dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
9811
share rss forum feed


Tornado15550

join:2012-12-16
Canada

Remove PC Cleaner Pro

I accidentally installed a software known as PC Cleaner Pro, and even after uninstalling it using add/remove programs and by also trying to remove it by going to safe mode, I think a part of it still resides on my system. This is what Action Center states when no antivirus is installed:


Also, Dell Support Center states that it is present as well:



How do I completely remove this software and also remove it from Action Center?
Here are my logs:
MBAM log:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.21.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Tornado15550 :: TORNADO15550-PC [administrator]

Protection: Enabled

21/06/2013 10:55:29 AM
mbam-log-2013-06-21 (10-55-29).txt

Scan type: Full scan (C:\|D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 514729
Time elapsed: 2 hour(s), 7 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
AdwCleaner log:
# AdwCleaner v2.303 - Logfile created 06/20/2013 at 19:33:06
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tornado15550 - TORNADO15550-PC
# Boot Mode : Normal
# Running from : C:\Users\Tornado15550\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\APN

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Tornado15550\AppData\Roaming\Mozilla\Firefox\Profiles\fkuwaog7.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1309 octets] - [20/06/2013 19:33:06]

########## EOF - C:\AdwCleaner[S1].txt - [1369 octets] ##########
OTL.txt:
OTL logfile created on: 20/06/2013 7:40:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tornado15550\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.87 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 57.95% Memory free
7.73 Gb Paging File | 5.77 Gb Available in Paging File | 74.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 351.01 Gb Total Space | 66.71 Gb Free Space | 19.01% Space Free | Partition Type: NTFS
Drive G: | 100.00 Gb Total Space | 31.87 Gb Free Space | 31.87% Space Free | Partition Type: NTFS

Computer Name: TORNADO15550-PC | User Name: Tornado15550 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/06/20 19:26:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tornado15550\Desktop\OTL.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/11 04:37:42 | 003,478,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/02 14:00:44 | 013,836,984 | ---- | M] (Telus) -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\TelusSecurityAdvisor.exe
PRC - [2012/11/02 13:58:32 | 012,575,752 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\Telus_ServicepointService.exe
PRC - [2012/06/11 13:12:00 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2009/12/29 15:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/22 15:57:24 | 020,758,016 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\libcef.dll
MOD - [2012/05/22 15:57:24 | 001,094,158 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\avcodec-53.dll
MOD - [2012/05/22 15:57:24 | 000,622,080 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\libGLESv2.dll
MOD - [2012/05/22 15:57:24 | 000,183,822 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\avformat-53.dll
MOD - [2012/05/22 15:57:24 | 000,117,262 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\avutil-51.dll
MOD - [2012/05/22 15:57:24 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\libEGL.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2012/10/23 14:23:14 | 001,637,112 | ---- | M] (TELUS security services) [Auto | Running] -- C:\Program Files\TELUS security services\TELUS security services\vsserv.exe -- (VSSERV)
SRV:64bit: - [2012/10/23 14:23:13 | 000,068,416 | ---- | M] (TELUS security services) [Auto | Running] -- C:\Program Files\TELUS security services\TELUS security services\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2012/10/23 14:12:28 | 000,065,344 | ---- | M] (TELUS security services) [Disabled | Stopped] -- C:\Program Files\TELUS security services\TELUS security services\bdparentalservice.exe -- (BdDesktopParental)
SRV:64bit: - [2010/06/17 22:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/06/01 23:30:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/02 15:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/12/29 15:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/06/14 21:16:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/11 16:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/29 13:41:48 | 004,246,912 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2013/03/13 14:33:30 | 000,187,912 | ---- | M] (Dell Products, LP.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2012/11/02 13:58:32 | 012,575,752 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\Telus_ServicepointService.exe -- (ServicepointService8)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/02/16 10:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/12/23 18:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/11/04 14:39:26 | 002,320,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/04 14:39:24 | 000,268,824 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2013/04/12 11:41:28 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/10 14:00:50 | 000,587,024 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2012/10/10 14:00:48 | 000,705,552 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2012/09/21 17:16:44 | 000,082,384 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2012/08/29 17:24:10 | 000,145,696 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/17 15:26:48 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020200}_0)
DRV:64bit: - [2012/07/06 14:21:55 | 000,093,160 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\TELUS security services\TELUS security services Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2012/07/02 14:21:40 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/14 19:16:37 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\TELUS security services\TELUS security services Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 10:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/17 22:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/06/07 16:45:00 | 000,174,848 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/06/01 23:50:28 | 006,857,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/06/01 22:42:48 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/06 06:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/30 13:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/03/30 13:58:06 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/03/30 13:58:06 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/03/30 13:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/03/30 12:58:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/22 10:47:28 | 000,027,648 | ---- | M] (gogo6 Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gogotun.sys -- (gogoTunnelDevice)
DRV:64bit: - [2010/03/17 15:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/02 15:13:10 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/02/02 15:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/02 15:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/12/17 11:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/11 16:11:42 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/02/16 07:42:28 | 000,022,528 | ---- | M] (Christian Diefer) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fanio.sys -- (fanio)
DRV:64bit: - [2006/11/01 05:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2013/02/05 02:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2012/06/11 13:12:08 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/06/11 13:12:06 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 42 2D A9 EE 2D CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{4195B073-1968-4F9E-81FF-86FEA376C796}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:2.0
FF - prefs.js..extensions.enabledAddons: motiveplugin%40motive-alcatel-lucent.com:1.0.1.25
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.2.2
FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.9.0.12585
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA_8,version=1: C:\Program Files (x86)\Telus\security advisor\5.5.12.650\nprpspa.dll (Telus)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll File not found
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA_8,version=1: C:\Program Files (x86)\Telus\security advisor\5.5.12.650\nprpspa.dll (Telus)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\TELUS SECURITY SERVICES\TELUS SECURITY SERVICES\BDTBEXT [2012/12/11 19:52:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013/06/01 19:26:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/14 21:24:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/14 21:23:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\TELUS security services\TELUS security services\bdtbext [2012/12/11 19:52:53 | 000,000,000 | ---D | M]

