
    2013-10-30 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2013-05-29 Includes\Malware.sbi (*)
    2014-01-06 Includes\MalwareC.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2014-01-07 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2014-01-08 Includes\Security-000.sbi (*)
    2014-01-08 Includes\Security-C.sbi (*)
    2014-01-08 Includes\Security.sbi (*)
    2013-10-30 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2014-01-08 Includes\Spyware-000.sbi (*)
    2014-01-08 Includes\Spyware-001.sbi (*)
    2014-01-08 Includes\Spyware-C.sbi (*)
    2014-01-08 Includes\Spyware.sbi (*)
    2013-08-06 Includes\SpywareC.sbi (*)
    2012-11-19 Includes\Tracks.uti
    2013-01-16 Includes\Trojans.sbi (*)
    2013-12-11 Includes\TrojansC-02.sbi (*)
    2013-12-10 Includes\TrojansC-03.sbi (*)
    2014-01-07 Includes\TrojansC-04.sbi (*)
    2013-06-13 Includes\TrojansC-05.sbi (*)
    2013-08-06 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)


    --- Startup entries list ---
    Located: HK_LM:Run,
    command:
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, Absolute Notifier
    command: "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
    file: C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
    size: 85672
    MD5: 9CEF55257CBA29119DE88DEC175BE5E0

    Located: HK_LM:Run, AccuWeatherWidget
    command: "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    file: C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    size: 968048
    MD5: 53EDBE9C1D6B0CEC11A573852B5B6DAD

    Located: HK_LM:Run, Adobe ARM
    command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    size: 932288
    MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A

    Located: HK_LM:Run, Adobe Reader Speed Launcher
    command: "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    file: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
    size: 35736
    MD5: E97140424C378ACBD47DF493A6AB7235

    Located: HK_LM:Run, AMD AVT
    command: Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    file: C:\Windows\system32\Cmd.exe
    size: 302592
    MD5: AD7B9C14083B52BC532FBA5948342B98

    Located: HK_LM:Run, ApnUpdater
    command: "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    file: C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, AVG_UI
    command: "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
    file: C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    size: 4956176
    MD5: 643F7A81B4FC27845886AB9650AD2C61

    Located: HK_LM:Run, BCSSync
    command: "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    file: C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
    size: 89184
    MD5: 187F4C75A89E3F412322C94526320074

    Located: HK_LM:Run, Dell Webcam Central
    command: "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    file: C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    size: 577024
    MD5: 13F44960416C1D24DAAC3CBBBAE49D35

    Located: HK_LM:Run, IAStorIcon
    command: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    file: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
    size: 56088
    MD5: 5514B64F7F2D25E09E2FDAF5D62B688C

    Located: HK_LM:Run, mcui_exe
    command: "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    file: C:\Program Files\McAfee.com\Agent\mcagent.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, NeroLauncher
    command: C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    file: C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
    size: 67496
    MD5: 918850CDD168605454665D160B034837

    Located: HK_LM:Run, SpeetItUpFree
    command: "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
    file: C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe
    size: 7697496
    MD5: 7FF64140B84F5394F4B86113A0578A9C

    Located: HK_LM:Run, StartCCC
    command: "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    file: c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    size: 636032
    MD5: 5217E9229B0590655A763F263B62753D

    Located: HK_LM:Run, SunJavaUpdateSched
    command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    size: 254336
    MD5: 5B6E8E09BE6401A7E022F52FDFCB2FF8

    Located: HK_LM:Run, USB3MON
    command: "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    file: C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    size: 291608
    MD5: 6BA8D86746935498D64CB5CF6286F2EB

    Located: HK_CU:Run, Sidebar
    where: S-1-5-19...
    command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
    size: 1174016
    MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

    Located: HK_CU:RunOnce, mctadmin
    where: S-1-5-19...
    command: C:\Windows\System32\mctadmin.exe
    file: C:\Windows\System32\mctadmin.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, Sidebar
    where: S-1-5-20...
    command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
    size: 1174016
    MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

    Located: HK_CU:RunOnce, mctadmin
    where: S-1-5-20...
    command: C:\Windows\System32\mctadmin.exe
    file: C:\Windows\System32\mctadmin.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, BackgroundContainer
    where: S-1-5-21-3472192928-1086291339-420608945-1000...
    command: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\scotty\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
    file: C:\Windows\SysWOW64\Rundll32.exe
    size: 44544
    MD5: 51138BEEA3E2C21EC44D0932C71762A8

    Located: HK_CU:Run, Facebook Update
    where: S-1-5-21-3472192928-1086291339-420608945-1000...
    command: "C:\Users\scotty\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    file: C:\Users\scotty\AppData\Local\Facebook\Update\FacebookUpdate.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, OfficeSyncProcess
    where: S-1-5-21-3472192928-1086291339-420608945-1000...
    command: "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    file: C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    size: 720064
    MD5: C948AC73822CA662CF44185B909EA18B

    Located: HK_CU:Run, Skype
    where: S-1-5-21-3472192928-1086291339-420608945-1000...
    command: "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    file: C:\Program Files (x86)\Skype\Phone\Skype.exe
    size: 20584608
    MD5: 58920E6A409046BA06548D9D139CE0F0

    Located: Startup (user), ERUNT AutoBackup.lnk
    where: C:\Users\scotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Users\scotty\Desktop\ERUNT\AUTOBACK.EXE
    file: C:\Users\scotty\Desktop\ERUNT\AUTOBACK.EXE
    size: 38912
    MD5: E00DE20F0F6BED5CD2160247DDC9443B



    --- Browser helper object list ---
    {09B71986-2AC5-482d-B6CB-42EA34F4F85B} (Dell Toolbar)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Dell Toolbar
    Path: C:\Program Files\Dell Printable Web\
    Long name: toolband.dll
    Short name:
    Date (created): 10/12/2008 11:10:06
    Date (last access): 10/11/2012 18:01:42
    Date (last write): 10/12/2008 11:10:06
    Filesize: 253952
    Attributes: archive
    MD5: B2553363FD3DA02036C628DC62431C25
    CRC32: 80677E85
    Version: 1.8.12.0

    {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: AcroIEHelperStub
    CLSID name: Adobe PDF Link Helper
    Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
    Long name: AcroIEHelperShim.dll
    Short name: ACROIE~2.DLL
    Date (created): 16/11/2010 04:02:22
    Date (last access): 27/10/2012 05:48:06
    Date (last write): 16/11/2010 04:02:22
    Filesize: 62376
    Attributes: archive
    MD5: 0EE9E4D28CC1C671061CAD0334C9B59F
    CRC32: 145C5067
    Version: 10.0.0.396

    {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Groove GFS Browser Helper
    Path: C:\PROGRA~2\MICROS~3\Office14\
    Long name: GROOVEEX.DLL
    Short name:
    Date (created): 09/03/2013 02:10:30
    Date (last access): 26/11/2013 05:02:30
    Date (last write): 09/03/2013 02:10:30
    Filesize: 4171464
    Attributes: archive
    MD5: D1F438E9DFD869B33D1EDB635764C892
    CRC32: C1505764
    Version: 14.0.7011.1000

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Windows Live ID Sign-in Helper
    Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 21/09/2010 21:08:38
    Date (last access): 27/10/2012 05:47:04
    Date (last write): 21/09/2010 21:08:38
    Filesize: 439168
    Attributes: archive
    MD5: 6BF01E200063D7274F3AF06D226671F5
    CRC32: C8953126
    Version: 7.250.4225.0

    {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} (SkypeIEPluginBHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: SkypeIEPluginBHO
    CLSID name: Skype Browser Helper
    Path: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\
    Long name: skypeieplugin.dll
    Short name: SKYPEI~1.DLL
    Date (created): 09/10/2013 12:57:48
    Date (last access): 27/10/2013 10:42:18
    Date (last write): 09/10/2013 12:57:48
    Filesize: 4502400
    Attributes: archive
    MD5: 363732CD59DC6BAE23BFAE6F5C13B6C1
    CRC32: E7FBAAC8
    Version: 6.13.0.13771

    {B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: URLRedirectionBHO
    CLSID name: Office Document Cache Handler
    Path: C:\PROGRA~2\MICROS~3\Office14\
    Long name: URLREDIR.DLL
    Short name:
    Date (created): 06/03/2013 09:37:48
    Date (last access): 26/11/2013 05:02:28
    Date (last write): 06/03/2013 09:37:48
    Filesize: 562904
    Attributes: archive
    MD5: E04A1418B6CAA33EF61F7B4AE826FC94
    CRC32: D4B370E1
    Version: 14.0.7011.1000

    {D4027C7F-154A-4066-A1AD-4243D8127440} (Ask Toolbar BHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: Ask Toolbar BHO
    CLSID name: Ask Toolbar
    Path: C:\Program Files (x86)\Ask.com\
    Long name: GenericAskToolbar.dll

    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files (x86)\Java\jre7\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 11/07/2013 12:06:28
    Date (last access): 08/10/2013 08:47:58
    Date (last write): 08/10/2013 08:47:58
    Filesize: 171944
    Attributes: archive
    MD5: 78964B1DD1264B8D66FBE08F5944868F
    CRC32: C938D74B
    Version: 10.45.2.18

    {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} (WiseConvert)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: WiseConvert
    CLSID name: WiseConvert Toolbar
    Path: C:\Program Files (x86)\WiseConvert\
    Long name: prxtbWis0.dll
    Short name: PRXTBW~2.DLL
    Date (created): 09/05/2011 11:49:38
    Date (last access): 20/01/2013 12:49:30
    Date (last write): 09/05/2011 11:49:38
    Filesize: 176936
    Attributes: archive
    MD5: 4C163BD2A5905D18893EE311608E8C54
    CRC32: 9A305B67
    Version: 6.4.0.0



    --- ActiveX list ---
    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 10.45.2
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files (x86)\Java\jre7\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 11/07/2013 12:06:28
    Date (last access): 08/10/2013 08:47:46
    Date (last write): 08/10/2013 08:47:46
    Filesize: 201640
    Attributes: archive
    MD5: C0357EA482E0F04BA9242D159095FF60
    CRC32: 078C9551
    Version: 10.45.2.18

    {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_37
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files (x86)\Java\jre7\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 11/07/2013 12:06:28
    Date (last access): 08/10/2013 08:47:46
    Date (last write): 08/10/2013 08:47:46
    Filesize: 201640
    Attributes: archive
    MD5: C0357EA482E0F04BA9242D159095FF60
    CRC32: 078C9551
    Version: 10.45.2.18

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 10.45.2
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files (x86)\Java\jre7\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 11/07/2013 12:06:28
    Date (last access): 08/10/2013 08:47:46
    Date (last write): 08/10/2013 08:47:46
    Filesize: 201640
    Attributes: archive
    MD5: C0357EA482E0F04BA9242D159095FF60
    CRC32: 078C9551
    Version: 10.45.2.18