[2013/06/14 20:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tornado15550\AppData\Roaming\Mozilla\Extensions
[2013/06/19 12:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tornado15550\AppData\Roaming\Mozilla\Firefox\Profiles\fkuwaog7.default\extensions
[2013/06/14 21:01:51 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Tornado15550\AppData\Roaming\Mozilla\Firefox\Profiles\fkuwaog7.default\extensions\https-everywhere@eff.org
[2013/06/14 21:00:39 | 000,000,000 | ---D | M] (Motive Plugin for TELUS) -- C:\Users\Tornado15550\AppData\Roaming\Mozilla\Firefox\Profiles\fkuwaog7.default\extensions\motiveplugin@motive-alcatel-lucent.com
[2013/06/14 21:01:14 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Tornado15550\AppData\Roaming\Mozilla\Firefox\Profiles\fkuwaog7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/06/14 21:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/14 21:09:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/14 21:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/14 21:09:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/14 20:59:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/01 19:26:16 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 11.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2013/01/11 03:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlusx64.dll (Adblock Plus)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus.dll (Adblock Plus)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\TELUS security services\TELUS security services\bdagent.exe (TELUS security services)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TelusSecurityAdvisor] C:\Program Files (x86)\Telus\security advisor\5.5.12.650\TelusSecurityAdvisor.exe (Telus)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16:64bit: - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Reg Error: Key error.)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Reg Error: Key error.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (Reg Error: Key error.)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{049FE5B6-6C37-44DB-A818-F8206829A21C}: DhcpNameServer = 192.168.1.254 75.153.176.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\tmbp - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx - No CLSID value found
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp - No CLSID value found
O18 - Protocol\Handler\tmpx - No CLSID value found
O18 - Protocol\Handler\tmtbim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/06/20 19:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/06/20 19:26:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tornado15550\Desktop\OTL.exe
[2013/06/20 19:24:58 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Tornado15550\Desktop\TFC.exe
[2013/06/20 19:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Adblock Plus for IE
[2013/06/20 15:47:45 | 000,000,000 | ---D | C] -- C:\Users\Tornado15550\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2013/06/17 00:20:10 | 000,000,000 | ---D | C] -- C:\Users\Tornado15550\AppData\Local\Windows Live Writer
[2013/06/14 20:59:33 | 000,000,000 | ---D | C] -- C:\Users\Tornado15550\AppData\Roaming\Mozilla
[2013/06/14 20:59:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/06/12 23:03:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/12 23:03:53 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/12 23:03:53 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/12 23:03:53 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/12 23:03:52 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/12 23:03:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/12 23:03:52 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/06/12 23:03:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/12 23:03:52 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/12 23:03:49 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/12 23:03:49 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/12 23:03:49 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/12 23:03:48 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/12 23:01:41 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/12 23:01:40 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/11 23:08:04 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/11 23:08:04 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/11 23:08:02 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/11 23:08:02 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/11 23:07:54 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/11 23:07:44 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/11 23:07:44 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/11 23:07:44 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/11 23:07:44 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/11 23:07:43 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/11 23:07:43 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/11 23:07:30 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/11 23:07:29 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/09 13:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/06/09 13:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/09 13:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/06/09 13:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/06/04 20:49:30 | 000,000,000 | ---D | C] -- C:\Users\Tornado15550\AppData\Roaming\.minecraft
[2013/06/03 00:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2013/06/01 17:12:28 | 000,000,000 | ---D | C] -- C:\Users\Tornado15550\AppData\Roaming\PDAppFlex
[2013/06/01 16:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013/06/01 16:38:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/05/28 01:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe Online
[2013/05/26 00:39:51 | 000,000,000 | R--D | C] -- C:\Users\Tornado15550\Desktop\Minecraft
[2013/05/25 23:50:31 | 000,000,000 | ---D | C] -- C:\Users\Tornado15550\AppData\Roaming\r2 Studios
[2013/05/25 23:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/05/25 14:40:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/05/25 14:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/05/25 14:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/05/24 00:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal
[2013/05/24 00:40:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Craften Terminal
[1 C:\Users\Tornado15550\Desktop\*.tmp files -> C:\Users\Tornado15550\Desktop\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/06/20 19:43:31 | 000,030,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/20 19:43:31 | 000,030,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/20 19:35:27 | 005,101,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/06/20 19:35:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/20 19:34:44 | 3113,230,336 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/20 19:33:20 | 000,000,101 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/06/20 19:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/20 19:26:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tornado15550\Desktop\OTL.exe
[2013/06/20 19:26:14 | 000,006,456 | ---- | M] () -- C:\Users\Tornado15550\Desktop\SecurityCheck.exe
[2013/06/20 19:25:25 | 000,648,201 | ---- | M] () -- C:\Users\Tornado15550\Desktop\adwcleaner.exe
[2013/06/20 19:24:58 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Tornado15550\Desktop\TFC.exe
[2013/06/20 15:42:45 | 000,002,935 | ---- | M] () -- C:\Users\Tornado15550\Desktop\inSSIDer 3.lnk
[2013/06/20 12:15:47 | 000,017,637 | ---- | M] () -- C:\Users\Tornado15550\Desktop\954835_562911013756807_1143966030_n.jpg
[2013/06/19 22:49:08 | 002,946,533 | ---- | M] () -- C:\Users\Tornado15550\Desktop\PC.gif
[2013/06/14 21:16:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/14 21:16:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/14 20:59:32 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/06/14 16:40:34 | 000,018,760 | ---- | M] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2013/06/14 16:35:15 | 015,789,224 | ---- | M] () -- C:\Users\Tornado15550\Desktop\Special Effects.mp4
[2013/06/12 21:31:11 | 008,610,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/06/11 19:26:16 | 015,043,361 | ---- | M] () -- C:\Users\Tornado15550\Desktop\04 puremath30 released items 2009 final.pdf
[2013/06/11 19:26:14 | 016,073,080 | ---- | M] () -- C:\Users\Tornado15550\Desktop\03 puremath released 2010-11.pdf
[2013/06/11 19:26:03 | 016,309,297 | ---- | M] () -- C:\Users\Tornado15550\Desktop\04 puremath released 2011-12.pdf
[2013/06/09 21:38:49 | 000,760,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/09 21:38:49 | 000,651,598 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/09 21:38:49 | 000,119,404 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/09 13:16:44 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/08 08:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/08 05:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/01 19:26:37 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
[2013/06/01 16:12:28 | 000,001,520 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2013/05/25 14:40:42 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Users\Tornado15550\Desktop\*.tmp files -> C:\Users\Tornado15550\Desktop\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/06/20 19:34:52 | 005,101,344 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/06/20 19:33:11 | 000,000,101 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/06/20 19:26:08 | 000,006,456 | ---- | C] () -- C:\Users\Tornado15550\Desktop\SecurityCheck.exe
[2013/06/20 19:25:25 | 000,648,201 | ---- | C] () -- C:\Users\Tornado15550\Desktop\adwcleaner.exe
[2013/06/20 12:15:45 | 000,017,637 | ---- | C] () -- C:\Users\Tornado15550\Desktop\954835_562911013756807_1143966030_n.jpg
[2013/06/19 22:49:07 | 002,946,533 | ---- | C] () -- C:\Users\Tornado15550\Desktop\PC.gif
[2013/06/14 20:59:32 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/06/14 20:59:32 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/06/14 16:35:08 | 015,789,224 | ---- | C] () -- C:\Users\Tornado15550\Desktop\Special Effects.mp4
[2013/06/11 19:26:02 | 015,043,361 | ---- | C] () -- C:\Users\Tornado15550\Desktop\04 puremath30 released items 2009 final.pdf
[2013/06/11 19:25:54 | 016,073,080 | ---- | C] () -- C:\Users\Tornado15550\Desktop\03 puremath released 2010-11.pdf
[2013/06/11 19:25:51 | 016,309,297 | ---- | C] () -- C:\Users\Tornado15550\Desktop\04 puremath released 2011-12.pdf
[2013/06/09 13:16:44 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/01 19:26:37 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
[2013/06/01 19:26:37 | 000,002,212 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
[2013/06/01 19:26:37 | 000,002,051 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
[2013/06/01 19:26:37 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
[2013/06/01 16:38:48 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013/06/01 16:12:28 | 000,001,532 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2013/06/01 16:12:28 | 000,001,520 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2013/05/25 14:40:42 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/05/03 22:44:08 | 000,000,037 | -HS- | C] () -- C:\Users\Tornado15550\AppData\Local\70149b02515b3bb20dd492.47983420
[2013/04/20 16:50:33 | 000,000,288 | ---- | C] () -- C:\Users\Tornado15550\AppData\Roaming\.backup.dm
[2013/04/02 01:43:14 | 000,431,253 | ---- | C] () -- C:\ProgramData\1364887896.bdinstall.bin
[2013/04/02 00:37:12 | 000,217,799 | ---- | C] () -- C:\ProgramData\1364884532.bdinstall.bin
[2013/04/02 00:15:59 | 000,371,787 | ---- | C] () -- C:\ProgramData\1364883133.bdinstall.bin
[2013/03/31 03:09:07 | 000,744,646 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/31 01:45:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/03/02 16:06:29 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/02/14 16:08:43 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013/02/14 16:08:43 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2012/11/28 15:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/11/28 15:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/11/28 15:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/11/28 15:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/09 20:44:41 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2012/03/10 23:10:10 | 000,213,676 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/02/18 22:55:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/12/10 15:57:17 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\PCProxyOff.ini
[2011/12/10 15:56:58 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\VistaInfo32.dll
[2011/07/24 12:01:55 | 000,000,158 | ---- | C] () -- C:\Windows\wininit.ini
[2011/07/01 14:33:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 23:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 22:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2013/06/18 21:24:02 | 000,000,000 | ---D | M] -- C:\Users\Tornado15550\AppData\Roaming\.minecraft
[2013/05/05 17:10:56 | 000,000,000 | ---D | M] -- C:\Users\Tornado15550\AppData\Roaming\MetaGeek
[2013/06/18 20:06:52 | 000,000,000 | ---D | M] -- C:\Users\Tornado15550\AppData\Roaming\Minecraft Version Changer
[2013/02/16 00:06:42 | 000,000,000 | ---D | M] -- C:\Users\Tornado15550\AppData\Roaming\New Technology Studio
[2013/03/31 02:19:18 | 000,000,000 | ---D | M] -- C:\Users\Tornado15550\AppData\Roaming\PCDr
[2013/06/01 17:12:28 | 000,000,000 | ---D | M] -- C:\Users\Tornado15550\AppData\Roaming\PDAppFlex
[2013/03/23 20:06:26 | 000,000,000 | ---D | M] -- C:\Users\Tornado15550\AppData\Roaming\QuickScan
[2013/05/30 17:29:46 | 000,000,000 | ---D | M] -- C:\Users\Tornado15550\AppData\Roaming\r2 Studios
[2013/04/02 01:00:01 | 000,000,000 | ---D | M] -- C:\Users\Tornado15550\AppData\Roaming\Telus
[2013/03/31 02:19:22 | 000,000,000 | ---D | M] -- C:\Users\Tornado15550\AppData\Roaming\TELUS security services
[2013/03/31 02:19:22 | 000,000,000 | ---D | M] -- C:\Users\Tornado15550\AppData\Roaming\TP
[2013/06/20 13:23:28 | 000,000,000 | ---D | M] -- C:\Users\Tornado15550\AppData\Roaming\uTorrent
[2013/04/05 18:28:05 | 000,000,000 | ---D | M] -- C:\Users\Tornado15550\AppData\Roaming\Windows Live Writer

[color=#E56717]========== Purity Check ==========[/color]