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 4428 (4996) C:\Windows\SysWOW64\Rundll32.exe
    size: 44544
    MD5: 51138BEEA3E2C21EC44D0932C71762A8
    PID: 3600 (2948) C:\Windows\SysWOW64\runonce.exe
    size: 50688
    MD5: D44741F65A1D71F65814A12CF6E2400A
    PID: 4668 (3600) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 3324 (2188) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    size: 465216
    MD5: 8872B78D80682F2BE0A04EB0B3EAF554
    PID: 4532 (2668) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    size: 4293952
    MD5: BA90DF05FA2E9A2C15F3A74825315BD0
    PID: 5008 (4916) C:\Program Files (x86)\Dell DataSafe Local Backup\RPLaunch.exe
    size: 51008
    MD5: B1A4F0DECDAAA62E58011025C0FD63F1
    PID: 5068 (2668) C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    size: 2751808
    MD5: F205CD085B25CFC491908EFE4E8AB8F5
    PID: 4700 (5000) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
    size: 706048
    MD5: B3FBD40304DB227DCF4E7C9580ADB8FB
    PID: 4 ( 0) System
    PID: 352 ( 4) smss.exe
    PID: 456 ( 444) avgrsa.exe
    PID: 492 ( 456) avgcsrva.exe
    PID: 756 ( 748) csrss.exe
    PID: 920 ( 748) wininit.exe
    size: 96256
    PID: 940 ( 928) csrss.exe
    PID: 988 ( 920) services.exe
    PID: 1004 ( 920) lsass.exe
    PID: 1012 ( 920) lsm.exe
    PID: 772 ( 988) svchost.exe
    size: 20992
    PID: 720 ( 928) winlogon.exe
    PID: 1032 ( 988) svchost.exe
    size: 20992
    PID: 1100 ( 988) atiesrxx.exe
    PID: 1160 ( 988) svchost.exe
    size: 20992
    PID: 1196 ( 988) svchost.exe
    size: 20992
    PID: 1232 ( 988) svchost.exe
    size: 20992
    PID: 1272 ( 988) svchost.exe
    size: 20992
    PID: 1320 ( 988) stacsv64.exe
    PID: 1564 ( 988) svchost.exe
    size: 20992
    PID: 1704 (1100) atieclxx.exe
    PID: 1740 (1196) wlanext.exe
    size: 77312
    PID: 1748 ( 756) conhost.exe
    PID: 1868 ( 988) spoolsv.exe
    PID: 1884 (1272) taskeng.exe
    size: 192000
    PID: 1940 ( 988) svchost.exe
    size: 20992
    PID: 1444 ( 988) AbsoluteNotifierService.exe
    PID: 1536 ( 988) avgfws.exe
    PID: 1832 ( 988) avgidsagent.exe
    PID: 1516 ( 988) avgwdsvc.exe
    PID: 2072 ( 988) devmonsrv.exe
    PID: 2156 ( 988) svchost.exe
    size: 20992
    PID: 2232 ( 988) dleacoms.exe
    size: 598696
    PID: 2280 ( 988) EvtEng.exe
    PID: 2324 ( 988) HeciServer.exe
    PID: 2380 ( 988) irstrtsv.exe
    size: 193536
    PID: 2460 ( 988) iSCTAgent.exe
    PID: 2528 ( 988) Jhi_service.exe
    PID: 2600 ( 988) RegSrvc.exe
    PID: 2668 ( 988) SftService.exe
    PID: 2696 ( 988) c2c_service.exe
    PID: 2844 ( 988) svchost.exe
    size: 20992
    PID: 2888 ( 988) WLIDSVC.EXE
    PID: 2984 ( 988) ZeroConfigService.exe
    PID: 3032 ( 988) obexsrv.exe
    PID: 2208 (1516) avgnsa.exe
    PID: 2476 (1516) avgemca.exe
    PID: 3152 (2888) WLIDSVCM.EXE
    PID: 3316 ( 988) SDWinSec.exe
    size: 1153368
    MD5: 794D4B48DFB6E999537C7C3947863463
    PID: 3576 ( 772) unsecapp.exe
    PID: 3720 ( 772) WmiPrvSE.exe
    PID: 4080 ( 988) svchost.exe
    size: 20992
    PID: 2716 ( 988) svchost.exe
    size: 20992
    PID: 4580 ( 988) BTHSAmpPalService.exe
    PID: 4636 ( 988) BTHSSecurityMgr.exe
    PID: 4796 (4764) GoogleUpdate.exe
    PID: 4848 ( 988) IAStorDataMgrSvc.exe
    PID: 4904 ( 988) LMS.exe
    PID: 5020 ( 988) NASvc.exe
    PID: 5060 ( 988) NOBuAgent.exe
    PID: 2180 ( 988) wmpnetwk.exe
    PID: 360 ( 988) SearchIndexer.exe
    size: 427520
    PID: 4404 (2208) avgcsrva.exe
    PID: 3548 ( 988) UNS.exe
    PID: 4784 ( 988) C:\Windows\System32\taskhost.exe
    PID: 4300 (5060) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    size: 3381600
    MD5: B5CA78F6CDDCB08DEB51D352EE674297
    PID: 4996 (1272) C:\Windows\System32\taskeng.exe
    size: 192000
    MD5: 4F2659160AFCCA990305816946F69407
    PID: 4140 (1196) C:\Windows\System32\dwm.exe
    PID: 4840 (5104) C:\Windows\explorer.exe
    size: 2871808
    MD5: 332FEAB1435662FC6C672E25BEB37BE3
    PID: 2948 (4840) C:\Windows\System32\runonce.exe
    size: 50688
    MD5: D44741F65A1D71F65814A12CF6E2400A
    PID: 5000 (1272) C:\Windows\System32\taskeng.exe
    size: 192000
    MD5: 4F2659160AFCCA990305816946F69407


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 14/01/2014 09:37:40

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    about:blank
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://dell13.msn.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\SysWOW64\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://go.microsoft.com/fwlink/p/?LinkId=255141
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/p/?LinkId=255141
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896


    --- Winsock Layered Service Provider list ---
    Namespace Provider 1: E-mail Naming Shim Provider
    GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename:

    Namespace Provider 2: PNRP Cloud Namespace Provider
    GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 3: PNRP Name Namespace Provider
    GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 7: WindowsLive NSP
    GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
    Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

    Namespace Provider 8: WindowsLive Local NSP
    GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
    Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL



    --- Uninstall list ---
    Intel(R) Rapid Start Technology 1.0.0.1024 (3D073343-CEEB-4ce7-85AC-A69A7631B5D6)
    version (major): 1
    install location: C:\Program Files (x86)\Intel\irstrt
    uninstall cmd: C:\Program Files (x86)\Intel\irstrt\Uninstall\setup.exe -uninstall
    publisher: Intel Corporation

    (AddressBook)

    Adobe AIR 2.6.0.19120 (Adobe AIR)
    version (major): 2
    version (minor): 6
    install location: C:\Program Files (x86)\Common Files\Adobe AIR\
    uninstall cmd: C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    publisher: Adobe Systems Incorporated

    Adobe Flash Player 11 ActiveX 11.3.300.265 (Adobe Flash Player ActiveX)
    version (major): 11
    version (minor): 3
    estimated size: 6144
    uninstall cmd: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe -maintain activex
    publisher: Adobe Systems Incorporated
    help link: http://www.adobe.com/go/flashplayer_support/

    Advanced Audio FX Engine 1.12.05 (Advanced Audio FX Engine)
    version: 17563653
    install location: C:\Program Files (x86)\Creative Live! Cam\AudioFX
    uninstall cmd: RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
    publisher: Creative Technology Ltd

    (Connection Manager)

    Dell Webcam Central 2.01.15 (Dell Webcam Central)
    version: 33619983
    install location: C:\Program Files (x86)\Dell Webcam\Dell Webcam Central
    uninstall cmd: RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x9 /remove
    publisher: Creative Technology Ltd

    (DirectDrawEx)

    ERUNT 1.1j (ERUNT_is1)
    install location: C:\Users\scotty\Desktop\ERUNT\
    uninstall cmd: C:\Users\scotty\Desktop\ERUNT\unins000.exe
    publisher: Lars Hederer
    help link: http://www.larshederer.homepage.t-online.de/erunt

    (Fontcore)

    Google Chrome 31.0.1650.63 (Google Chrome)
    version (major): 1650
    version (minor): 63
    install date: 20130206
    install location: C:\Program Files (x86)\Google\Chrome\Application
    uninstall cmd: "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
    publisher: Google Inc.

    (IE40)

    (IE4Data)

    (IE5BAKEX)

    (IEData)

    (InstallShield Uninstall Information)

    Dell VideoStage 1.3.0.2513 (InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F})
    version: 16973824
    version (major): 1
    version (minor): 3
    estimated size: 138858
    install date: 20121026
    install location: c:\Program Files (x86)\Dell\VideoStage\
    uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\setup.exe" /z-uninstall
    publisher: CyberLink Corp.
    help link: http://support.gocyberlink.com/
    help telephone: +886-2-86671298

    K-Lite Codec Pack 7.0.0 (Standard) 7.0.0 (KLiteCodecPack_is1)
    estimated size: 37848
    install date: 20130127
    install location: C:\Program Files (x86)\K-Lite Codec Pack\
    uninstall cmd: "C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"

    (MobileOptionPack)

    MuseScore 1.3 1.3.0 (MuseScore)
    uninstall cmd: C:\Program Files (x86)\MuseScore\Uninstall.exe
    publisher: Werner Schweer and Others
    contact: ws@wschweer.de
    help link: http://www.musescore.org/

    Microsoft Office Professional Plus 2010 14.0.7015.1000 (Office14.PROPLUSR)
    install location: C:\Program Files (x86)\Microsoft Office
    uninstall cmd: "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
    publisher: Microsoft Corporation

    (SchedulingAgent)

    SpeedItup Free 7.85 (SpeedItup Free_is1)
    estimated size: 9730
    install date: 20130127
    install location: C:\Program Files (x86)\SpeedItup Free\
    uninstall cmd: "C:\Program Files (x86)\SpeedItup Free\unins000.exe"
    publisher: SMicroSmarts LLC

    (WIC)

    WildTangent Games 1.0.2.5 (WildTangent dell Master Uninstall)
    install location: C:\Program Files (x86)\WildTangent\Dell Games
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Uninstall.exe"
    publisher: WildTangent
    comments: OEM setup version DELL0903

    9.3.0.6 (WildTangentGameProvider-dell-genres)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\Uninstall.exe"
    publisher: WildTangent, Inc.

    9.3.0.6 (WildTangentGameProvider-dell-main)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - main
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Game Explorer Categories - main\Uninstall.exe"
    publisher: WildTangent, Inc.

    Windows Live Essentials 15.4.3508.1109 (WinLiveSuite)
    install location: C:\Program Files (x86)\Windows Live\
    uninstall cmd: C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
    publisher: Microsoft Corporation

    WiseConvert Toolbar 6.9.0.16 (WiseConvert Toolbar)
    uninstall cmd: C:\Program Files (x86)\WiseConvert\uninstall.exe toolbar
    publisher: WiseConvert
    help link: http://WiseConvert.OurToolbar.com/help

    Bejeweled 2 Deluxe 2.2.0.95 (WT089409)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Bejeweled 2 Deluxe
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Bejeweled 2 Deluxe\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Blackhawk Striker 2 2.2.0.95 (WT089410)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Blackhawk Striker 2
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Blackhawk Striker 2\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Build-a-lot 2 2.2.0.95 (WT089411)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Build-a-lot 2
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Build-a-lot 2\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Cake Mania 2.2.0.95 (WT089412)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Cake Mania
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Cake Mania\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Chuzzle Deluxe 2.2.0.95 (WT089413)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Chuzzle Deluxe
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Chuzzle Deluxe\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Diner Dash 2 Restaurant Rescue 2.2.0.95 (WT089414)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Diner Dash 2 Restaurant Rescue
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Dora's World Adventure 2.2.0.95 (WT089415)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Dora's World Adventure
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Dora's World Adventure\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    FATE 2.2.0.95 (WT089418)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\FATE
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\FATE\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Jewel Quest 2.2.0.95 (WT089420)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Jewel Quest
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Jewel Quest\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Jewel Quest Solitaire 2 2.2.0.95 (WT089422)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Jewel Quest Solitaire 2
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Jewel Quest Solitaire 2\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Poker Superstars III 2.2.0.95 (WT089426)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Poker Superstars III
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Poker Superstars III\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Virtual Villagers 4 - The Tree of Life 2.2.0.95 (WT089430)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Virtual Villagers 4 - The Tree of Life
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Virtual Villagers 4 - The Tree of Life\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Polar Golfer 2.2.0.95 (WT089433)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Polar Golfer
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Polar Golfer\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Escape Whisper Valley (TM) 2.2.0.95 (WT089434)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Escape Whisper Valley (TM)
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Escape Whisper Valley (TM)\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Namco All-Stars PAC-MAN 2.2.0.95 (WT089440)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Namco All-Stars PAC-MAN
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Namco All-Stars PAC-MAN\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Bounce Symphony 2.2.0.95 (WT089443)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Bounce Symphony
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Bounce Symphony\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Final Drive Nitro 2.2.0.95 (WT089444)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Final Drive Nitro
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Final Drive Nitro\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Penguins! 2.2.0.95 (WT089445)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Penguins!
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Penguins!\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Wedding Dash - Ready, Aim, Love! 2.2.0.95 (WT089446)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Wedding Dash - Ready, Aim, Love!
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Wedding Dash - Ready, Aim, Love!\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Zuma Deluxe 2.2.0.95 (WT089448)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Zuma Deluxe
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Zuma Deluxe\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Farm Frenzy 2.2.0.95 (WT089450)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Farm Frenzy
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Farm Frenzy\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Plants vs. Zombies - Game of the Year 2.2.0.95 (WT089452)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Plants vs. Zombies - Game of the Year
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Plants vs. Zombies - Game of the Year\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Final Drive Fury 2.2.0.95 (WT089499)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Final Drive Fury
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Final Drive Fury\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Samantha Swift 2.2.0.95 (WT089503)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Samantha Swift
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Samantha Swift\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Luxor 2.2.0.95 (WT089507)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Luxor
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Luxor\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Polar Bowler 2.2.0.95 (WT089508)
    install location: C:\Program Files (x86)\WildTangent\Dell Games\Polar Bowler
    uninstall cmd: "C:\Program Files (x86)\WildTangent\Dell Games\Polar Bowler\Uninstall.exe"
    publisher: WildTangent
    comments: Distributed by WildTangent, Inc.