Tornado15550

join:2012-12-16
Canada

Extras.txt:
OTL Extras logfile created on: 20/06/2013 7:40:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tornado15550\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.87 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 57.95% Memory free
7.73 Gb Paging File | 5.77 Gb Available in Paging File | 74.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 351.01 Gb Total Space | 66.71 Gb Free Space | 19.01% Space Free | Partition Type: NTFS
Drive G: | 100.00 Gb Total Space | 31.87 Gb Free Space | 31.87% Space Free | Partition Type: NTFS

Computer Name: TORNADO15550-PC | User Name: Tornado15550 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0737A7E5-4901-4A08-9902-63AC95A544F8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3E7F3DC1-A45A-45C8-821E-FFD35CC4A35F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5EE026A4-50BA-474B-980A-44463C8213D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{684AD134-622C-4C92-93E8-D794CD32EF6C}" = lport=49171 | protocol=6 | dir=in | name=akamai netsession interface |
"{69D03B7B-ECF4-47D5-9EF1-A311B53984A4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75253BD4-AC74-4E31-A13A-EFA60D3CD455}" = rport=10243 | protocol=6 | dir=out | app=system |
"{88F161A0-1F63-42E8-9E40-E541C7A7284A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{960815B3-F92C-4059-88F6-F34F73A5399C}" = lport=52028 | protocol=6 | dir=in | name=akamai netsession interface |
"{A21B1468-B7A3-4044-87E9-502AB9979509}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD309DCE-7DC6-49B9-BCD8-BB04D64E3426}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{B0231031-AE48-4229-AEAE-E6C90CEC521D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{BF1A53F8-F03A-4FF5-BDCC-BEE9A2129B84}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BFED0D3D-D8CE-42FC-80C1-E0F2FBD58FBC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{C19CC1B7-01E0-4521-AB2F-6EC020F7E727}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CC22C6A7-CB88-4B8D-A5C4-4B8DC006E227}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF428D84-4DE4-4CB7-BD68-EF43277CA98A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D9D95546-BCBE-4F59-B718-B3F898967C77}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EA3A207C-3D1D-400F-AA0F-DFC2753EA6A7}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{F05838D5-8BCF-44C5-BE55-F8F793046A08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1334C792-9334-4793-8331-9DC4F94FD984}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{296FA7EB-FBFD-407C-9AE6-DC0FFB10F395}" = protocol=17 | dir=in | app=e:\Tornado15550\games\nwfldr\eflc\launcheflc.exe |
"{44BFF8F1-1688-4D45-8DC5-386D5E88D73D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{496FA06E-D5F1-4532-AECC-E96D2BD57F1A}" = protocol=17 | dir=in | app=c:\users\Tornado15550\appdata\roaming\utorrent\utorrent.exe |
"{4C91DD34-6807-4C31-A6F6-015C25CD6BA2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{553AB161-40B7-4A4F-ACF1-385A2939E737}" = protocol=17 | dir=in | app=e:\Tornado15550\games\nwfldr\iv\game\grand theft auto iv\launchgtaiv.exe |
"{5654735D-63D6-4D41-9AC6-3BDF81D23CE6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{57558C05-0F93-48D1-9081-4AB8CA6DBB91}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{594F9D89-33DE-47DB-AF2F-C3E48603214F}" = protocol=6 | dir=in | app=c:\program files (x86)\telus\security advisor\5.5.12.650\telus_servicepointservice.exe |
"{647B680A-266C-4C09-90C0-2227AB4A2096}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{6B10CEA9-633D-40E6-8D46-17C542708A26}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7185150E-AF08-4B29-987B-E1387B703AA2}" = dir=out | app=%programfiles% (x86)\apple software update\softwareupdate.exe |
"{73521F54-3C42-4FC0-9020-E32354AE1A8C}" = dir=in | app=%programfiles% (x86)\apple software update\softwareupdate.exe |
"{7554FBF3-9F89-4403-8664-54759F0C3FC4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7A5A6085-2B51-42A0-818E-56D59E634D8E}" = protocol=17 | dir=in | app=c:\program files (x86)\telus\security advisor\5.5.12.650\telus_servicepointservice.exe |
"{7C7EED20-4287-4937-94EC-28E54CA76478}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{7F1CC0DA-95C8-4601-9668-B6067D36D64F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{80675670-380A-44C8-8234-A6D3A9EA2C11}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{82904775-D194-4B8A-AC9F-8A8B2F68BC18}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{83229D12-DD8A-4A20-8653-98D259DB7232}" = dir=out | app=%programfiles% (x86)\itunes\ituneshelper.exe |
"{9359D63E-9DDA-4B73-933E-89E3AE22803C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{9F2376EA-84E8-4614-A8A1-058312BEDF8C}" = dir=in | app=%programfiles% (x86)\itunes\ituneshelper.exe |
"{A9594839-AAE9-4BEF-9367-120FDFC99ABB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2393FD3-F1F7-4E40-AADB-EF3634D93494}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7A9F8B8-4A14-4931-A997-EE3107BD0468}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{BB2567C7-9A9B-4CF2-9CD9-4CE7F0437A53}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BE01CA41-C652-4D0C-BA3D-F2FB855EB0F1}" = protocol=6 | dir=in | app=e:\Tornado15550\games\nwfldr\iv\social club\rockstar games social club\rgsclauncher.exe |
"{BF555D14-5AEB-4CE5-8AD5-75E39363AABE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{C492BC07-3073-4E6A-A703-2E60D90B376C}" = protocol=6 | dir=in | app=e:\Tornado15550\games\nwfldr\iv\game\grand theft auto iv\launchgtaiv.exe |
"{C6673791-2053-4C2C-B131-209F17E37EAF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D0D56F8C-AD6C-4385-840D-8B8E6232BB88}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{D26074A4-216D-4A7E-94BB-8FEA76692FFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF7FB500-D17A-4BFD-BE50-26E71B15CF90}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E149F4FA-BA16-4766-9AB4-37979DEC3BA6}" = protocol=17 | dir=in | app=e:\Tornado15550\games\nwfldr\iv\social club\rockstar games social club\rgsclauncher.exe |
"{E1A7BD1C-65DB-4903-AC41-2D3161FD5526}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E1B44A14-948B-4498-8A11-680096823758}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4E56DDD-40D6-49E6-B5A2-B86FD13BDEE2}" = protocol=6 | dir=out | app=system |
"{EB9159C5-DC45-4DD3-B9E3-F93E5A3D007A}" = protocol=6 | dir=in | app=e:\Tornado15550\games\nwfldr\eflc\launcheflc.exe |
"{EF0AE2E0-E553-419D-B57C-7D8052FC965F}" = protocol=6 | dir=in | app=c:\users\Tornado15550\appdata\roaming\utorrent\utorrent.exe |
"{F7BA1BC4-D131-4881-98BD-6958A8363FEA}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{FD79DDDE-323F-4D1C-BA30-FD1E01FE0E9B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{2BC2FD98-EC53-438B-AFB0-82BA86F27C47}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"TCP Query User{3D123B5F-28EB-4186-B909-FB6B0AF8AD03}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{A4FB83CF-5164-420C-A3FE-AC682B776D67}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{B11D9964-737A-443A-8A0D-CE769B6EF18F}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{DACD5676-488B-4B7F-BA40-D3ECC587E8EA}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{275A801E-BF33-4839-B061-09D24AB491FE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{9EDA8339-0635-4A7C-A4A2-7D6470AAD328}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"UDP Query User{ABE41A6B-F16F-4E6A-A53A-18D9A49D7855}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{EFC16F4C-A028-40FA-A6A5-22C92C6C700E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{FED5BA24-AD76-4F07-A114-EF23583C19B1}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC5
"{0B591597-EE32-F353-ECAA-FB4F58474691}" = ATI AVIVO64 Codecs
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{20150000-008C-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{23170F69-40C1-2702-0930-000001000000}" = 7-Zip 9.30 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{2CD475B3-D547-44F1-A8CB-9323240139E4}" = Adblock Plus for IE (32-bit and 64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{50150000-007E-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F59A8AC-1D7B-8578-38F7-8F5166FA8580}" = ccc-utility64
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF5745D9-C0A7-4D40-2900-AD093F232827}" = ATI Catalyst Install Manager
"2e730c18-03e8-4d1d-8fc2-0ee3ea04a765" = Shotty - Tiny but impressive screenshot utility
"AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
"CCleaner" = CCleaner
"DW WLAN Card Utility" = DW WLAN Card Utility
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"PC-Doctor for Windows" = Dell Support Center
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TELUS security services" = TELUS security services
"xy-VSFilter (64-bit)_is1" = xy-VSFilter 3.0.0.211 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0029483A-811E-490D-8669-B0DDED74584B}" = RPS CRT
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{1B2BDFB3-3786-A62F-F498-83F9EE3FBD0F}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F9D123D-2850-494B-AAA0-24492F70C4A4}" = RPS CRT
"{20068980-5702-5CA7-F335-6592852F7F59}" = CCC Help Italian
"{23D3F585-AE29-4670-8E3E-64A0EFB29240}" = Adobe Acrobat XI Pro
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{3D6F16CA-13B8-6425-A71A-B91DB3E14F51}" = CCC Help Danish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B3230C5-F069-416B-9169-1B84A216ED6A}" = Dell Digital Delivery
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{4DE43CB4-9FB5-82E1-780C-9D38E2F1391E}" = CCC Help Dutch
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1" = Craften Terminal 3.3.4897.28268
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038702}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038703}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038704}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{597BBBD5-8A69-CF88-2DE3-67194CE5C071}" = Catalyst Control Center Graphics Previews Common
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{7677040A-E5AA-998C-8810-59F0B5D3E0A8}" = Catalyst Control Center InstallProxy
"{76F7F2AC-EFC0-4DB4-9B21-9A9DA0B028C3}" = CoreTempMC
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CC90569-A7DB-5EA0-A9FE-0C5799A28B11}" = CCC Help Chinese Traditional
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DEB7DD7-FC6D-76C6-712D-40968A736963}" = CCC Help Swedish
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{92531F24-21E5-C8EC-30E6-D56536FD61C7}" = CCC Help Finnish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BC422FB-175A-0191-C141-B8B453DAF06E}" = Catalyst Control Center Graphics Previews Vista
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1C21906-351B-685E-7263-A4C30DF381E0}" = CCC Help German
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}" = inSSIDer 3
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AB6EE148-B13E-C19D-2732-CD0EB23C39B8}" = CCC Help Portuguese
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BE6A55A2-C71F-57DD-E498-7B8F317C0E15}" = ccc-core-static
"{C53BCCBE-9268-4C09-82E9-611444A73B3F}" = Dell DataSafe Online
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{CDF246AE-C6E3-438F-AA76-21700DCC15F6}" = inSSIDer 3
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D11D2A79-78FA-EA15-CC16-8F24817EAED2}" = CCC Help Korean
"{D165A6B1-6985-072E-969E-333D759D6777}" = CCC Help Spanish
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DF28B648-9636-5DE8-A072-54A5323B0CDA}" = CCC Help Norwegian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E8DEB138-8DAC-EB25-87CE-D38A2C1C35CE}" = CCC Help French
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F393B7C2-136F-2956-30A3-1099C8394B51}" = CCC Help Chinese Standard
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{F6F4AF75-109A-638B-80D5-87283B00CD5E}" = Catalyst Control Center Localization All
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F91BF1B5-4213-440C-8539-C6EB2F1D1734}" = Dell Digital Delivery
"{FB46EFDE-44F4-83F1-3044-68F5E95E3D4E}" = CCC Help English
"{FBCCCFB0-D89D-C91F-B9B1-8AB1760C1DD0}" = CCC Help Russian
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Dell Webcam Central" = Dell Webcam Central
"lavfilters_is1" = LAVFilters-0.57-39-gb0ee243
"mIRC" = mIRC
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Radialpoint_8_Spd_is1" = TELUS security advisor 5.5.12
"TELUS" = TELUS Support Centre
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 15/06/2013 9:06:26 PM | Computer Name = Tornado15550-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 15/06/2013 9:06:26 PM | Computer Name = Tornado15550-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 15/06/2013 9:06:26 PM | Computer Name = Tornado15550-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 15/06/2013 9:06:26 PM | Computer Name = Tornado15550-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 15/06/2013 9:06:26 PM | Computer Name = Tornado15550-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 15/06/2013 9:06:26 PM | Computer Name = Tornado15550-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 15/06/2013 9:06:26 PM | Computer Name = Tornado15550-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 15/06/2013 9:27:42 PM | Computer Name = Tornado15550-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: msi.dll, version: 5.0.7601.17807, time
stamp: 0x4f80321a Exception code: 0xc0000005 Fault offset: 0x00000000001ec1e6 Faulting
process id: 0x12dc Faulting application start time: 0x01ce6a30715c9ce6 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\msi.dll Report
Id: f0560af6-d623-11e2-8576-ca5b7190f33b

Error - 16/06/2013 2:20:37 AM | Computer Name = Tornado15550-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: msi.dll, version: 5.0.7601.17807, time
stamp: 0x4f80321a Exception code: 0xc0000005 Fault offset: 0x00000000001ec1e6 Faulting
process id: 0x10e0 Faulting application start time: 0x01ce6a53c6c1248b Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\msi.dll Report
Id: db94ad95-d64c-11e2-b566-ac365e287737

Error - 19/06/2013 2:24:01 AM | Computer Name = Tornado15550-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 21.0.0.4879, time
stamp: 0x518ec3cc Faulting module name: xul.dll, version: 21.0.0.4879, time stamp:
0x518ec306 Exception code: 0xc0000005 Fault offset: 0x001c9789 Faulting process id:
0x1ab8 Faulting application start time: 0x01ce6ca45f2ba2cb Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\xul.dll Report Id: d4a01622-d8a8-11e2-8aa7-86393e26dd32

Error - 20/06/2013 8:48:28 PM | Computer Name = Tornado15550-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not open the EventSystem service for query.

System
Error: Element not found. .

Error - 20/06/2013 8:52:11 PM | Computer Name = Tornado15550-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not open the EventSystem service for query.

System
Error: Element not found. .

[ Broadcom Wireless LAN Events ]
Error - 31/03/2013 4:34:41 AM | Computer Name = Tornado15550-PC | Source = WLAN-Tray | ID = 0
Description = 02:34:39, Sun, Mar 31, 13 Error - Unable to gain access to user store

Error - 31/03/2013 12:04:50 PM | Computer Name = Tornado15550-PC | Source = WLAN-Tray | ID = 0
Description = 10:04:50, Sun, Mar 31, 13 Error - Unable to switch user context, authentication
information not set correctly

Error - 31/03/2013 12:05:16 PM | Computer Name = Tornado15550-PC | Source = WLAN-Tray | ID = 0
Description = 10:05:16, Sun, Mar 31, 13 Error - Unable to get current user admin
status

Error - 17/04/2013 9:06:46 PM | Computer Name = Tornado15550-PC | Source = WLAN-Tray | ID = 0
Description = 19:06:40, Wed, Apr 17, 13 Error - Unable to gain access to user store

Error - 19/04/2013 2:17:42 PM | Computer Name = Tornado15550-PC | Source = WLAN-Tray | ID = 0
Description = 12:17:42, Fri, Apr 19, 13 Error - Unable to gain access to user store

Error - 29/04/2013 9:57:53 PM | Computer Name = Tornado15550-PC | Source = WLAN-Tray | ID = 0
Description = 19:57:53, Mon, Apr 29, 13 Error - Unable to gain access to user store

Error - 11/06/2013 4:34:33 PM | Computer Name = Tornado15550-PC | Source = WLAN-Tray | ID = 0
Description = 14:34:30, Tue, Jun 11, 13 Error - Unable to gain access to user store

[ Dell Events ]
Error - 10/09/2011 9:58:11 PM | Computer Name = Tornado15550-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 17/09/2011 2:49:14 PM | Computer Name = Tornado15550-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 17/09/2011 2:49:14 PM | Computer Name = Tornado15550-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 17/09/2011 2:52:06 PM | Computer Name = Tornado15550-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 17/09/2011 2:52:06 PM | Computer Name = Tornado15550-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 17/09/2011 4:47:28 PM | Computer Name = Tornado15550-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 17/09/2011 4:47:28 PM | Computer Name = Tornado15550-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 17/09/2011 8:15:45 PM | Computer Name = Tornado15550-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 17/09/2011 8:15:45 PM | Computer Name = Tornado15550-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 18/02/2013 12:12:26 AM | Computer Name = Tornado15550-PC | Source = DataSafe | ID = 3
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 16/05/2013 9:11:53 PM | Computer Name = Tornado15550-PC | Source = MCUpdate | ID = 0
Description = 7:11:53 PM - Failed to retrieve NetTV (Error: The request failed with
HTTP status 403: Forbidden.)

Error - 16/05/2013 9:12:01 PM | Computer Name = Tornado15550-PC | Source = MCUpdate | ID = 0
Description = 7:11:54 PM - Failed to retrieve Broadband (Error: The request failed
with HTTP status 403: Forbidden.)

Error - 16/05/2013 10:12:29 PM | Computer Name = Tornado15550-PC | Source = MCUpdate | ID = 0
Description = 8:12:29 PM - Failed to retrieve SportsSchedule (Error: The request
failed with HTTP status 403: Forbidden.)

Error - 16/05/2013 10:12:43 PM | Computer Name = Tornado15550-PC | Source = MCUpdate | ID = 0
Description = 8:12:43 PM - Failed to retrieve NetTV (Error: The request failed with
HTTP status 403: Forbidden.)

Error - 16/05/2013 10:12:46 PM | Computer Name = Tornado15550-PC | Source = MCUpdate | ID = 0
Description = 8:12:43 PM - Failed to retrieve Broadband (Error: The request failed
with HTTP status 403: Forbidden.)