    Zinio Reader 4 4.2.4164 (ZinioReader4)
    install location: C:\Program Files (x86)\Zinio Reader 4\
    uninstall cmd: msiexec /qb /x {7FB00B6B-6843-97EC-EED6-78BD6D35370A}
    publisher: Zinio LLC

    Catalyst Control Center 2012.0319.239.2671 ({0225D395-ADEC-76AC-9E63-3232EC84D048})
    version (major): 2012
    version (minor): 319
    estimated size: 46137
    install date: 20121026
    install location: c:\Program Files (x86)\ATI Technologies\
    install source: c:\dell\DHR2G\Packages\Apps\CCC2\Core-Static\
    publisher: Advanced Micro Devices, Inc.
    contact: AMD Customer Support
    help link: http://support.amd.com
    help telephone: 905-882-2600

    Dell Toolbar 1.8.12.0 ({09B71986-2AC5-482d-B6CB-42EA34F4F85B})
    uninstall cmd: regsvr32.exe /s /u "C:\Program Files\Dell Printable Web\toolband.dll"

    CCC Help Swedish 2012.0319.0238.2671 ({0A027644-0CF1-9862-D9C1-CA597C67AA81})
    version (major): 2012
    version (minor): 319
    estimated size: 459
    install date: 20121026
    install location: c:\Program Files (x86)\ATI Technologies\
    install source: c:\dell\DHR2G\Packages\Apps\CCC2\Help\sv\
    publisher: Advanced Micro Devices, Inc.
    contact: AMD Customer Support
    help link: http://support.amd.com
    help telephone: 905-882-2600

    Windows Live Installer 15.4.3502.0922 ({0B0F231F-CE6A-483D-AA23-77B364F75917})
    version: 251923886
    version (major): 15
    version (minor): 4
    estimated size: 10300
    install date: 20121026
    install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\a89868321cdb3f510\
    uninstall cmd: MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
    publisher: Microsoft Corporation

    Dell DataSafe Local Backup 9.4.67 ({0ED7EE95-6A97-47AA-AD73-152C08A15B04})
    version: 151257155
    install date: 20121026
    install location: C:\Program Files (x86)\Dell DataSafe Local Backup
    install source: C:\dell\F214K\app\setup.exe
    uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\setup.exe" -runfromtemp -l0x0009 -removeonly
    publisher: Dell Inc.

    Windows Live Movie Maker 15.4.3502.0922 ({19BA08F7-C728-469C-8A35-BFBD3633BE08})
    version: 251923886
    version (major): 15
    version (minor): 4
    estimated size: 172
    install date: 20121026
    install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\adec5caf1cdb3f53b\
    uninstall cmd: MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
    publisher: Microsoft Corporation

    ({1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757)

    ({1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173)

    ({1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860)

    ({1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655)

    ({1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743)

    ({1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063)

    ({1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 9.0.30729.4148 ({1F1C2DFC-2D24-3E06-BCB8-725134ADF989})
    version: 151025673
    version (major): 9
    estimated size: 596
    install date: 20121026
    install source: C:\550b113418025d171c37a206c559\
    uninstall cmd: MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
    publisher: Microsoft Corporation

    Junk Mail filter update 15.4.3502.0922 ({1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4})
    version: 251923886
    version (major): 15
    version (minor): 4
    estimated size: 3512
    install date: 20121026
    install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\a9d4ff361cdb3f51d\
    uninstall cmd: MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
    publisher: Microsoft Corporation

    Windows Live SOXE Definitions 15.4.3502.0922 ({200FEC62-3C34-4D60-9CE8-EC372E01C08F})
    version: 251923886
    version (major): 15
    version (minor): 4
    estimated size: 104
    install date: 20121026
    install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\a8e6f59b1cdb3f514\
    uninstall cmd: MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
    publisher: Microsoft Corporation

    CCC Help Italian 2012.0319.0238.2671 ({22CE7C3F-4952-8B46-54C3-8390BC0724B4})
    version (major): 2012
    version (minor): 319
    estimated size: 471
    install date: 20121026
    install location: c:\Program Files (x86)\ATI Technologies\
    install source: c:\dell\DHR2G\Packages\Apps\CCC2\Help\it\
    publisher: Advanced Micro Devices, Inc.
    contact: AMD Customer Support
    help link: http://support.amd.com
    help telephone: 905-882-2600

    Intel(R) USB 3.0 eXtensible Host Controller Driver 1.0.4.225 ({240C3DDD-C5E9-4029-9DF7-95650D040CF2})
    version (major): 1
    estimated size: 18942
    install location: C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver
    uninstall cmd: C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall
    publisher: Intel Corporation

    Nero Core Components 10 2.0.20500.9.16 ({2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F})
    version: 33574932
    version (major): 2
    estimated size: 7980
    install date: 20121026
    install location: C:\Program Files (x86)\Nero\
    install source: C:\dell\2y65v\install_files\applications\corecomponents\
    uninstall cmd: MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
    publisher: Nero AG

    CCC Help German 2012.0319.0238.2671 ({2516CD06-49E8-1851-834E-D190304B34DA})
    version (major): 2012
    version (minor): 319
    estimated size: 491
    install date: 20121026
    install location: c:\Program Files (x86)\ATI Technologies\
    install source: c:\dell\DHR2G\Packages\Apps\CCC2\Help\de\
    publisher: Advanced Micro Devices, Inc.
    contact: AMD Customer Support
    help link: http://support.amd.com
    help telephone: 905-882-2600

    Java(TM) 6 Update 37 6.0.370 ({26A24AE4-039D-4CA4-87B4-2F83216037FF})
    version: 100663666
    version (major): 6
    estimated size: 98095
    install date: 20121103
    install location: C:\Program Files (x86)\Java\jre6\
    install source: C:\Users\scotty\AppData\LocalLow\Sun\Java\jre1.6.0_37\
    uninstall cmd: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216037FF}
    publisher: Oracle
    contact: http://java.com
    help link: http://java.com
    readme: C:\Program Files (x86)\Java\jre6\README.txt

    Java 7 Update 45 7.0.450 ({26A24AE4-039D-4CA4-87B4-2F83217025FF})
    version: 117440762
    version (major): 7
    estimated size: 132403
    install date: 20130711
    install location: C:\Program Files (x86)\Java\jre7\
    install source: C:\Users\scotty\AppData\LocalLow\Sun\Java\jre1.7.0_25\
    uninstall cmd: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217025FF}
    publisher: Oracle
    contact: http://java.com
    help link: http://java.com
    readme: C:\Program Files (x86)\Java\jre7\README.txt

    ({26A24AE4-039D-4CA4-87B4-2F83217045FB})

    Windows Live Mesh ActiveX Control for Remote Connections 15.4.5722.2 ({2902F983-B4C1-44BA-B85D-5C6D52E2C441})
    version: 251926106
    version (major): 15
    version (minor): 4
    estimated size: 5708
    install date: 20121026
    install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\adfaa4f01cdb3f53e\
    uninstall cmd: MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
    publisher: Microsoft Corporation

    CCC Help Japanese 2012.0319.0238.2671 ({2C40ACF7-C3A9-E39C-47E1-FD4A58E60C29})
    version (major): 2012
    version (minor): 319
    estimated size: 523
    install date: 20121026
    install location: c:\Program Files (x86)\ATI Technologies\
    install source: c:\dell\DHR2G\Packages\Apps\CCC2\Help\ja\
    publisher: Advanced Micro Devices, Inc.
    contact: AMD Customer Support
    help link: http://support.amd.com
    help telephone: 905-882-2600

    Update Installer for WildTangent Games App ({2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App)
    install location: C:\Program Files (x86)\WildTangent Games\App
    uninstall cmd: "C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe"
    publisher: WildTangent
    help link: http://support.wildgames.com

    Windows Live Photo Gallery 15.4.3502.0922 ({3336F667-9049-4D46-98B6-4C743EEBC5B1})
    version: 251923886
    version (major): 15
    version (minor): 4
    estimated size: 46992
    install date: 20121026
    install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\ab6747c41cdb3f525\
    uninstall cmd: MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
    publisher: Microsoft Corporation

    Windows Live Photo Gallery 15.4.3502.0922 ({34F4D9A4-42C2-4348-BEF4-E553C84549E7})
    version: 251923886
    version (major): 15
    version (minor): 4
    estimated size: 6180
    install date: 20121026
    install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\adc3e54a1cdb3f539\
    uninstall cmd: MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
    publisher: Microsoft Corporation

    CCC Help Portuguese 2012.0319.0238.2671 ({35D47697-42E1-ED74-5904-FC04731EBE06})
    version (major): 2012
    version (minor): 319
    estimated size: 475
    install date: 20121026
    install location: c:\Program Files (x86)\ATI Technologies\
    install source: c:\dell\DHR2G\Packages\Apps\CCC2\Help\pt-BR\
    publisher: Advanced Micro Devices, Inc.
    contact: AMD Customer Support
    help link: http://support.amd.com
    help telephone: 905-882-2600

    CCC Help Finnish 2012.0319.0238.2671 ({3B522C13-372A-685E-F2A0-02A761AF5DB2})
    version (major): 2012
    version (minor): 319
    estimated size: 459
    install date: 20121026
    install location: c:\Program Files (x86)\ATI Technologies\
    install source: c:\dell\DHR2G\Packages\Apps\CCC2\Help\fi\
    publisher: Advanced Micro Devices, Inc.
    contact: AMD Customer Support
    help link: http://support.amd.com
    help telephone: 905-882-2600

    Dell MusicStage 1.6.225.0 ({3BD7DD08-991B-4A2F-A165-614ED14EAADD})
    version: 17170657
    version (major): 1
    version (minor): 6
    install date: 20121026
    install location: C:\Program Files (x86)\Dell Stage\MusicStage\
    uninstall cmd: MsiExec.exe /X{3BD7DD08-991B-4A2F-A165-614ED14EAADD}
    publisher: Fingertapps
    comments: This installer database contains the logic and data required to install MusicStage.

    Intel(R) Rapid Storage Technology 11.1.0.1006 ({3E29EE6C-963A-4aae-86C1-DC237C4A49FC})
    version (major): 11
    version (minor): 1
    estimated size: 18942
    install location: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology
    uninstall cmd: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
    publisher: Intel Corporation

    SyncUP 1.12.12400.17.102 ({40F06490-8C14-43AA-99D3-EEEFDBAC3CFC})
    version: 17576048
    version (major): 1
    version (minor): 12
    estimated size: 205485
    install date: 20130402
    install location: C:\Program Files (x86)\Nero\
    install source: C:\ProgramData\Nero\Agent\Repository\{DF7EBE00-B52E-4BB2-AA7D-7CB21312AB21}\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}\1.12.12400\
    uninstall cmd: MsiExec.exe /X{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}
    publisher: Nero AG

    Blio 3.2.9594 ({431E2654-B0A4-4140-82A2-DD55B028B626})
    version: 50472314
    version (major): 3
    version (minor): 2
    estimated size: 81033
    install date: 20121031
    install location: C:\Program Files (x86)\K-NFB Reading Technology Inc\
    install source: C:\Users\scotty\AppData\Local\Downloaded Installations\{0C6F5E3A-BFD9-468B-9E5C-4999C65DB549}\
    uninstall cmd: MsiExec.exe /X{431E2654-B0A4-4140-82A2-DD55B028B626}
    publisher: K-NFB Reading Technology, Inc.
    contact: support@knfbreading.com
    help telephone: 877 547 1500

    Java Auto Updater 2.1.9.8 ({4A03706F-666A-4037-7777-5F2748764D10})
    version: 33619977
    version (major): 2
    version (minor): 1
    estimated size: 1214
    install date: 20131019
    install source: C:\Users\scotty\AppData\LocalLow\Sun\Java\AU\
    publisher: Sun Microsystems, Inc.

    Skype™ 6.11 6.11.102 ({4E76FF7E-AEBA-4C87-B788-CD47E5425B9D})
    version: 101384294
    version (major): 6
    version (minor): 11
    estimated size: 27847
    install date: 20131206
    install location: C:\Program Files (x86)\Skype\
    install source: C:\ProgramData\Skype\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\
    uninstall cmd: MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
    publisher: Skype Technologies S.A.
    help link: http://ui.skype.com/ui/0/6.11.0.102/en/help

    PowerXpressHybrid 1.00.0000 ({51FDC2DE-0917-46B7-EAEC-5377504701DE})
    version: 16777216
    version (major): 1
    estimated size: 7
    install date: 20121026
    install location: c:\Program Files (x86)\ATI Technologies\
    install source: c:\dell\DHR2G\Packages\Apps\CCC2\PowerXpressHybrid\
    uninstall cmd: MsiExec.exe /I{51FDC2DE-0917-46B7-EAEC-5377504701DE}
    publisher: Advanced Micro Devices, Inc.
    contact: AMD Customer Support
    help link: http://support.amd.com
    help telephone: 905-882-2600

    Nero ControlCenter 10 Help (CHM) 10.2.10800 ({523B2B1B-D8DB-4B41-90FF-C4D799E2758A})
    version: 167914032
    version (major): 10
    version (minor): 2
    estimated size: 3246
    install date: 20121026
    install location: C:\Program Files (x86)\Nero\
    install source: C:\dell\2y65v\install_files\applications\controlcenterhelpchm\
    uninstall cmd: MsiExec.exe /X{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}
    publisher: Nero AG

    Windows Live UX Platform Language Pack 15.4.3508.1109 ({579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4})
    version: 251923892
    version (major): 15
    version (minor): 4
    estimated size: 28
    install date: 20121026
    install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\ad1ae3971cdb3f52e\
    uninstall cmd: MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
    publisher: Microsoft Corporation

    PX Profile Update 1.00.1. ({5A27CB1D-7A41-6926-9810-00D8214EAB80})
    version: 16777217
    version (major): 1
    estimated size: 512
    install date: 20121026
    install location: c:\Program Files (x86)\ATI Technologies\
    install source: c:\dell\DHR2G\Packages\Apps\PXProfile\
    publisher: AMD

    CCC Help English 2012.0319.0238.2671 ({61EF4A3D-2D5B-3C5C-0C99-DF567F2581F4})
    version (major): 2012
    version (minor): 319
    estimated size: 463
    install date: 20121026
    install location: c:\Program Files (x86)\ATI Technologies\
    install source: c:\dell\DHR2G\Packages\Apps\CCC2\Help\en-us\
    publisher: Advanced Micro Devices, Inc.
    contact: AMD Customer Support
    help link: http://support.amd.com
    help telephone: 905-882-2600

    Intel(R) Management Engine Components 8.0.4.1441 ({65153EA5-8B6E-43B6-857B-C6E4FC25798A})
    version (major): 8
    estimated size: 20959
    install location: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components
    uninstall cmd: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
    publisher: Intel Corporation

    Nero Update 11.0.11800.31.0 ({65BB0407-4CC8-4DC7-952E-3EEFDF05602A})
    version: 184561176
    version (major): 11
    estimated size: 3092
    install date: 20130320
    install location: C:\Program Files (x86)\Nero\
    install source: C:\ProgramData\Nero\Agent\Repository\{6A536445-D10A-4006-8AA5-2FFCEF1A1101}\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}\11.0.31.0\
    uninstall cmd: MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
    publisher: Nero AG

    Windows Live SOXE 15.4.3502.0922 ({682B3E4F-696A-42DE-A41C-4C07EA1678B4})
    version: 251923886
    version (major): 15
    version (minor): 4
    estimated size: 292
    install date: 20121026
    install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\a8ebb85b1cdb3f515\
    uninstall cmd: MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
    publisher: Microsoft Corporation

    Catalyst Control Center InstallProxy 2012.0319.239.2671 ({6A38D558-9D5E-9266-6143-07805FD559FE})
    version (major): 2012
    version (minor): 319
    estimated size: 281
    install date: 20121026
    install location: c:\Program Files (x86)\ATI Technologies\
    install source: c:\dell\DHR2G\Packages\Apps\CCC2\MOM-InstallProxy\
    publisher: Advanced Micro Devices, Inc.
    contact: AMD Customer Support
    help link: http://support.amd.com
    help telephone: 905-882-2600

    CCC Help French 2012.0319.0238.2671 ({6CE671FF-DAD0-2A5D-C707-6C2D018EA25C})
    version (major): 2012
    version (minor): 319
    estimated size: 483
    install date: 20121026
    install location: c:\Program Files (x86)\ATI Technologies\
    install source: c:\dell\DHR2G\Packages\Apps\CCC2\Help\fr\
    publisher: Advanced Micro Devices, Inc.
    contact: AMD Customer Support
    help link: http://support.amd.com
    help telephone: 905-882-2600

    Nero Control Center 10 10.6.13000.0.11 ({6DFB899F-17A2-48F0-A533-ED8D6866CF38})
    version: 168178376
    version (major): 10
    version (minor): 6
    estimated size: 9412
    install date: 20130402
    install location: C:\Program Files (x86)\Nero\
    install source: C:\ProgramData\Nero\Agent\Repository\{3DEBC5B2-FD93-4492-A6B3-4F2C7943F34C}\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}\10.6.13000\
    uninstall cmd: MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38}
    publisher: Nero AG

    WildTangent Games App (Dell Games) 4.0.10.5 ({70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell)
    version (major): 4
    install location: C:\Program Files (x86)\WildTangent Games\App
    uninstall cmd: "C:\Program Files (x86)\WildTangent Games\Touchpoints\dell\Uninstall.exe"
    publisher: WildTangent
    help link: http://www.wildtangent.com/support?dp=delld

    Microsoft Visual C++ 2005 Redistributable 8.0.61001 ({710f4c1c-cc18-4c49-8cbf-51240c89a1a2})
    version: 134278729
    version (major): 8
    estimated size: 300
    install date: 20121104
    install source: C:\Windows\TEMP\IXP000.TMP\
    uninstall cmd: MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
    publisher: Microsoft Corporation

    Dell Getting Started Guide 1.00.0000 ({7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045})
    version: 16777216
    version (major): 1
    install date: 20121026
    install location: C:\Program Files (x86)\Dell\Dell Welcome\
    uninstall cmd: MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
    publisher: Dell Inc.

    Zinio Reader 4 4.2.4164 ({7FB00B6B-6843-97EC-EED6-78BD6D35370A})
    version: 67244100
    version (major): 4
    version (minor): 2
    estimated size: 4970
    install date: 20121026
    install location: C:\Program Files (x86)\Zinio Reader 4
    install source: C:\Users\Administrator\AppData\Local\Temp\fla7742.tmp\
    uninstall cmd: MsiExec.exe /I{7FB00B6B-6843-97EC-EED6-78BD6D35370A}
    publisher: Zinio LLC

    Windows Live Messenger 15.4.3502.0922 ({80956555-A512-4190-9CAD-B000C36D6B6B})
    version: 251923886
    version (major): 15
    version (minor): 4
    estimated size: 11432
    install date: 20121026
    install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\ad4ce07c1cdb3f533\
    uninstall cmd: MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
    publisher: Microsoft Corporation

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 9.0.30729 ({820B6609-4C97-3A2B-B644-573B06A0F0CC})
    version: 151025673
    version (major): 9
    estimated size: 608
    install date: 20121026
    install source: c:\2e1b4b6816b0d480fa05d0b3fcbd9f\
    uninstall cmd: MsiExec.exe /X{820B6609-4C97-3A2B-B644-573B06A0F0CC}
    publisher: Microsoft Corporation

    Windows Live PIMT Platform 15.4.3508.1109 ({83C292B7-38A5-440B-A731-07070E81A64F})
    version: 251923892
    version (major): 15
    version (minor): 4
    estimated size: 2112
    install date: 20121026
    install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\a9142fc01cdb3f519\
    uninstall cmd: MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
    publisher: Microsoft Corporation

  2. #2
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi and Welcome!! Zanny

    My name is Robybel.

    I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.


    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


    Vista and Windows 7 users:

    These tools MUST be run from the executable. (.exe) every time you run them
    with Admin Rights (Right click, choose "Run as Administrator")


    Stay with this topic until I give you the all clean post.

    Having said that....Let's get going!!

    ========================

    Scan with OTL
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in


      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      services.exe
      /md5stop
      %systemroot%\*. /rp /s
      %systemdrive%\$Recycle.Bin|@;true;true;true /fp
      DRIVES
      CREATERESTOREPOINT

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.


    =============================== Next =======================================


    Please download aswMBR.exe and save it to your desktop.
    • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
    • Allow it to update where necessary
    • Click Scan

      • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
      • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


    On your next reply please post :
    • OTL.txt
    • Extras.txt
    • aswMBR log

    Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  3. #3
    Junior Member
    Join Date
    Jan 2014
    Posts
    12

    Default from zanny

    Thanks for getting back to me, sorry for the delay I closed the web browser to run OTL and couldnt log back in!

    Please find below

    OTL
    OTL logfile created on: 14/01/2014 11:37:09 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\scotty\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16428)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    7.87 Gb Total Physical Memory | 5.63 Gb Available Physical Memory | 71.52% Memory free
    15.74 Gb Paging File | 12.86 Gb Available in Paging File | 81.72% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 216.62 Gb Total Space | 131.15 Gb Free Space | 60.54% Space Free | Partition Type: NTFS

    Computer Name: SCOTTY-PC | User Name: scotty | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\scotty\Downloads\OTL (1).exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
    PRC - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
    PRC - C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Intel)
    PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe (Nero AG)
    PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
    PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe ()
    PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
    PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
    PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
    PRC - C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe (Absolute Software)
    PRC - C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
    PRC - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Users\scotty\Desktop\ERUNT\AUTOBACK.EXE ()


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\c94852f43f7ac59fcbe4c54b119788d2\System.ServiceModel.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\96afc74588c6581e299884469ea0dced\System.Xml.Linq.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a42743bb1ed71d59b6594b67cf6c9384\System.IdentityModel.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4774201dc923674852e089053f76e76e\System.ServiceModel.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\08d05898be584065b797a6dd48d9ad56\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c5f2c02bd940c74019ed4a183c7830c0\System.WorkflowServices.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1327ad2637aab17189c5461fbf30dc19\SMDiagnostics.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\591b99d5681c59ed6c5e9544d7def0ea\IAStorUtil.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
    MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
    MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe ()
    MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
    MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll ()
    MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll ()
    MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll ()
    MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll ()
    MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
    MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
    MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
    MOD - C:\Program Files (x86)\Dell\Stage Remote\DataService.dll ()
    MOD - C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll ()
    MOD - C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Polar Bowler\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Luxor\GDF.dll ()
    MOD - C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
    MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Samantha Swift\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Final Drive Fury\GDF.dll ()
    MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
    MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Plants vs. Zombies - Game of the Year\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Farm Frenzy\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Zuma Deluxe\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Wedding Dash - Ready, Aim, Love!\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Penguins!\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Final Drive Nitro\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Bounce Symphony\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Namco All-Stars PAC-MAN\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Escape Whisper Valley (TM)\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Polar Golfer\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Virtual Villagers 4 - The Tree of Life\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Poker Superstars III\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Jewel Quest Solitaire 2\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Jewel Quest\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\FATE\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Dora's World Adventure\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Diner Dash 2 Restaurant Rescue\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Chuzzle Deluxe\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Cake Mania\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Build-a-lot 2\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Blackhawk Striker 2\GDF.dll ()
    MOD - C:\Program Files (x86)\WildTangent\Dell Games\Bejeweled 2 Deluxe\GDF.dll ()
    MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadrs.dll ()
    MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll ()
    MOD - C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll ()
    MOD - C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll ()
    MOD - C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll ()
    MOD - C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll ()
    MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll ()
    MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll ()
    MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll ()
    MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll ()
    MOD - C:\Program Files (x86)\Dell V310-V510 Series\DLEAcfg.dll ()
    MOD - C:\Program Files (x86)\Dell V310-V510 Series\epoemdll.dll ()
    MOD - C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll ()
    MOD - C:\Program Files (x86)\Dell V310-V510 Series\epwizres.dll ()
    MOD - C:\Program Files (x86)\Dell V310-V510 Series\epwizard.dll ()
    MOD - C:\Program Files (x86)\Dell V310-V510 Series\customui.dll ()
    MOD - C:\Program Files (x86)\Dell V310-V510 Series\epfunct.dll ()
    MOD - C:\Program Files (x86)\Dell V310-V510 Series\eputil.dll ()
    MOD - C:\Program Files (x86)\Dell V310-V510 Series\imagutil.dll ()
    MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll ()
    MOD - C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll ()
    MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll ()
    MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll ()
    MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll ()
    MOD - C:\Windows\SysWOW64\DLEAsmr.dll ()
    MOD - C:\Windows\SysWOW64\DLEAsm.dll ()
    MOD - C:\Users\scotty\Desktop\ERUNT\AUTOBACK.EXE ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
    SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
    SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
    SRV:64bit: - (ISCTAgent) -- c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ()
    SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
    SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
    SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
    SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV:64bit: - (dlea_device) -- C:\Windows\SysNative\dleacoms.exe ( )
    SRV:64bit: - (dleaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe ()
    SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (GamesAppIntegrationService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent)
    SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
    SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
    SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
    SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
    SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
    SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
    SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
    SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
    SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
    SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
    SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    SRV - (AbsoluteNotifier) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe (Absolute Software)
    SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
    SRV - (dleaCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe ()
    SRV - (dlea_device) -- C:\Windows\SysWOW64\dleacoms.exe ( )
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (WPRO_41_2001) -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys ()
    DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation)
    DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\drivers\irstrtdv.sys (Intel Corporation)
    DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
    DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
    DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
    DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\drivers\Smb_driver.sys (Synaptics Incorporated)
    DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
    DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
    DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
    DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD64.sys ()
    DRV:64bit: - (imsevent) -- C:\Windows\SysNative\drivers\imsevent.sys ()
    DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\drivers\ikbevent.sys ()
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
    DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
    DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
    DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
    DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
    DRV - (GENERICDRV) -- C:\Users\scotty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I6RB1DGY\amifldrv64.sys ()
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F08F8B05-D76E-4149-BCDD-864B27844B1D}
    IE:64bit: - HKLM\..\SearchScopes\{F08F8B05-D76E-4149-BCDD-864B27844B1D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {F08F8B05-D76E-4149-BCDD-864B27844B1D}
    IE - HKLM\..\SearchScopes\{F08F8B05-D76E-4149-BCDD-864B27844B1D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes,DefaultScope = {14FBB070-78F8-4CC2-BC1A-B60AFF97B143}
    IE - HKCU\..\SearchScopes\{14FBB070-78F8-4CC2-BC1A-B60AFF97B143}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
    IE - HKCU\..\SearchScopes\{84F214D6-11DC-402E-9F7E-E8263F24A71B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYGB&apn_uid=C9C61F15-5D6F-494E-8721-DAF1E5A9719B&apn_sauid=E55959EF-A147-4ECF-A65A-A84919CA536A
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\scotty\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found