Error - 16/05/2013 11:12:53 PM | Computer Name = Tornado15550-PC | Source = MCUpdate | ID = 0
Description = 9:12:52 PM - Failed to retrieve SportsSchedule (Error: The request
failed with HTTP status 403: Forbidden.)

Error - 16/05/2013 11:12:53 PM | Computer Name = Tornado15550-PC | Source = MCUpdate | ID = 0
Description = 9:12:53 PM - Failed to retrieve NetTV (Error: The request failed with
HTTP status 403: Forbidden.)

Error - 16/05/2013 11:12:56 PM | Computer Name = Tornado15550-PC | Source = MCUpdate | ID = 0
Description = 9:12:53 PM - Failed to retrieve Broadband (Error: The request failed
with HTTP status 403: Forbidden.)

Error - 30/05/2013 7:23:45 PM | Computer Name = Tornado15550-PC | Source = MCUpdate | ID = 0
Description = 5:23:45 PM - Error connecting to the internet. 5:23:45 PM - Unable
to contact server..

Error - 30/05/2013 7:23:55 PM | Computer Name = Tornado15550-PC | Source = MCUpdate | ID = 0
Description = 5:23:50 PM - Error connecting to the internet. 5:23:50 PM - Unable
to contact server..

[ System Events ]
Error - 20/06/2013 3:48:15 PM | Computer Name = Tornado15550-PC | Source = DCOM | ID = 10016
Description =

Error - 20/06/2013 3:48:43 PM | Computer Name = Tornado15550-PC | Source = DCOM | ID = 10016
Description =

Error - 20/06/2013 3:48:58 PM | Computer Name = Tornado15550-PC | Source = DCOM | ID = 10016
Description =

Error - 20/06/2013 3:49:24 PM | Computer Name = Tornado15550-PC | Source = DCOM | ID = 10016
Description =

Error - 20/06/2013 3:57:36 PM | Computer Name = Tornado15550-PC | Source = DCOM | ID = 10016
Description =

Error - 20/06/2013 4:08:27 PM | Computer Name = Tornado15550-PC | Source = DCOM | ID = 10016
Description =

Error - 20/06/2013 4:08:59 PM | Computer Name = Tornado15550-PC | Source = DCOM | ID = 10016
Description =

Error - 20/06/2013 8:58:19 PM | Computer Name = Tornado15550-PC | Source = Service Control Manager | ID = 7000
Description = The MRESP50a64 NDIS Protocol Driver service failed to start due to
the following error: %%2

Error - 20/06/2013 9:31:17 PM | Computer Name = Tornado15550-PC | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 20/06/2013 9:31:47 PM | Computer Name = Tornado15550-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Checkup.txt:
Results of screen317's Security Check version 0.99.67
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
TELUS security services Anti-Virus
Antivirus up to date! (On Access scanning disabled!)
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Java 7 Update 21
[color=red]Java version out of Date![/color]
Adobe Flash Player 11.7.700.224
Mozilla Firefox (21.0)
[u]````````Process Check: objlist.exe by Laurent````````[/u]
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
[u]````````````````````End of Log``````````````````````[/u]
ESET Online Scan Log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

The online scan detected 2 items from my secondary Windows 8 partition and removed them successfully.


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57

Thanks for the logs....

...we'll have them reviewed soon



Tornado15550

join:2012-12-16
Canada

No problem!



TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

1 recommendation

Hi Tornado15550

Please follow the directions in the order listed.

Please download this tool from AdvancedSetup to your Desktop, double-click on it to run it, and follow any prompts.

http://kixhelp.com/wr/removal_tools/files/PC_Cleaner_Pro_Nuke.exe
 

Please download Junkware Removal Tool to your Desktop.
»www.bleepingcomputer.com/downloa···al-tool/
- Disconnect from the Internet (unplug your connection to your router or modem).
- Please close your security software to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete, depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
- Restart your security software and reconnect to the Internet.
- Please post the contents of JRT.txt into your reply.

Please run Sophos Virus Removal Tool from the directions found here:
»Security Cleanup FAQ »Rootkit Detection Applications

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:
»www.bleepingcomputer.com/combofi···combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).
Please go here to see a list of programs that need to be disabled"
»www.bleepingcomputer.com/forums/···351.html

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**
**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the log at C:\ComboFix.txt in your next reply and note any errors encountered.

Please post the log form the Junkware Removal Tool, the log from Sophos Virus Removal Tool, the log from ComboFix, and note any errors encountered.