    [2012/11/19 11:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - default_search_provider: Ask (Enabled)
    CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=C9C61F15-5D6F-494E-8721-DAF1E5A9719B&apn_ptnrs=U3&apn_sauid=E55959EF-A147-4ECF-A65A-A84919CA536A&apn_dtid=OSJ000YYGB&q={searchTerms}
    CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms},
    CHR - homepage:
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
    CHR - plugin: BrowserProtect (Enabled) = C:\Users\scotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: Skype Click to Call = C:\Users\scotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
    CHR - Extension: Google Wallet = C:\Users\scotty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

    O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (WiseConvert Toolbar) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files (x86)\WiseConvert\prxtbWis0.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
    O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
    O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
    O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelMyWiFiDashboard] C:\Program Files\Intel\WiFi\bin\CCDashServer.exe (Intel® Corporation)
    O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Absolute Notifier] C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)
    O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" File not found
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
    O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
    O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
    O4 - HKLM..\Run: [SpeetItUpFree] C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe (MicroSmarts LLC.)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    O4 - HKCU..\Run: [BackgroundContainer] C:\Users\scotty\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
    O4 - HKCU..\Run: [Facebook Update] "C:\Users\scotty\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
    O4 - Startup: C:\Users\scotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Users\scotty\Desktop\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.45.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.45.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E799692-0B83-4D38-807C-4B4744A13ADD}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/01/14 07:49:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2014/01/14 07:47:03 | 000,000,000 | ---D | C] -- C:\Users\scotty\Desktop\ERUNT
    [2014/01/14 07:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2014/01/13 19:45:28 | 000,000,000 | ---D | C] -- C:\Users\scotty\AppData\Roaming\AVG2014
    [2014/01/13 19:44:02 | 000,000,000 | ---D | C] -- C:\Users\scotty\AppData\Roaming\TuneUp Software
    [2014/01/13 19:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2014/01/13 19:43:54 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2014/01/13 19:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
    [2014/01/13 19:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2014/01/13 19:32:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2014/01/13 19:32:22 | 000,000,000 | ---D | C] -- C:\Users\scotty\AppData\Local\MFAData
    [2014/01/13 19:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2014/01/13 19:32:22 | 000,000,000 | ---D | C] -- C:\Users\scotty\AppData\Local\Avg2014
    [2014/01/04 16:30:24 | 000,000,000 | ---D | C] -- C:\Users\scotty\AppData\Local\Conduit
    [2013/12/15 14:45:19 | 000,000,000 | ---D | C] -- C:\Users\scotty\Desktop\change of address
    [2012/11/06 20:23:32 | 006,246,216 | ---- | C] (Absolute Software Corp.) -- C:\Users\scotty\AppData\Roaming\LoJackSetup.exe
    [53 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [53 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/01/14 11:11:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3472192928-1086291339-420608945-1000UA.job
    [2014/01/14 11:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/01/14 08:57:03 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/01/14 08:57:03 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/01/14 08:54:12 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/01/14 08:54:12 | 000,664,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/01/14 08:54:12 | 000,125,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/01/14 08:54:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/01/14 08:49:53 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
    [2014/01/14 08:49:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/01/14 08:49:48 | 2042,494,975 | -HS- | M] () -- C:\hiberfil.sys
    [2014/01/14 07:47:16 | 000,000,766 | ---- | M] () -- C:\Users\scotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2014/01/14 07:47:03 | 000,000,549 | ---- | M] () -- C:\Users\scotty\Desktop\ERUNT.lnk
    [2014/01/13 20:11:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3472192928-1086291339-420608945-1000Core.job
    [2014/01/13 19:44:02 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
    [53 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [53 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/01/14 07:47:16 | 000,000,766 | ---- | C] () -- C:\Users\scotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2014/01/14 07:47:03 | 000,000,549 | ---- | C] () -- C:\Users\scotty\Desktop\ERUNT.lnk
    [2014/01/13 19:44:02 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
    [2013/08/06 10:28:39 | 000,000,017 | ---- | C] () -- C:\Users\scotty\AppData\Local\resmon.resmoncfg
    [2013/07/19 09:53:17 | 000,004,096 | -H-- | C] () -- C:\Users\scotty\AppData\Local\keyfile3.drm
    [2013/06/20 11:51:40 | 000,007,168 | ---- | C] () -- C:\Users\scotty\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/01/27 13:52:01 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2012/12/05 20:03:55 | 000,000,516 | ---- | C] () -- C:\Windows\wininit.ini
    [2012/11/10 18:01:33 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll
    [2012/11/10 18:01:33 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll
    [2012/11/10 18:01:32 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll
    [2012/11/10 18:01:32 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll
    [2012/11/10 18:01:32 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll
    [2012/11/10 18:01:32 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll
    [2012/11/10 18:01:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll
    [2012/11/10 18:01:32 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll
    [2012/11/10 18:01:31 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll
    [2012/11/10 18:01:31 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll
    [2012/11/10 18:01:31 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll
    [2012/11/10 18:01:31 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll
    [2012/11/10 18:01:31 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll
    [2012/11/10 18:01:31 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll
    [2012/11/10 18:01:30 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll
    [2012/11/10 18:01:30 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe
    [2012/11/10 18:01:30 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll
    [2012/11/10 18:01:30 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe
    [2012/11/10 18:01:29 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll
    [2012/11/10 18:01:29 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe
    [2012/11/10 18:01:29 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll
    [2012/11/10 18:01:29 | 000,086,180 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll
    [2012/11/10 18:00:29 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\DLEAsm.dll
    [2012/11/10 18:00:29 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\DLEAsmr.dll
    [2012/11/08 23:54:59 | 000,000,312 | ---- | C] () -- C:\Users\scotty\.stylerc2
    [2012/11/08 23:54:59 | 000,000,175 | ---- | C] () -- C:\Users\scotty\.mffunctions
    [2012/10/31 21:47:18 | 000,006,476 | ---- | C] () -- C:\Users\scotty\AppData\Roaming\AbsoluteReminder.xml
    [2012/10/27 06:49:34 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
    [2012/10/27 06:49:33 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
    [2012/10/27 06:49:28 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/10/27 06:49:25 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
    [2012/10/27 06:49:23 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/10/27 06:49:23 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/10/27 06:49:20 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2012/10/27 05:40:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/10/27 05:40:22 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
    [2012/03/19 10:20:48 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2012/02/03 05:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
    [2012/01/31 14:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/11/06 21:02:20 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\Absolute Software
    [2014/01/13 19:45:28 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\AVG2014
    [2012/11/01 01:45:51 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\Blio
    [2014/01/13 20:10:50 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\File Scout
    [2012/10/31 21:47:44 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\Fingertapps
    [2013/04/01 16:07:28 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\funkitron
    [2012/11/03 11:39:23 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\IDT
    [2013/08/05 11:49:04 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\MusE
    [2012/11/03 19:25:08 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\PCDr
    [2014/01/13 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\TuneUp Software
    [2012/12/25 13:31:14 | 000,000,000 | ---D | M] -- C:\Users\scotty\AppData\Roaming\WildTangent

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2012/10/27 07:09:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2012/10/27 07:09:18 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2012/10/27 07:09:18 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2012/10/27 07:09:18 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2012/10/27 07:09:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2012/10/27 07:09:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

    < MD5 for: SERVICES.EXE >
    [2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

    < %systemroot%\*. /rp /s >

    < %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: SAMSUNG SSD PM830 2.5\" 7
    Partitions: 4
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 39.00MB
    Starting Offset: 32256
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 14.00GB
    Starting Offset: 41943040
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #2
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 217.00GB
    Starting Offset: 14870904832
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #3
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 8.00GB
    Starting Offset: 247462887424
    Hidden sectors: 0


    ========== Files - Unicode (All) ==========
    [2013/03/22 17:01:30 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?·) -- C:\Windows\SysNative\㙠·
    [2013/03/22 17:01:30 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?·) -- C:\Windows\SysNative\㙠·

    < End of report >

  4. #4
    Junior Member
    Join Date
    Jan 2014
    Posts
    12

    Default from zanny

    EXTRAs
    OTL Extras logfile created on: 14/01/2014 11:37:09 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\scotty\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16428)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    7.87 Gb Total Physical Memory | 5.63 Gb Available Physical Memory | 71.52% Memory free
    15.74 Gb Paging File | 12.86 Gb Available in Paging File | 81.72% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 216.62 Gb Total Space | 131.15 Gb Free Space | 60.54% Space Free | Partition Type: NTFS

    Computer Name: SCOTTY-PC | User Name: scotty | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- "C:\Users\scotty\AppData\Roaming\File Scout\filescout.exe" /open "%1"
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- "C:\Users\scotty\AppData\Roaming\File Scout\filescout.exe" /open "%1"
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1141D05D-CA24-4F75-9AB0-177D9D9BA675}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{127D0389-A90D-4DDB-AC6F-6D4A7FFD27CF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{1ED3BAEB-2DDC-421E-AF9D-60359245328B}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{20F61969-BF22-4ECA-967C-F3041AAD678F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{22DD293B-2ED2-42C4-8AED-18CE5E572BF9}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
    "{2664D633-366B-409C-BD11-134DC772D231}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2FAE2445-5CE6-40DE-8C13-AABCAC0AFD2C}" = lport=137 | protocol=17 | dir=in | app=system |
    "{31302B74-C88A-4058-9302-30EF23E9F73D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{49EC8497-FC33-44D9-8E28-2D847B7F6D8C}" = rport=138 | protocol=17 | dir=out | app=system |
    "{52FF6492-CCF1-4C60-B717-5BC911180FCB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{5DD4768B-7783-466F-816F-95132990F998}" = rport=139 | protocol=6 | dir=out | app=system |
    "{63B9FD41-D408-40A1-BB84-A0CBFCA86D06}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{69495EE8-A2AA-4C61-A06C-F00AE722F7D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7794608E-3761-426A-8A5D-3E909EBFC972}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{782DFAFF-7AFE-4ADF-BD32-E219AEE35FB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8954F897-F7C7-4876-A6EF-9568DB5658F5}" = lport=445 | protocol=6 | dir=in | app=system |
    "{8A281309-82D8-4BBB-B2CA-C15AD8AEA618}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
    "{986FDD27-B16C-4A17-A0D1-90CC808D0513}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9E25BA32-58E5-4EF8-BAA5-3436755B2D6A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{A0B1FB7F-B875-45D5-9EC3-FA8F8C25EA4F}" = lport=138 | protocol=17 | dir=in | app=system |
    "{A0FA6788-4EEC-4A7D-9D89-36A9D012AE32}" = rport=137 | protocol=17 | dir=out | app=system |
    "{AB229307-A55E-4C80-95A0-324B4EF0F9D4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AC41E593-F296-4148-9CB3-AF13764A1E79}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
    "{B1959B0F-3E35-4DA0-9209-2DA1B36A0B4E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{B60F362C-13E6-4815-A48B-350C23E5D82F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B6CCA852-9D2F-4342-BFA7-91C65D45D6CC}" = lport=139 | protocol=6 | dir=in | app=system |
    "{B7B8A311-4605-4BFA-83EF-966CE6B335B9}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{EA9DE415-831C-4C9C-AA55-FC38B4A6A4AA}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F1A71EBD-0F78-449F-8B35-2DEAB020F0E2}" = rport=445 | protocol=6 | dir=out | app=system |
    "{FCD4539E-529E-45E6-8EA3-114B8F954471}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{004EA2B9-C7B7-4429-9404-6CA2B5258CED}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{016EC74B-DF13-4DC0-AB82-CD750E1D6AD7}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe |
    "{018D0BFA-8A67-43E4-BA31-D28CD17AA04B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
    "{059FD820-8E10-458E-914F-A8DDE939EA55}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{09528CA4-E448-4DD1-9D10-A1BFFA4C2E01}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
    "{0B494649-AE75-488D-BDAE-DAF5AA448223}" = dir=in | app=c:\windows\system32\dleacoms.exe |
    "{10F22DE5-F3BA-4B92-B098-9B94CCACEE7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{14364C07-1F39-4E69-886F-2FC291739FDF}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
    "{1FB3845E-B4F3-4592-844A-83C0E50FCC00}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{2E172482-7980-4FF2-ADEF-9B01E7935946}" = dir=in | app=c:\windows\system32\dleacoms.exe |
    "{32FC9CA3-EFB4-4C45-847D-C11F9C4CD6E5}" = dir=out | app=c:\program files\intel\wifi\bin\ccdashserver.exe |
    "{33B74003-61D6-4075-9756-1B0DD75B4344}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{35246E14-BE1F-4BD0-A3EE-E4BA1153CDE6}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
    "{3AECD0D1-D6AE-4553-8C9F-9BD1CE75726B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
    "{52C1A61D-8612-47EE-98A1-B054DFD40D2A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{5B7AE686-8126-4587-9946-DA5782D2B1EE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
    "{5BFCD432-0210-4E86-8E5A-11DF93E975B9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{5DB71E44-41ED-491F-8116-CB86C64F2610}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
    "{5F3EC9EB-F3F2-474D-963D-413D037A255E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
    "{63AAE701-A23C-4CE7-AC1D-F779A6C9A697}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
    "{642A43AD-5699-4D7D-A012-D01EEEA8F79D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{661540D2-EFDB-4236-96AF-A85618C6257E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{66479555-26B1-4E79-965F-D42D22123E95}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6B2D2D7E-98E9-483D-B66D-39E1AB95D296}" = dir=out | app=c:\program files\intel\wifi\bin\ccdash.exe |
    "{6C248607-EEA6-4E13-8853-F0CF52A6CB0C}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
    "{6E290521-270A-4505-8771-FD3E88D46264}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
    "{72F4B330-EFA3-48D2-96A3-88F7B82DAB25}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{79F60B54-5B8D-4352-A6D1-9CCB8C0AA61C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7A6B5902-E5A2-489C-84CD-0CE9AFD372F8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
    "{7D0046BF-2367-4A60-871D-528CF9824B70}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{7DB8F58A-F970-4059-A7D7-BE4114DCFA87}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{7E40A7B8-B376-4A5D-BD9A-04E396E7EDDD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{82681C0D-B93C-45CE-A15E-CACE86AAA703}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
    "{852FAC85-4E5D-443B-AEE9-A2C224EA968B}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
    "{8D63EF4D-9681-4892-8F0A-FFF64551BE61}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{912F1242-9159-43EE-A1CD-B6FB1AE31696}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
    "{96A234B5-989A-4796-858B-874A4DBF0BDA}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
    "{9A97C5A4-2AB5-413A-85D5-B9C1AE296276}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
    "{9C7C2A5C-72F9-4D4F-9C33-70808951C92F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9CAE5904-E97B-414F-8BCF-D1E95E5BACEC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9CAE8142-82B3-446B-A7C8-4A780092C224}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
    "{9DE6B383-9ED3-4657-BEC9-5F560A76FCFC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{A66B8B83-A104-45A5-9293-8B2CB77BFE09}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{A72C8FA3-4DB6-4838-ADB7-EFA07D245597}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A83CACD8-0303-4285-A4FC-2971DC79BA2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB11D256-4298-408E-89B9-0AA5E35FA5B5}" = dir=in | app=c:\users\scotty\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{AE0614FD-F15E-4553-AFCC-5F5306E84F65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{B5DE4D70-B903-45A6-9A1B-1A5376C7D544}" = protocol=6 | dir=out | app=system |
    "{BC4D857F-5409-4C31-B2C4-973DF7748CA8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
    "{BF31304B-8EDD-42C9-8E66-7F4514B9AE58}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
    "{C167BCE6-2425-465E-AF78-3DF79610100F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C1C354F3-BC46-4507-9FF2-979B5007CAA6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C2355C06-0766-41AD-900C-C9229959F1BA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{C29F324C-E099-40F7-B84E-34E6BBF6E862}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
    "{C3280548-E749-459E-BFED-D9A3FA2B629E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C9B63E7E-7417-4CDE-BC1D-76BC6EA605D7}" = dir=in | app=c:\windows\system32\dleacoms.exe |
    "{D1E2DD9E-AA59-4818-96D6-94514E8FF696}" = dir=in | app=c:\program files\intel\wifi\bin\ccdash.exe |
    "{D2E524C3-9666-4993-B7FB-86724D9F7F35}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
    "{D4A2238D-7CF7-4337-A509-8B119760A51A}" = dir=in | app=c:\program files\intel\wifi\bin\ccdashserver.exe |
    "{D63A2F3B-C32A-466C-B5FF-1A2A413AA9D5}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
    "{DEA5D910-170C-4F67-8A83-835527F456A4}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{E46D59CF-B01B-400E-A2F1-3B760C591545}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{E4E6AAF8-B0FC-401B-B49C-ECBF73C71C71}" = dir=in | app=c:\windows\system32\dleacoms.exe |
    "{EE99D4E4-EC3E-45CD-B542-3677B6BEA759}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
    "{F4A93A7F-ACAA-4D2F-B003-32B2AAB15C20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FB9FB4EA-C885-46D5-9EEF-20D7BEE5D727}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe |
    "{FFE49255-1B0F-4328-A103-63B5B638B607}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "TCP Query User{04C3CD7E-6872-40E0-BBF9-D755D44FC604}C:\program files (x86)\dell\stage remote\stageremoteservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
    "UDP Query User{80405B22-9BCD-4049-A574-E374E4E271D1}C:\program files (x86)\dell\stage remote\stageremoteservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1" = Open Freely
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
    "{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5117E283-B934-79AB-6FEF-82BFEBFF1899}" = AMD AVIVO64 Codecs
    "{520C4DD4-2BC7-409B-BA48-E1A4F832662D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    "{54EB8041-1115-4406-AA4B-44D236E84B3B}" = Intel® PROSet/Wireless WiFi Software
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{7F624BD1-4FE0-432F-B928-68302E156D04}" = AVG 2014
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{92D988EC-0FC4-DA46-CE73-496F2CD22DB3}" = AMD Accelerated Video Transcoding
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D1B033E8-A077-4B0D-9831-5798E19E861E}" = Intel(R) Smart Connect Technology 2.0 x64
    "{D2C14714-B63F-FADB-740D-47424E5617BF}" = AMD Catalyst Install Manager
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
    "{F0AFAB37-12C4-26CF-5E40-728AA59F37A6}" = ccc-utility64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "AVG" = AVG 2014
    "Dell V310-V510 Series" = Dell V310-V510 Series
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "PC-Doctor for Windows" = My Dell
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Dell Touchpad

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0225D395-ADEC-76AC-9E63-3232EC84D048}" = Catalyst Control Center
    "{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar
    "{0A027644-0CF1-9862-D9C1-CA597C67AA81}" = CCC Help Swedish
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{22CE7C3F-4952-8B46-54C3-8390BC0724B4}" = CCC Help Italian
    "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{2516CD06-49E8-1851-834E-D190304B34DA}" = CCC Help German
    "{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2C40ACF7-C3A9-E39C-47E1-FD4A58E60C29}" = CCC Help Japanese
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35D47697-42E1-ED74-5904-FC04731EBE06}" = CCC Help Portuguese
    "{3B522C13-372A-685E-F2A0-02A761AF5DB2}" = CCC Help Finnish
    "{3BD7DD08-991B-4A2F-A165-614ED14EAADD}" = Dell MusicStage
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
    "{431E2654-B0A4-4140-82A2-DD55B028B626}" = Blio
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
    "{51FDC2DE-0917-46B7-EAEC-5377504701DE}" = PowerXpressHybrid
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A27CB1D-7A41-6926-9810-00D8214EAB80}" = PX Profile Update
    "{61EF4A3D-2D5B-3C5C-0C99-DF567F2581F4}" = CCC Help English
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A38D558-9D5E-9266-6143-07805FD559FE}" = Catalyst Control Center InstallProxy
    "{6CE671FF-DAD0-2A5D-C707-6C2D018EA25C}" = CCC Help French
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{9019E2CC-B5A5-191D-840E-E14B675B9971}" = Catalyst Control Center Localization All
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
    "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9CA7C7EF-5772-2F3A-71A6-DFE6A51CAD1B}" = CCC Help Norwegian
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
    "{A5F90AE3-7BB9-EBB5-0362-006D353F0AB1}" = CCC Help Dutch
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B7DA95E1-954E-5180-220F-B5484F388E5C}" = CCC Help Spanish
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{C53BCCBE-9268-4C09-82E9-611444A73B3F}" = Dell DataSafe Online
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CB0F4DF9-3AEA-F571-322B-A97FD1062FF7}" = CCC Help Chinese Traditional
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D47490E6-97F8-C742-0DC0-B7C5994CDAC5}" = CCC Help Russian
    "{D8DD96BD-6E49-0D98-040E-6E566F629D1C}" = CCC Help Korean
    "{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
    "{DB788C65-F9E6-1826-5563-6A65C3034263}" = Catalyst Control Center Profiles Mobile
    "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EBE939ED-4612-45FD-A39E-77AC199C4273}" = Absolute Notifier
    "{EC539703-F8DF-41B3-91C1-9630EAD18E46}" = Catalyst Control Center - Branding
    "{F04259A5-F38C-7553-10CD-6CFA76F08197}" = CCC Help Chinese Standard
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FC45E4D6-FEA5-4091-B172-4351D130C2E1}" = Dell Stage
    "{FD94B93E-F717-C636-A7BD-158F6463B423}" = CCC Help Danish
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Dell Webcam Central" = Dell Webcam Central
    "ERUNT_is1" = ERUNT 1.1j
    "Google Chrome" = Google Chrome
    "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
    "MuseScore" = MuseScore 1.3
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "SpeedItup Free_is1" = SpeedItup Free 7.85
    "WildTangent dell Master Uninstall" = WildTangent Games
    "WinLiveSuite" = Windows Live Essentials
    "WiseConvert Toolbar" = WiseConvert Toolbar
    "WT089409" = Bejeweled 2 Deluxe
    "WT089410" = Blackhawk Striker 2
    "WT089411" = Build-a-lot 2
    "WT089412" = Cake Mania
    "WT089413" = Chuzzle Deluxe
    "WT089414" = Diner Dash 2 Restaurant Rescue
    "WT089415" = Dora's World Adventure
    "WT089418" = FATE
    "WT089420" = Jewel Quest
    "WT089422" = Jewel Quest Solitaire 2
    "WT089426" = Poker Superstars III
    "WT089430" = Virtual Villagers 4 - The Tree of Life
    "WT089433" = Polar Golfer
    "WT089434" = Escape Whisper Valley (TM)
    "WT089440" = Namco All-Stars PAC-MAN
    "WT089443" = Bounce Symphony
    "WT089444" = Final Drive Nitro
    "WT089445" = Penguins!
    "WT089446" = Wedding Dash - Ready, Aim, Love!
    "WT089448" = Zuma Deluxe
    "WT089450" = Farm Frenzy
    "WT089452" = Plants vs. Zombies - Game of the Year
    "WT089499" = Final Drive Fury
    "WT089503" = Samantha Swift
    "WT089507" = Luxor
    "WT089508" = Polar Bowler
    "ZinioReader4" = Zinio Reader 4

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 19/08/2013 07:57:12 | Computer Name = scotty-PC | Source = ISCT Agent | ID = 1003
    Description =

    Error - 19/08/2013 07:57:12 | Computer Name = scotty-PC | Source = ISCT Agent | ID = 1003
    Description =

    Error - 19/08/2013 07:57:13 | Computer Name = scotty-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 19/08/2013 08:08:32 | Computer Name = scotty-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: FlashPlayerUpdateService.exe, version:
    11.6.602.180, time stamp: 0x51a4ab8c Faulting module name: ntdll.dll, version: 6.1.7601.18205,
    time stamp: 0x51db9710 Exception code: 0xc0000005 Fault offset: 0x0002e243 Faulting
    process id: 0x1d88 Faulting application start time: 0x01ce9cd4bf921099 Faulting application
    path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Faulting module
    path: C:\Windows\SysWOW64\ntdll.dll Report Id: 105d5b8e-08c8-11e3-b36e-84a6c8cf2807

    Error - 19/08/2013 08:59:41 | Computer Name = scotty-PC | Source = ISCT Agent | ID = 1003
    Description =

    Error - 19/08/2013 08:59:41 | Computer Name = scotty-PC | Source = ISCT Agent | ID = 1003
    Description =

    Error - 19/08/2013 08:59:42 | Computer Name = scotty-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 19/08/2013 09:08:02 | Computer Name = scotty-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: FlashPlayerUpdateService.exe, version:
    11.6.602.180, time stamp: 0x51a4ab8c Faulting module name: ntdll.dll, version: 6.1.7601.18205,
    time stamp: 0x51db9710 Exception code: 0xc0000005 Fault offset: 0x0002e243 Faulting
    process id: 0x1eac Faulting application start time: 0x01ce9cdd21594702 Faulting application
    path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Faulting module
    path: C:\Windows\SysWOW64\ntdll.dll Report Id: 603d2d9a-08d0-11e3-821b-84a6c8cf2807

    Error - 19/08/2013 09:14:46 | Computer Name = scotty-PC | Source = ISCT Agent | ID = 1003
    Description =

    Error - 19/08/2013 09:14:46 | Computer Name = scotty-PC | Source = ISCT Agent | ID = 1003
    Description =

    Error - 19/08/2013 09:14:46 | Computer Name = scotty-PC | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 21/12/2012 23:20:31 | Computer Name = scotty-PC | Source = MCUpdate | ID = 0
    Description = 03:20:31 - Error connecting to the internet. 03:20:31 - Unable
    to contact server..