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


Tornado15550

join:2012-12-16
Canada

Hi TheJoker,
Thanks for your reply.
I ran all the tools provided. The software still seems to be present in the system.
After running PC Cleaner Pro Nuke, it said removal was successful.
JRT Log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Tornado15550 on 21/06/2013 at 19:45:31.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"

~~~ FireFox

Emptied folder: C:\Users\Tornado15550\AppData\Roaming\mozilla\firefox\profiles\fkuwaog7.default\minidumps [16 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/06/2013 at 19:49:45.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ComboFix Log:
ComboFix 13-06-22.01 - Tornado15550 22/06/2013 0:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3959.1909 [GMT -6:00]
Running from: c:\users\Tornado15550\Desktop\ComboFix.exe
AV: TELUS security services Anti-Virus *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
FW: TELUS security services Firewall *Enabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
SP: TELUS security services Anti-Spyware *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1364883133.bdinstall.bin
c:\programdata\1364884532.bdinstall.bin
c:\programdata\1364887896.bdinstall.bin
c:\programdata\boost_interprocess\20130622001659.109999
c:\programdata\boost_interprocess\20130622001659.109999\Nobu64AgentService2.7.2.25
c:\programdata\boost_interprocess\20130622001659.109999\Nobu64TrayIcon2.7.2.25
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2013-05-22 to 2013-06-22 )))))))))))))))))))))))))))))))
.
.
2013-06-22 06:35 . 2013-06-22 06:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-22 02:10 . 2013-06-22 02:10 -------- d-----w- c:\windows\Sun
2013-06-22 01:56 . 2013-06-22 01:56 -------- d-----w- c:\programdata\Sophos
2013-06-22 01:56 . 2013-06-22 01:56 73728 ----a-r- c:\users\Tornado15550\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-06-22 01:56 . 2013-06-22 01:56 73728 ----a-r- c:\users\Tornado15550\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-06-22 01:56 . 2013-06-22 01:56 73728 ----a-r- c:\users\Tornado15550\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-06-22 01:56 . 2013-06-22 01:56 -------- d-----w- c:\program files (x86)\Sophos
2013-06-22 01:45 . 2013-06-22 01:45 -------- d-----w- c:\windows\ERUNT
2013-06-22 01:45 . 2013-06-22 01:45 -------- d-----w- C:\JRT
2013-06-21 16:53 . 2013-06-21 16:53 -------- d-----w- c:\users\Tornado15550\AppData\Roaming\Malwarebytes
2013-06-21 16:53 . 2013-06-21 16:53 -------- d-----w- c:\programdata\Malwarebytes
2013-06-21 16:53 . 2013-06-21 16:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-21 16:53 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-21 16:43 . 2013-06-21 16:43 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-21 16:43 . 2013-06-21 16:43 -------- d-----w- c:\program files (x86)\Java
2013-06-21 16:41 . 2013-06-21 16:41 312232 ----a-w- c:\windows\system32\javaws.exe
2013-06-21 16:41 . 2013-06-21 16:41 189352 ----a-w- c:\windows\system32\javaw.exe
2013-06-21 16:41 . 2013-06-21 16:41 188840 ----a-w- c:\windows\system32\java.exe
2013-06-21 16:41 . 2013-06-21 16:41 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-21 01:36 . 2013-06-22 06:40 -------- d-----w- c:\programdata\boost_interprocess
2013-06-21 01:33 . 2013-06-21 01:33 101 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-17 06:20 . 2013-06-17 06:20 -------- d-----w- c:\users\Tornado15550\AppData\Local\Windows Live Writer
2013-06-13 05:03 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-13 05:01 . 2013-06-08 12:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-12 05:08 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 05:08 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 05:08 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 05:08 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 05:08 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-09 19:16 . 2013-06-09 19:16 -------- d-----w- c:\program files\iPod
2013-06-09 19:16 . 2013-06-09 19:16 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-09 19:16 . 2013-06-09 19:16 -------- d-----w- c:\program files\iTunes
2013-06-05 02:49 . 2013-06-21 03:11 -------- d-----w- c:\users\Tornado15550\AppData\Roaming\.minecraft
2013-06-01 23:12 . 2013-06-01 23:12 -------- d-----w- c:\users\Tornado15550\AppData\Roaming\PDAppFlex
2013-06-01 22:54 . 2013-06-15 22:40 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-06-01 22:38 . 2013-06-01 22:38 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2013-05-31 00:24 . 2013-05-31 00:24 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-05-26 05:07 . 2013-05-26 05:07 -------- d-----w- c:\programdata\Package Cache
2013-05-25 20:40 . 2013-06-15 03:09 -------- d-----r- c:\program files (x86)\Skype
2013-05-25 20:40 . 2013-05-25 20:40 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-05-24 06:40 . 2013-06-05 02:54 -------- d-----w- c:\program files (x86)\Craften Terminal
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-21 16:43 . 2012-01-16 03:25 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-06-21 16:43 . 2011-06-09 00:33 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-21 16:41 . 2012-01-16 03:27 1093032 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-21 16:41 . 2010-11-21 08:10 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-15 03:16 . 2013-01-26 02:50 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-15 03:16 . 2013-01-26 02:50 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-14 22:42 . 2012-06-10 02:45 106496 ----a-r- c:\users\Tornado15550\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2013-06-14 22:40 . 2012-06-10 02:44 18760 ----a-w- c:\windows\SysWow64\QQVistaHelper.dll
2013-06-13 05:05 . 2013-03-31 10:18 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-13 03:31 . 2013-05-15 01:31 8610696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-31 00:24 . 2012-09-05 15:31 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-05-31 00:24 . 2012-07-29 23:48 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-05-31 00:24 . 2012-07-29 23:48 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-05-17 02:12 . 2013-03-24 07:34 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-05-10 13:31 . 2012-07-17 20:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-15 02:58 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 02:58 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 02:58 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 02:58 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 02:58 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 02:58 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 17:41 . 2013-04-22 03:24 237840 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-04-12 17:41 . 2013-04-12 17:41 131856 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2013-04-12 17:40 . 2013-04-22 03:24 120080 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-04-12 17:40 . 2013-04-12 17:40 204048 ------w- c:\windows\system32\VBoxNetFltNobj.dll
2013-04-12 14:45 . 2013-04-24 02:13 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 02:58 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 02:58 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 02:57 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-06 19:41 . 2013-01-20 05:36 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-04-06 19:41 . 2012-09-02 00:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-04-01 03:49 . 2013-04-01 03:49 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-01 03:49 . 2013-04-01 03:49 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-01 03:49 . 2013-04-01 03:49 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-01 03:49 . 2013-04-01 03:49 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-01 03:49 . 2013-04-01 03:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-01 03:49 . 2013-04-01 03:49 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-01 03:49 . 2013-04-01 03:49 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-01 03:49 . 2013-04-01 03:49 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-01 03:49 . 2013-04-01 03:49 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-01 03:49 . 2013-04-01 03:49 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-01 03:49 . 2013-04-01 03:49 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-01 03:49 . 2013-04-01 03:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-01 03:49 . 2013-04-01 03:49 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-01 03:49 . 2013-04-01 03:49 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-01 03:49 . 2013-04-01 03:49 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-01 03:49 . 2013-04-01 03:49 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-01 03:49 . 2013-04-01 03:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-01 03:49 . 2013-04-01 03:49 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-01 03:49 . 2013-04-01 03:49 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-01 03:49 . 2013-04-01 03:49 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-01 03:49 . 2013-04-01 03:49 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-01 03:49 . 2013-04-01 03:49 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-01 03:49 . 2013-04-01 03:49 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-01 03:49 . 2013-04-01 03:49 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-01 03:49 . 2013-04-01 03:49 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-01 03:49 . 2013-04-01 03:49 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-01 03:49 . 2013-04-01 03:49 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-01 03:49 . 2013-04-01 03:49 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-01 03:49 . 2013-04-01 03:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-01 03:49 . 2013-04-01 03:49 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-01 03:49 . 2013-04-01 03:49 441856 ----a-w- c:\windows\system32\html.iec
2013-04-01 03:49 . 2013-04-01 03:49 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-01 03:49 . 2013-04-01 03:49 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-01 03:49 . 2013-04-01 03:49 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-01 03:49 . 2013-04-01 03:49 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-01 03:49 . 2013-04-01 03:49 235008 ----a-w- c:\windows\system32\url.dll
2013-04-01 03:49 . 2013-04-01 03:49 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-01 03:49 . 2013-04-01 03:49 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-01 03:49 . 2013-04-01 03:49 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-01 03:49 . 2013-04-01 03:49 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-01 03:49 . 2013-04-01 03:49 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-01 03:49 . 2013-04-01 03:49 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-01 03:49 . 2013-04-01 03:49 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-01 03:49 . 2013-04-01 03:49 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-01 03:49 . 2013-04-01 03:49 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-01 03:49 . 2013-04-01 03:49 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-01 03:49 . 2013-04-01 03:49 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-01 03:49 . 2013-04-01 03:49 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-01 03:49 . 2013-04-01 03:49 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-31 20:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-03-31 20:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-03-24 07:34 . 2013-03-24 07:34 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-21 03:00 1725128 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-21 03:00 1725128 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-21 03:00 1725128 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-02 98304]
"TelusSecurityAdvisor"="c:\program files (x86)\Telus\security advisor\5.5.12.650\TelusSecurityAdvisor.exe" [2012-11-02 13836984]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-05-11 3478600]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService8]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys;c:\windows\SYSNATIVE\drivers\fanio.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 gogoTunnelDevice;gogo6 Multi-Virtual Tunnel Adapter;c:\windows\system32\DRIVERS\gogotun.sys;c:\windows\SYSNATIVE\DRIVERS\gogotun.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R4 BdDesktopParental;TELUS security services Desktop Parental Control;c:\program files\TELUS security services\TELUS security services\bdparentalservice.exe;c:\program files\TELUS security services\TELUS security services\bdparentalservice.exe [x]
R4 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\telus security services\telus security services firewall\bdfndisf6.sys;c:\program files\common files\telus security services\telus security services firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\TELUS security services\TELUS security services Firewall\bdfwfpf.sys;c:\program files\Common Files\TELUS security services\TELUS security services Firewall\bdfwfpf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 ServicepointService8;TELUS security advisor Service;c:\program files (x86)\Telus\security advisor\5.5.12.650\Telus_ServicepointService.exe;c:\program files (x86)\Telus\security advisor\5.5.12.650\Telus_ServicepointService.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UPDATESRV;TELUS security services Desktop Update Service;c:\program files\TELUS security services\TELUS security services\updatesrv.exe;c:\program files\TELUS security services\TELUS security services\updatesrv.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-26 03:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-21 02:55 2328776 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-21 02:55 2328776 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-21 02:55 2328776 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"Bdagent"="c:\program files\TELUS security services\TELUS security services\bdagent.exe" [2012-10-23 1333208]
"TELUS_McciTrayApp"="c:\program files\TELUS\McciTrayApp.exe" [2012-06-11 3440640]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Tornado15550\AppData\Roaming\Mozilla\Firefox\Profiles\fkuwaog7.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - ExtSQL: 2013-06-01 19:36; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2013-06-14 21:00; motiveplugin@motive-alcatel-lucent.com; c:\users\Tornado15550\AppData\Roaming\Mozilla\Firefox\Profiles\fkuwaog7.default\extensions\motiveplugin@motive-alcatel-lucent.com
FF - ExtSQL: 2013-06-14 21:01; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Tornado15550\AppData\Roaming\Mozilla\Firefox\Profiles\fkuwaog7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-06-14 21:01; https-everywhere@eff.org; c:\users\Tornado15550\AppData\Roaming\Mozilla\Firefox\Profiles\fkuwaog7.default\extensions\https-everywhere@eff.org
FF - ExtSQL: 2013-06-14 21:09; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run- - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-571293049-2154571509-2473465668-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-571293049-2154571509-2473465668-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-571293049-2154571509-2473465668-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-571293049-2154571509-2473465668-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\AutoKMS\AutoKMS.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Motive\McciContextHookShim.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Java\jre7\bin\javaws.exe
c:\program files (x86)\Java\jre7\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2013-06-22 00:47:23 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-22 06:47
.
Pre-Run: 66,917,150,720 bytes free
Post-Run: 66,360,381,440 bytes free
.
- - End Of File - - 02AD58E5BD66FFA923F8FC973AB230D5
D41D8CD98F00B204E9800998ECF8427E


Tornado15550

join:2012-12-16
Canada
reply to TheJoker

I tried running the Sophos Virus Removal Tool, but it stalled in the middle of scanning. I left it on for a couple of hours but it didn't seem to progress any further. Here is a screenshot of where it got stuck (seems to be stuck on my Windows 8 dualboot partition):




TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

1 recommendation

Please see if you can successfully run Sohpos Virus Removal Tool from Safe Mode.

Please download SystemLook_x64 from one of the links below and save it to your Desktop.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe
 

http://images.malwareremoval.com/jpshortstuff/SystemLook_x64.exe
 

- Double-click SystemLook_x64.exe to run it.
- Copy the content of the following quotebox into the main textfield

quote:
:regfind
cleaner
:filefind
*cleaner*
:folderfind
*cleaner*
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop as SystemLook.txt

Please post the log from Sophos Virus Removal Tool (if you were able to successfully run it), the log from SystemLook, and note any errors encountered.

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


Tornado15550

join:2012-12-16
Canada

Hi TheJoker,
I will run Sophos Virus Removal Tool from Safe Mode and report back.

Here is the SystemLook.txt log:
SystemLook 30.07.11 by jpshortstuff
Log created at 10:28 on 22/06/2013 by Tornado15550
Administrator - Elevation successful

========== regfind ==========

Searching for "cleaner"
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\File MRU]
"Item 3"="[F00000002][T01CE6EB806BE84B0][O00000000]*C:\Users\Tornado15550\Desktop\AdwCleaner[S1].txt"
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Reading Locations\Document 26]
"File Path"="C:\Users\Tornado15550\Desktop\AdwCleaner[S1].txt"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files\CCleaner\CCleaner64.exe"="RUNASADMIN"
[HKEY_CURRENT_USER\Software\Piriform\CCleaner]
[HKEY_CURRENT_USER\Software\Piriform\CCleaner]
"SplitterPositionCleaner"="222"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cclaunch]
@="URL: CCleaner Protocol"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cclaunch\shell\open\command]
@=""C:\Program Files\CCleaner\ccleaner.exe" /%1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24400D16-5754-11d2-8218-00C04FB687DA}]
@="Index Cleaner Prop Bag"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ef4af3a-f726-11d0-b8a2-00c04fc309a4}]
@="Recycle Bin Cleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8369AB20-56C9-11D0-94E8-00AA0059CE02}]
@="Cleaner for Downloaded Program Files"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E6E6079-0CB7-11d2-8F10-0000F87ABD16}]
@="Offline Pages Cleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B0EFD60-F7B0-11D0-BAEF-00C04FC308C9}]
@="Temporary Internet Files Cleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9B48EAC-3ED8-11d2-8216-00C04FB687DA}]
@="Content Indexer Cleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C0E13E61-0CC6-11d1-BBB6-0060978B2AE6}]
@="Data Driven Cleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{24400D16-5754-11d2-8218-00C04FB687DA}]
@="Index Cleaner Prop Bag"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ef4af3a-f726-11d0-b8a2-00c04fc309a4}]
@="Recycle Bin Cleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8369AB20-56C9-11D0-94E8-00AA0059CE02}]
@="Cleaner for Downloaded Program Files"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8E6E6079-0CB7-11d2-8F10-0000F87ABD16}]
@="Offline Pages Cleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B0EFD60-F7B0-11D0-BAEF-00C04FC308C9}]
@="Temporary Internet Files Cleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A9B48EAC-3ED8-11d2-8216-00C04FB687DA}]
@="Content Indexer Cleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C0E13E61-0CC6-11d1-BBB6-0060978B2AE6}]
@="Data Driven Cleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CCleaner64_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CCleaner64_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccleaner.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccleaner.exe]
@="C:\Program Files\CCleaner\CCleaner64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccleaner.exe]
"Path"="C:\Program Files\CCleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Content Indexer Cleaner]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9CAC0E1442B9FD5F42364B48719D1303]
"00000000000000000000000000000000"="C?\Windows\SysWOW64\MASetupCleaner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
"DisplayIcon"="C:\Program Files\CCleaner\CCleaner64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
"DisplayName"="CCleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
"InstallLocation"="C:\Program Files\CCleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
"UninstallString"=""C:\Program Files\CCleaner\uninst.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{311210D8-A810-472B-AF0A-0A144680388B}]
"Path"="\CCleanerSkipUAC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC]
[HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner]
[HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner]
@="C:\Program Files\CCleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AdwCleaner]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\VolumeCaches\Content Indexer Cleaner]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\ccleaner.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\ccleaner.exe]
@="C:\Program Files\CCleaner\CCleaner64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\ccleaner.exe]
"Path"="C:\Program Files\CCleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{24400D16-5754-11d2-8218-00C04FB687DA}]
@="Index Cleaner Prop Bag"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5ef4af3a-f726-11d0-b8a2-00c04fc309a4}]
@="Recycle Bin Cleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{8369AB20-56C9-11D0-94E8-00AA0059CE02}]
@="Cleaner for Downloaded Program Files"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{8E6E6079-0CB7-11d2-8F10-0000F87ABD16}]
@="Offline Pages Cleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9B0EFD60-F7B0-11D0-BAEF-00C04FC308C9}]
@="Temporary Internet Files Cleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A9B48EAC-3ED8-11d2-8216-00C04FB687DA}]
@="Content Indexer Cleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C0E13E61-0CC6-11d1-BBB6-0060978B2AE6}]
@="Data Driven Cleaner"
[HKEY_LOCAL_MACHINE\SYSTEM\BDSandBox\Tornado15550\user\S-1-5-21-571293049-2154571509-2473465668-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files\CCleaner\CCleaner64.exe"="RUNASADMIN"
[HKEY_USERS\S-1-5-21-571293049-2154571509-2473465668-1000\Software\Microsoft\Office\15.0\Word\File MRU]
"Item 3"="[F00000002][T01CE6EB806BE84B0][O00000000]*C:\Users\Tornado15550\Desktop\AdwCleaner[S1].txt"
[HKEY_USERS\S-1-5-21-571293049-2154571509-2473465668-1000\Software\Microsoft\Office\15.0\Word\Reading Locations\Document 26]
"File Path"="C:\Users\Tornado15550\Desktop\AdwCleaner[S1].txt"
[HKEY_USERS\S-1-5-21-571293049-2154571509-2473465668-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files\CCleaner\CCleaner64.exe"="RUNASADMIN"
[HKEY_USERS\S-1-5-21-571293049-2154571509-2473465668-1000\Software\Piriform\CCleaner]
[HKEY_USERS\S-1-5-21-571293049-2154571509-2473465668-1000\Software\Piriform\CCleaner]
"SplitterPositionCleaner"="222"

========== filefind ==========

Searching for "*cleaner*"
C:\Program Files\CCleaner\CCleaner.dat --a---- 88 bytes [21:57 27/03/2013] [04:39 07/12/2012] E381F717674959B989B00D98A6949232
C:\Program Files\CCleaner\CCleaner.exe --a---- 3591960 bytes [14:03 24/05/2013] [14:03 24/05/2013] 518545E8CBD79EBF42891A6066578118
C:\Program Files\CCleaner\CCleaner64.exe --a---- 6154008 bytes [14:03 24/05/2013] [14:03 24/05/2013] E5C50D7F326AC51105B2737D31EEBDDB
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url --a---- 82 bytes [21:23 27/03/2013] [07:20 01/06/2013] 20AAC90EEFD7FCF37027FDE1FCF35214
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk --a---- 842 bytes [21:23 27/03/2013] [07:20 01/06/2013] E98583ACFDDB0327BBD0FE0978D5AF66
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk --a---- 820 bytes [21:23 27/03/2013] [07:20 01/06/2013] 5FF62742D21A17E70765D49C772E15D4
C:\Users\Tornado15550\AppData\Roaming\Microsoft\Office\Recent\AdwCleaner[S1].LNK --a---- 1046 bytes [19:44 21/06/2013] [19:46 21/06/2013] C6C2213EDBD3B749136A2CF1C0BAAEC5
C:\Users\Tornado15550\AppData\Roaming\Microsoft\Windows\Recent\AdwCleanerS1.lnk --a---- 492 bytes [19:56 21/06/2013] [19:56 21/06/2013] 96312B41B65374978FB5670BFF8B5707
C:\Users\Tornado15550\AppData\Roaming\Microsoft\Windows\Recent\AdwCleaner[S1].lnk --a---- 594 bytes [19:36 21/06/2013] [23:47 21/06/2013] 845528738F2CF4B7E9CB621AE334EBAD
C:\Users\Tornado15550\Desktop\adwcleaner.exe --a---- 648201 bytes [01:25 21/06/2013] [01:25 21/06/2013] 4EF33D516F31BEB1C9847D1FDA69375C
C:\Users\Tornado15550\Desktop\AdwCleaner[S1].txt --a---- 1458 bytes [01:33 21/06/2013] [19:56 21/06/2013] 180BE426991AC737CE1BE43B9F5DFEAC
C:\Users\Tornado15550\Desktop\PC_Cleaner_Pro_Nuke.exe --a---- 33280 bytes [01:34 22/06/2013] [01:34 22/06/2013] E89446DF3F16BA5C6B2FA0CE5465C17E
C:\Users\Tornado15550\Pictures\CCleaner.png --a---- 74170 bytes [04:21 25/10/2012] [04:17 25/10/2012] E478F43CC03673864ADD5E4B8AB85190
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url --a---- 82 bytes [21:23 27/03/2013] [07:20 01/06/2013] 20AAC90EEFD7FCF37027FDE1FCF35214
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk --a---- 842 bytes [21:23 27/03/2013] [07:20 01/06/2013] E98583ACFDDB0327BBD0FE0978D5AF66
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk --a---- 820 bytes [21:23 27/03/2013] [07:20 01/06/2013] 5FF62742D21A17E70765D49C772E15D4
C:\Windows\Prefetch\PC_CLEANER_PRO_NUKE.EXE-933905FE.pf --a---- 16360 bytes [01:34 22/06/2013] [01:36 22/06/2013] 334336DCDD6835143FB55789A03A160B
C:\Windows\System32\Tasks\CCleanerSkipUAC --a---- 2774 bytes [21:23 27/03/2013] [21:23 27/03/2013] 12B8EBC4338E5D7788C6F07C6F0A8A90
C:\Windows\SysWOW64\MASetupCleaner.exe --a---- 24576 bytes [21:17 28/11/2012] [21:17 28/11/2012] 2C16CF611C87FAB86B287CFFBA91B647

========== folderfind ==========

Searching for "*cleaner*"
C:\Program Files\CCleaner d------ [21:23 27/03/2013]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner d------ [21:23 27/03/2013]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\CCleaner d------ [21:23 27/03/2013]

-= EOF =-


Tornado15550

join:2012-12-16
Canada
reply to TheJoker

Hi, I ran Sophos Virus Removal Tool from Safe Mode in Windows 7, and it still got stuck trying to scan the Windows folder of my Windows 8 partition. So, no change even with safe mode.



TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

Go to Start > All Programs > Accessories > Command Prompt, and in the window that opens type REGEDIT and hit enter.

When the Registry Editor opens, Click on the small triangle to the left of HKEY_LOCAL_MACHINE (or double-click on the entry) to expand the key. Then do the same thing to expand Software and then expand Wow6432Node. Then write down the name of all the registry keys under Wow6432Node and post them (an export of that key would end up being quite large, so we will settle for just writing them down).
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010



Tornado15550

join:2012-12-16
Canada

Hi,
Here is the list of all the keys under Wow6432Node:
ACE Compression Software
Adobe
AdwCleaner
AMD
AppDataLow
Apple Computer, Inc.
Apple Inc.
ATI
ATI Technologies
Aureal
Autodesk
BcmSetup
CDDB
Classes
Clients
CoreCodec
Creative
Creative Tech
Cyberlink
Cygwin
Data Fellows
Dell
Dell Computer Corporation
Dell Inc.
DivX
DivXNetworks
DT Soft
Eset
IDT
IM Providers
Intel
JavaSoft
JreMetrics
Kaydara
Macromedia
Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware (Trial)
MAXSOFT-OCRON
Microsoft
MimarSinan
Motive
Mozilla
mozilla.org
MozillaPlugins
ODBC
OldTimer Tools
PC-Doctor
Policies
PowerPivot
Radialpoint
Realtek
Realtek Semiconductor Corp.
RegisteredApplications
Roadkil
Roxio
Samsung
Skype
SoftThinks
Sonic
Sophos
Swearware
Symantec
Volatile
W3i
Windows
Xing Technology Corp.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

Double-click SystemLook_x64.exe to run it.
- Copy the content of the following quotebox into the main textfield

quote:
::regfind
Roadkil
:filefind
*Roadkil*
:folderfind
*Roadkil*
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop as SystemLook.txt

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


Tornado15550

join:2012-12-16
Canada

Hi TheJoker,
Here is the log from SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:38 on 23/06/2013 by Tornado15550
Administrator - Elevation successful

No Context: Roadkil

========== filefind ==========

Searching for "*Roadkil*"
No files found.

========== folderfind ==========

Searching for "*Roadkil*"
No folders found.

-= EOF =-



TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

Please try again, you were successful for the last two terms, but may have missed a colon for the first search.

Double-click SystemLook_x64.exe to run it.
- Copy the content of the following quotebox into the main textfield

quote:
::regfind
Roadkil
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop as SystemLook.txt

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


Tornado15550

join:2012-12-16
Canada

Hi,
I apologize. I've run SystemLook again, as requested.
Here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 13:06 on 23/06/2013 by Tornado15550
Administrator - Elevation successful

No Context: Roadkil

-= EOF =-



TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

1 recommendation

My error, that should only contain one colon, so let's redo that one.

Double-click SystemLook_x64.exe to run it.
- Copy the content of the following quotebox into the main textfield

quote:
:regfind
Roadkil
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop as SystemLook.txt
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


Tornado15550

join:2012-12-16
Canada

Hi, no problem!
Here is the log:
SystemLook 30.07.11 by jpshortstuff
Log created at 13:26 on 23/06/2013 by Tornado15550
Administrator - Elevation successful

========== regfind ==========

Searching for "Roadkil"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Roadkil]

-= EOF =-



TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

I really don't see anything else that I can identify. We've searched the registry for every instance of "clean", and don't see anything that's not realted to a legitimate program.

Let's see what this scanner finds. The instructions may be outdated.

* In Internet Explorer, Click here to use the F-Secure Online Scanner
- Then click the Run Now button below.
- You should get a notification to install an ActiveX control. Click on it and select to install the ActiveX control.
- Once the ActiveX control is installed, you should accept the License terms by clicking OK below to start the scan.
- Click the Full System Scan button.
- It will start to download scanner components and databases; this can take a while.
- The main scan will start.
- When the scanner is finished scanning, click the Automatic cleaning (recommended) button
- If your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
- The cleaning can take a while, so please be patient.
- Then click the Show report button and copy and paste what's present under Results in your next reply.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010



Tornado15550

join:2012-12-16
Canada

Hi TheJoker,
I've run the F-Secure Online Scanner.
It seems to have changed a little bit as there was just a 'Scan now' option instead of a Full System Scan.
After the scan was over, I saw this screen, where there was no Show report or Results option:




TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

The problem may be with the WMI service, as apparently Windows 7 Action center uses that rather than registry entries. There is this utility that you may find useful:
»technet.microsoft.com/en-us/libr···265.aspx

The page says it's version 2.0, and compatible with up to Windows Vista, but when you click the link for Microsoft Downloads Center you find it's really verson 2.1 and has been updated for Windows 7.

See the instructions for checking the report it produces:

quote:
What Do I Do When the Utility Finishes?

Once the WMI Diagnosis Utility finishes you should examine the log file. To be honest, much of the log file will be of little use to you: it’s simply a blow-by-blow account of each test that the tool ran. Instead, you should open the log file and search for the WMI REPORT: BEGIN section of the file. The report section provides a summary of the tests run by the tool.
quote:
Errors will usually be accompanied by suggested ways to try and fix the problem:
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


Tornado15550

join:2012-12-16
Canada

downloadWMIDIAG-V2.1···_19.27.0 2,630,073 bytes
(WMIDIAG-V2.1_WIN7_.CLI.SP1.64_TORNADO15550-PC_2013.06.24_19.27.03.LOG)
Hi, and thanks again for your reply.
Here is the log that was created by the WMI service.
Since the log was too big, I decided to post it as an attachment.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

1 recommendation

Was that run as administrator? I see errors in the log due to insufficient access.

You don't have any malware installed at this point, and the error may be a WMI error (Windows error). I recommend you ask for more expert assistance in »Microsoft and refer to this topic.

Go to start > run and copy and paste the next command in the field:
ComboFix /uninstall
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, implement some cleanup procedures, and reset System Restore points.

Double click OTL.exe that you downloaded earlier.

[*]Click the CleanUp button.
[*]Select Yes when the "Begin cleanup Process?" prompt appears.
[*]If you are prompted to reboot during the cleanup, select Yes.
[*]The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

The following tools may not have been removed by OTL Cleanup. If still there, you can delete them, and any logs they created:

AdwCleaner
Junkware Removal Tool
SystemLook_x64

Sophos Virus Removal Tool and F-Secur Online Scanner can be uninstalled from Control Panel's Programs and Features.

I recommend reading »Security Cleanup FAQ »How do I prevent Browser Hijacks and Spyware?
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010



Tornado15550

join:2012-12-16
Canada

2 edits

Hi, I was able to remove PC Cleaner PRO from Action Center.
Here are the steps to remove it (if anyone may encounter this problem in the future):
1) Right-click on Computer

2) Click on Manage

3) Click on the plus sign(+) next to Services and Applications in the left-hand column

4) Click on Services

5) Find the service called Windows Management Instrumentation, right-click on it, and choose Stop.

6) Open Computer

7) Double-click on Drive C (or whatever drive Windows is installed on)

8) Double-click on the Windows folder

9) Double-click on System32

10) Double-click on WBEM

11) Right-click on the Repository folder and click Delete and remove it

12) Close the My Computer windows and return to the Windows services screen using steps 1 - 4 shown above

13) Find the service called Windows Management Instrumentation, right-click on it, and choose Start. Restarting this service will rebuild the repository folder information.

14) Restart your computer

After performing these steps, Action Center will stop reporting PC Cleaner PRO in the antivirus category.
Screenshot 1:




Screenshot 2:



I would like to thank you, TheJoker for your help, efforts and time.
Have a good evening!


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

Thanks for your post back that you were able to find a solution.