    Error - 21/12/2012 23:20:38 | Computer Name = scotty-PC | Source = MCUpdate | ID = 0
    Description = 03:20:36 - Error connecting to the internet. 03:20:36 - Unable
    to contact server..

    Error - 22/12/2012 00:20:56 | Computer Name = scotty-PC | Source = MCUpdate | ID = 0
    Description = 04:20:56 - Error connecting to the internet. 04:20:56 - Unable
    to contact server..

    Error - 22/12/2012 00:21:05 | Computer Name = scotty-PC | Source = MCUpdate | ID = 0
    Description = 04:21:01 - Error connecting to the internet. 04:21:01 - Unable
    to contact server..

    Error - 22/12/2012 01:21:13 | Computer Name = scotty-PC | Source = MCUpdate | ID = 0
    Description = 05:21:13 - Error connecting to the internet. 05:21:13 - Unable
    to contact server..

    Error - 22/12/2012 01:21:20 | Computer Name = scotty-PC | Source = MCUpdate | ID = 0
    Description = 05:21:18 - Error connecting to the internet. 05:21:18 - Unable
    to contact server..

    Error - 22/12/2012 02:21:28 | Computer Name = scotty-PC | Source = MCUpdate | ID = 0
    Description = 06:21:28 - Error connecting to the internet. 06:21:28 - Unable
    to contact server..

    Error - 22/12/2012 02:21:35 | Computer Name = scotty-PC | Source = MCUpdate | ID = 0
    Description = 06:21:33 - Error connecting to the internet. 06:21:33 - Unable
    to contact server..

    [ System Events ]
    Error - 13/01/2014 13:44:40 | Computer Name = scotty-PC | Source = Service Control Manager | ID = 7024
    Description = The AVG Firewall service terminated with service-specific error %%-536805289.

    Error - 13/01/2014 14:01:47 | Computer Name = scotty-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 20:00:18 on ?13/?01/?2014 was unexpected.

    Error - 13/01/2014 14:01:50 | Computer Name = scotty-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService
    service to connect.

    Error - 13/01/2014 14:01:50 | Computer Name = scotty-PC | Source = Service Control Manager | ID = 7000
    Description = The dleaCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 14/01/2014 02:04:55 | Computer Name = scotty-PC | Source = DCOM | ID = 10010
    Description =

    Error - 14/01/2014 02:05:31 | Computer Name = scotty-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService
    service to connect.

    Error - 14/01/2014 02:05:31 | Computer Name = scotty-PC | Source = Service Control Manager | ID = 7000
    Description = The dleaCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 14/01/2014 02:49:16 | Computer Name = scotty-PC | Source = DCOM | ID = 10010
    Description =

    Error - 14/01/2014 02:49:53 | Computer Name = scotty-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService
    service to connect.

    Error - 14/01/2014 02:49:53 | Computer Name = scotty-PC | Source = Service Control Manager | ID = 7000
    Description = The dleaCATSCustConnectService service failed to start due to the
    following error: %%1053


    < End of report >

    and aswMBR

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2014-01-14 11:48:01
    -----------------------------
    11:48:01.825 OS Version: Windows x64 6.1.7601 Service Pack 1
    11:48:01.826 Number of processors: 4 586 0x3A09
    11:48:01.826 ComputerName: SCOTTY-PC UserName: scotty
    11:48:02.066 Initialize success
    11:52:12.831 AVAST engine defs: 14011400
    11:55:04.955 The log file has been saved successfully to "C:\Users\scotty\Documents\zanna\misc\computer\fix files\aswMBR.txt"


    I couldnt find MBR.dat

  5. #5
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi Zanny


    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    Next

    AdwCleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
    ----------


    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    Next

    • Download RogueKiller and save it to your desktop.
    • Quit all other programs
    • Start RogueKiller.exe
    • Wait until the Prescan has finished ...
    • Click on Scan
    • Wait for the end of the scan
    • A report will be created on your desktop.
    • Click on the Delete button
    • Next click on the ShortcutsFix
    • another report will be created on your desktop.


    Please post: All RKreport.txt text files located on your desktop.

    On your next reply please post :
    • Checkup.txt
    • AdwCleaner[R0].txt
    • JRT.txt
    • All RKreport.txt

    Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
    Last edited by Robybel; 2014-01-14 at 22:59.
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  6. #6
    Junior Member
    Join Date
    Jan 2014
    Posts
    12

    Default from zanny

    Good morning!

    Hopefully I did all that ok! Hopefully the files requested are attached!
    thanks
    Attached Files Attached Files

  7. #7
    Junior Member
    Join Date
    Jan 2014
    Posts
    12

    Default from zanny

    I just noticed my windows update had new updates to be installed, so I did. I hope this wasnt the wrong thing to do right now. Here is the log for what was installed.

    thanks!

    Security Update for Windows 7 for x64-based Systems (KB2862330)

    Installation date: ‎15/‎01/‎2014 09:31

    Installation status: Successful

    Update type: Important

    A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

    More information:
    http://support.microsoft.com/kb/2862330

    Help and Support:
    http://support.microsoft.com

    Security Update for Windows 7 for x64-based Systems (KB2913602)

    Installation date: ‎15/‎01/‎2014 09:31

    Installation status: Successful

    Update type: Important

    A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

    More information:
    http://support.microsoft.com/kb/2913602

    Help and Support:
    http://support.microsoft.com
    Update for Windows 7 for x64-based Systems (KB2913431)

    Installation date: ‎15/‎01/‎2014 09:31

    Installation status: Successful

    Update type: Recommended

    Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

    More information:
    http://support.microsoft.com/kb/2913431

    Help and Support:
    http://support.microsoft.com
    Windows Malicious Software Removal Tool x64 - January 2014 (KB890830)

    Installation date: ‎15/‎01/‎2014 09:31

    Installation status: Successful

    Update type: Important

    After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you start your computer. A new version of the tool will be offered every month. If you want to manually run the tool on your computer, you can download a copy from the Microsoft Download Center, or you can run an online version from microsoft.com. This tool is not a replacement for an antivirus product. To help protect your computer, you should use an antivirus product.

    More information:
    http://support.microsoft.com/kb/890830

    Help and Support:
    http://support.microsoft.com
    Definition Update for Windows Defender - KB915597 (Definition 1.165.1783.0)

    Installation date: ‎15/‎01/‎2014 05:31

    Installation status: Successful

    Update type: Important

    Install this update to revise the definition files used to detect spyware and other potentially unwanted software. Once you have installed this item, it cannot be removed.

    More information:
    http://www.microsoft.com/athome/secu.../overview.mspx

    Help and Support:
    http://go.microsoft.com/fwlink/?LinkId=52661

  8. #8
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi Zanny

    Do you remember in my first post?

    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.


    Please Only Copy And Paste Reports Into Topic - Do Not Attach Thanks

    ------------------------------------------

    AdwCleaner

    Double click on AdwCleaner.exe to run the tool again.
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
    • This time, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.



    Next


    Please read through these instructions to familarize yourself with what to expect when this tool runs

    Refer to the ComboFix User's Guide


    Download ComboFix from one of these locations:

    Link 1
    Link 2



    * IMPORTANT- Save ComboFix.exe to your Desktop

    ====================================================


    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


    ====================================================


    Double click on combofix.exe & follow the prompts.


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.



    On your next reply please post :
    • AdwCleaner[S0].txt
    • C:\ComboFix.txt

    Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
    Last edited by Robybel; 2014-01-15 at 21:26.
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  9. #9
    Junior Member
    Join Date
    Jan 2014
    Posts
    12

    Default from zanny

    First two points noted.

    I followed the instructions, but I did not get the window to save combofix to the desktop it ran immediately.

    Here are the log files

    Adwcleaner

    # AdwCleaner v3.017 - Report created 15/01/2014 at 23:58:04
    # Updated 12/01/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : scotty - SCOTTY-PC
    # Running from : C:\Users\scotty\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\boost_interprocess
    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    File Deleted : C:\Users\scotty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
    File Deleted : C:\Users\scotty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
    File Deleted : C:\Windows\System32\Tasks\Browser Manager
    File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
    Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
    Key Deleted : HKCU\Software\532da8fb36de910
    Key Deleted : HKLM\SOFTWARE\532da8fb36de910
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{748E8CA1-084F-4156-9E0F-D82ABD29752B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AFF3485-59BB-455B-9972-CEB7C8F75AFB}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\wscontb
    Key Deleted : HKCU\Software\WiseConvert
    Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
    Key Deleted : HKCU\Software\AppDataLow\Software\WiseConvert
    Key Deleted : HKLM\Software\WiseConvert
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert Toolbar
    Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16428


    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\scotty\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : icon_url
    Deleted : search_url
    Deleted : suggest_url
    Deleted : keyword
    Deleted : urls_to_restore_on_startup

    *************************

    AdwCleaner[R0].txt - [9322 octets] - [15/01/2014 05:29:25]
    AdwCleaner[R1].txt - [5269 octets] - [15/01/2014 23:50:34]
    AdwCleaner[S0].txt - [5107 octets] - [15/01/2014 23:58:04]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5167 octets] ##########

  10. #10
    Junior Member
    Join Date
    Jan 2014
    Posts
    12

    Default from zanny

    combofix file

    ComboFix 14-01-14.02 - scotty 16/01/2014 0:20.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8058.5376 [GMT 2:00]
    Running from: c:\users\scotty\Downloads\ComboFix.exe
    AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
    SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\PCDr\6422\AddOnDownloaded\1ad2478a-f061-4c93-bd0d-d1433323fd23.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\25859408-d118-4a4d-a622-6f6b98c8b7a4.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\2ff77179-a156-48e2-9210-92584330fa1e.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\4024761b-0217-45f9-98b3-a2cd8c309252.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\433f450c-7cfc-4bb7-9084-d52289cd0b0f.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\538ed073-443d-4773-bf99-d9acbd2ae75f.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\58073f58-c256-45c9-a26d-2c9c44ad6b03.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\712ff270-978b-4b35-9eb6-621f6ff35d6e.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\721f0e40-f9ae-403d-b919-f31f136f926d.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\a4f460a6-e6cd-457f-931d-cb0fc7d56d03.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\b0bf6cc9-ca1b-4293-aa54-f533d6b586c7.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\b46fef86-eb4a-44db-ad48-0c00477a0097.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\ca984d5b-37f4-4f56-8ca3-2a0d6cdba833.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\cce4ac4d-7353-4099-b347-95166f07f05e.dll
    c:\programdata\Roaming
    c:\programdata\SPL1FEB.tmp
    c:\programdata\SPL2D76.tmp
    c:\programdata\SPL2FC.tmp
    c:\programdata\SPL3D2E.tmp
    c:\programdata\SPL3D8C.tmp
    c:\programdata\SPL3E47.tmp
    c:\programdata\SPL3E66.tmp
    c:\programdata\SPL3F60.tmp
    c:\programdata\SPL3F7F.tmp
    c:\programdata\SPL3F80.tmp
    c:\programdata\SPL3FAE.tmp
    c:\programdata\SPL40D6.tmp
    c:\programdata\SPL40F5.tmp
    c:\programdata\SPL4114.tmp
    c:\programdata\SPL4143.tmp
    c:\programdata\SPL421E.tmp
    c:\programdata\SPL425C.tmp
    c:\programdata\SPL427B.tmp
    c:\programdata\SPL42BA.tmp
    c:\programdata\SPL4401.tmp
    c:\programdata\SPL44AD.tmp
    c:\programdata\SPL450A.tmp
    c:\programdata\SPL4836.tmp
    c:\programdata\SPL4845.tmp
    c:\programdata\SPL494E.tmp
    c:\programdata\SPL4AE4.tmp
    c:\programdata\SPL4B9F.tmp
    c:\programdata\SPL4C3B.tmp
    c:\programdata\SPL4C6A.tmp
    c:\programdata\SPL4C99.tmp
    c:\programdata\SPL4D06.tmp
    c:\programdata\SPL4FE3.tmp
    c:\programdata\SPL50AE.tmp
    c:\programdata\SPL534D.tmp
    c:\programdata\SPL54F2.tmp
    c:\programdata\SPL557E.tmp
    c:\programdata\SPL55DC.tmp
    c:\programdata\SPL5678.tmp
    c:\programdata\SPL56D6.tmp
    c:\programdata\SPL586B.tmp
    c:\programdata\SPL58B9.tmp
    c:\programdata\SPL5917.tmp
    c:\programdata\SPL67E.tmp
    c:\programdata\SPL6CA6.tmp
    c:\programdata\SPL6CB6.tmp
    c:\programdata\SPL7359.tmp
    c:\programdata\SPL7F1A.tmp
    c:\programdata\SPL90C7.tmp
    c:\programdata\SPL9117.tmp
    c:\programdata\SPL9951.tmp
    c:\programdata\SPL9C7F.tmp
    c:\programdata\SPLE9D1.tmp
    c:\programdata\SPLFA07.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-12-15 to 2014-01-15 )))))))))))))))))))))))))))))))
    .
    .
    2014-01-15 22:24 . 2014-01-15 22:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-01-15 22:03 . 2014-01-15 22:03 -------- d-----w- c:\programdata\boost_interprocess
    2014-01-15 21:46 . 2014-01-15 21:59 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
    2014-01-15 05:30 . 2014-01-15 05:30 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-01-15 03:40 . 2014-01-15 03:40 -------- d-----w- c:\windows\ERUNT
    2014-01-15 03:31 . 2013-11-27 01:42 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2014-01-15 03:31 . 2013-11-27 01:42 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2014-01-15 03:31 . 2013-11-27 01:42 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
    2014-01-15 03:31 . 2013-11-27 01:42 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2014-01-15 03:31 . 2013-11-27 01:42 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2014-01-15 03:31 . 2013-11-27 01:42 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2014-01-15 03:31 . 2013-11-27 01:42 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
    2014-01-15 03:31 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
    2014-01-15 03:31 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
    2014-01-15 03:31 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFA394BD-FD36-419F-9B4C-9E1F7519F6E6}\mpengine.dll
    2014-01-15 03:29 . 2014-01-15 21:58 -------- d-----w- C:\AdwCleaner
    2014-01-13 17:45 . 2014-01-13 17:45 -------- d-----w- c:\users\scotty\AppData\Roaming\AVG2014
    2014-01-13 17:44 . 2014-01-13 17:44 -------- d-----w- c:\users\scotty\AppData\Roaming\TuneUp Software
    2014-01-13 17:43 . 2014-01-13 17:44 -------- d-----w- c:\programdata\AVG2014
    2014-01-13 17:43 . 2014-01-13 17:43 -------- d-----w- C:\$AVG
    2014-01-13 17:43 . 2014-01-13 17:43 -------- d-----w- c:\program files (x86)\AVG
    2014-01-13 17:32 . 2014-01-15 21:52 -------- d-----w- c:\programdata\MFAData
    2014-01-13 17:32 . 2014-01-13 18:03 -------- d-----w- c:\users\scotty\AppData\Local\Avg2014
    2014-01-13 17:32 . 2014-01-13 17:32 -------- d--h--w- c:\programdata\Common Files
    2014-01-13 17:32 . 2014-01-13 17:32 -------- d-----w- c:\users\scotty\AppData\Local\MFAData
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-01-15 21:59 . 2012-10-27 03:35 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
    2014-01-15 07:30 . 2012-11-03 09:08 86054176 ----a-w- c:\windows\system32\MRT.exe
    2013-11-26 11:54 . 2013-12-11 03:01 23183360 ----a-w- c:\windows\system32\mshtml.dll
    2013-11-26 10:19 . 2013-12-11 03:01 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2013-11-26 10:18 . 2013-12-11 03:01 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2013-11-26 09:48 . 2013-12-11 03:01 66048 ----a-w- c:\windows\system32\iesetup.dll
    2013-11-26 09:46 . 2013-12-11 03:01 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2013-11-26 09:41 . 2013-12-11 03:01 2764288 ----a-w- c:\windows\system32\iertutil.dll
    2013-11-26 09:29 . 2013-12-11 03:01 53760 ----a-w- c:\windows\system32\jsproxy.dll
    2013-11-26 09:27 . 2013-12-11 03:01 33792 ----a-w- c:\windows\system32\iernonce.dll
    2013-11-26 09:23 . 2013-12-11 03:01 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-11-26 09:21 . 2013-12-11 03:01 574976 ----a-w- c:\windows\system32\ieui.dll
    2013-11-26 09:18 . 2013-12-11 03:01 139264 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-11-26 09:18 . 2013-12-11 03:01 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
    2013-11-26 09:16 . 2013-12-11 03:01 708608 ----a-w- c:\windows\system32\jscript9diag.dll
    2013-11-26 08:57 . 2013-12-11 03:01 218624 ----a-w- c:\windows\system32\ie4uinit.exe
    2013-11-26 08:35 . 2013-12-11 03:01 5769216 ----a-w- c:\windows\system32\jscript9.dll
    2013-11-26 08:28 . 2013-12-11 03:01 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2013-11-26 08:16 . 2013-12-11 03:01 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
    2013-11-26 08:02 . 2013-12-11 03:01 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-11-26 07:48 . 2013-12-11 03:01 12996608 ----a-w- c:\windows\system32\ieframe.dll
    2013-11-26 07:32 . 2013-12-11 03:01 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2013-11-26 07:07 . 2013-12-11 03:01 2334208 ----a-w- c:\windows\system32\wininet.dll
    2013-11-26 06:40 . 2013-12-11 03:01 1395200 ----a-w- c:\windows\system32\urlmon.dll
    2013-11-26 06:34 . 2013-12-11 03:01 817664 ----a-w- c:\windows\system32\ieapfltr.dll
    2013-11-26 06:33 . 2013-12-11 03:01 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
    2013-11-26 03:04 . 2013-11-26 03:04 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2013-11-26 03:04 . 2013-11-26 03:04 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
    2013-11-26 03:04 . 2013-11-26 03:04 942592 ----a-w- c:\windows\system32\jsIntl.dll
    2013-11-26 03:04 . 2013-11-26 03:04 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2013-11-26 03:04 . 2013-11-26 03:04 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2013-11-26 03:04 . 2013-11-26 03:04 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2013-11-26 03:04 . 2013-11-26 03:04 84992 ----a-w- c:\windows\system32\mshtmled.dll
    2013-11-26 03:04 . 2013-11-26 03:04 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
    2013-11-26 03:04 . 2013-11-26 03:04 81408 ----a-w- c:\windows\system32\icardie.dll
    2013-11-26 03:04 . 2013-11-26 03:04 774144 ----a-w- c:\windows\system32\jscript.dll
    2013-11-26 03:04 . 2013-11-26 03:04 77312 ----a-w- c:\windows\system32\tdc.ocx
    2013-11-26 03:04 . 2013-11-26 03:04 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-11-26 03:04 . 2013-11-26 03:04 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2013-11-26 03:04 . 2013-11-26 03:04 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
    2013-11-26 03:04 . 2013-11-26 03:04 626176 ----a-w- c:\windows\system32\msfeeds.dll
    2013-11-26 03:04 . 2013-11-26 03:04 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
    2013-11-26 03:04 . 2013-11-26 03:04 62464 ----a-w- c:\windows\system32\pngfilt.dll
    2013-11-26 03:04 . 2013-11-26 03:04 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2013-11-26 03:04 . 2013-11-26 03:04 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
    2013-11-26 03:04 . 2013-11-26 03:04 616104 ----a-w- c:\windows\system32\ieapfltr.dat
    2013-11-26 03:04 . 2013-11-26 03:04 548352 ----a-w- c:\windows\system32\vbscript.dll
    2013-11-26 03:04 . 2013-11-26 03:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
    2013-11-26 03:04 . 2013-11-26 03:04 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2013-11-26 03:04 . 2013-11-26 03:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2013-11-26 03:04 . 2013-11-26 03:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2013-11-26 03:04 . 2013-11-26 03:04 48128 ----a-w- c:\windows\system32\imgutil.dll
    2013-11-26 03:04 . 2013-11-26 03:04 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
    2013-11-26 03:04 . 2013-11-26 03:04 453120 ----a-w- c:\windows\system32\dxtmsft.dll
    2013-11-26 03:04 . 2013-11-26 03:04 413696 ----a-w- c:\windows\system32\html.iec
    2013-11-26 03:04 . 2013-11-26 03:04 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2013-11-26 03:04 . 2013-11-26 03:04 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
    2013-11-26 03:04 . 2013-11-26 03:04 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2013-11-26 03:04 . 2013-11-26 03:04 337408 ----a-w- c:\windows\SysWow64\html.iec
    2013-11-26 03:04 . 2013-11-26 03:04 30208 ----a-w- c:\windows\system32\licmgr10.dll
    2013-11-26 03:04 . 2013-11-26 03:04 296960 ----a-w- c:\windows\system32\dxtrans.dll
    2013-11-26 03:04 . 2013-11-26 03:04 263376 ----a-w- c:\windows\system32\iedkcs32.dll
    2013-11-26 03:04 . 2013-11-26 03:04 247808 ----a-w- c:\windows\system32\msls31.dll
    2013-11-26 03:04 . 2013-11-26 03:04 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2013-11-26 03:04 . 2013-11-26 03:04 243200 ----a-w- c:\windows\system32\webcheck.dll
    2013-11-26 03:04 . 2013-11-26 03:04 235520 ----a-w- c:\windows\system32\url.dll
    2013-11-26 03:04 . 2013-11-26 03:04 235008 ----a-w- c:\windows\system32\elshyph.dll
    2013-11-26 03:04 . 2013-11-26 03:04 195584 ----a-w- c:\windows\system32\msrating.dll
    2013-11-26 03:04 . 2013-11-26 03:04 182272 ----a-w- c:\windows\SysWow64\msls31.dll
    2013-11-26 03:04 . 2013-11-26 03:04 167424 ----a-w- c:\windows\system32\iexpress.exe
    2013-11-26 03:04 . 2013-11-26 03:04 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
    2013-11-26 03:04 . 2013-11-26 03:04 147968 ----a-w- c:\windows\system32\occache.dll
    2013-11-26 03:04 . 2013-11-26 03:04 143872 ----a-w- c:\windows\system32\wextract.exe
    2013-11-26 03:04 . 2013-11-26 03:04 139264 ----a-w- c:\windows\SysWow64\wextract.exe
    2013-11-26 03:04 . 2013-11-26 03:04 13824 ----a-w- c:\windows\system32\mshta.exe
    2013-11-26 03:04 . 2013-11-26 03:04 135680 ----a-w- c:\windows\system32\iepeers.dll
    2013-11-26 03:04 . 2013-11-26 03:04 13312 ----a-w- c:\windows\SysWow64\mshta.exe
    2013-11-26 03:04 . 2013-11-26 03:04 13312 ----a-w- c:\windows\system32\msfeedssync.exe
    2013-11-26 03:04 . 2013-11-26 03:04 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
    2013-11-26 03:04 . 2013-11-26 03:04 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2013-11-26 03:04 . 2013-11-26 03:04 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2013-11-26 03:04 . 2013-11-26 03:04 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2013-11-26 03:04 . 2013-11-26 03:04 105984 ----a-w- c:\windows\system32\iesysprep.dll
    2013-11-26 03:04 . 2013-11-26 03:04 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2013-11-26 03:04 . 2013-11-26 03:04 101376 ----a-w- c:\windows\system32\inseng.dll
    2013-11-23 18:26 . 2013-12-10 22:44 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
    2013-11-23 17:47 . 2013-12-10 22:44 465920 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-11-19 03:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
    2013-11-12 02:23 . 2013-12-10 22:44 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-11-12 02:07 . 2013-12-10 22:44 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2013-11-05 19:55 . 2013-11-05 19:55 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys
    2013-11-04 19:52 . 2013-11-04 19:52 240920 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
    2013-10-31 21:00 . 2013-10-31 21:00 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
    2013-10-31 20:49 . 2013-10-31 20:49 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
    2013-10-30 02:32 . 2013-12-10 22:44 335360 ----a-w- c:\windows\system32\msieftp.dll
    2013-10-30 02:19 . 2013-12-10 22:44 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
    2013-10-24 20:25 . 2013-10-24 20:25 194872 ----a-w- c:\windows\system32\drivers\avgidsha.sys
    2013-10-19 02:18 . 2013-12-10 22:44 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2013-10-19 01:36 . 2013-12-10 22:44 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-19 636032]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2012-03-06 577024]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
    "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
    "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
    "Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2011-05-10 85672]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    .
    c:\users\scotty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\users\scotty\Desktop\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\dleaserv.exe [x]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
    R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
    S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
    S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
    S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
    S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
    S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe;c:\windows\SYSNATIVE\dleacoms.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
    S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
    S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
    S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
    S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
    S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
    S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys;c:\windows\SYSNATIVE\DRIVERS\irstrtdv.sys [x]
    S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
    S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-01-15 22:03 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-06 19:30]
    .
    2013-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cef0c387dd926e.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-06 19:30]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-13 1425408]
    "IntelMyWiFiDashboard"="c:\program files\Intel\WiFi\bin\CCDashServer.exe" [2012-03-30 4966912]
    "IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-03-29 4756240]
    "BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-22 11406608]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-28 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-28 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-28 439576]
    "Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
    "dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2011-01-24 770728]
    "EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2011-01-24 139944]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-SpeedItup Free_is1 - c:\program files (x86)\SpeedItup Free\unins000.exe
    AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-01-16 00:26:45
    ComboFix-quarantined-files.txt 2014-01-15 22:26
    .
    Pre-Run: 141,162,426,368 bytes free
    Post-Run: 140,834,770,944 bytes free
    .
    - - End Of File - - 9342E3917B350ECB843A0C0560A667F1

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •