Jump to content

Malicious Website Blocked and multiple instances of Com Surrogate


cwj9000

Recommended Posts

I've seen several people on this website report a similar problem to the one I am having. I see mutilple instances of the pop-up "Malicious Website Blocked" and there are mutilple "Com Surrogate" processes running. I am running MalwareBytes Premium, however, all scans come back negative. I have also tried HitmanPro, TWSS Killer, GMER, AdwCleaner and junkware. All to no avail. HitmanPro found and quarantined some files but had no effect on infection. Could someone please walk me through the process of eliminating this pest?

Link to post
Share on other sites

Hello cwj9000, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
     

======================================================
 
Please run the following diagnostic scan so I can ascertain the state of your machine.
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 2
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
Link to post
Share on other sites

I cannot download it. I get a security alert dialog box that says: Your current security settings do not allow this files to be downloaded. I have a memory stick that I've had plugged into this laptop. Would it be safe to move it to another PC and download onto it there? Is there a possibility that the malware has jumped to the memory stick?

Link to post
Share on other sites

Hello, 

 

Install Panda USB Vaccine on your other computer. 

 

ypeNg1J.png Panda USB Vaccine

  • Please download Panda USB Vaccine and save the file to your Desktop.
  • Double-click USBVaccineSetup.exe to install the programme.
  • Read and accept the license agreement, then click Next.
  • Upon completion of the setup, ensure Launch Panda USB Vaccine is checked and click Finish.
  • Click the Vaccinate Computer button. It should now show a green checkmark and confirm Computer vaccinated
  • Hold down the Shift key on your keyboard and insert your USB flash/external drive.
  • When the name of the drive appears in the Panda USB Vaccine dialog box, click the Vaccinate USB drive(s) button.
  • Exit the programme when done.

-- Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.

 

  • Once you've followed the instructions above, save the correct FRST version to your USB drive. 
  • Hold down the shift key on your infected PC and insert your USB drive. 
  • Move FRST to your Desktop, remove your USB drive and follow the instructions to run the programme.
Link to post
Share on other sites

Hi Wade, 

 

The combination of Panda USB Vaccine and holding the shift key while inserting your USB drive prevents autorun worm infections.

I very much doubt we are dealing with an autorun worm, so unless you start copying unknown files back and forth you will be fine. 

 

Simply install Panda USB Vaccine on your clean PC, follow the instructions to vaccinate your USB drive, save FRST to your USB drive, hold shift + insert into your infected PC. Move FRST to your Desktop and remove your USB drive. You will be fine if you do this. 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Wade Jones (administrator) on WADEJONES-PC on 22-09-2014 00:57:28
Running from C:\Users\Wade Jones\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [.tluafed** <*>] => C:\Users\Wade Jones\Application Data\{00002370-561E-78C8-5AE6-AF7957FD792B}.ex <===== ATTENTION (Value Name with invalid characters)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-04] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1210981993-433607475-2485315512-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-1210981993-433607475-2485315512-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-29] (Google Inc.)
HKU\S-1-5-21-1210981993-433607475-2485315512-1000\...\MountPoints2: {4e7f34d6-d830-11e0-ad93-005056c00008} - F:\unlock.exe autoplay=true
HKU\S-1-5-21-1210981993-433607475-2485315512-1000\...\MountPoints2: {5628c6d0-1b84-11e3-9f95-a74e58c8e86a} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-1210981993-433607475-2485315512-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x49FAF510690FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6E112A5E-8FAD-4EBE-A1C1-3D1C7D11506F} URL =
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\mcafee\msk\mskapbho.dll ()
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-02-24]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-23] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [220528 2010-08-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [42944 2010-07-28] (http://libusb-win32.sourceforge.net)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-09-19] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
S3 Pci3710; No ImagePath
S3 Pci37xx; No ImagePath
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-01-05] (Duplex Secure Ltd.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 Usb3710; No ImagePath
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [266752 2012-08-26] (Jungo)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2011-06-21] (Xilinx, Inc.)
S3 hitmanpro35; \??\C:\Windows\system32\drivers\hitmanpro36.sys [X]
S3 VICHW11; \??\C:\Windows\SYSTEM32\DRIVERS\VICHW11.SYS [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 00:57 - 2014-09-22 01:21 - 00021350 _____ () C:\Users\Wade Jones\Desktop\FRST.txt
2014-09-22 00:45 - 2014-09-22 01:04 - 00000000 ____D () C:\FRST
2014-09-22 00:41 - 2014-09-21 23:30 - 02105856 _____ (Farbar) C:\Users\Wade Jones\Desktop\FRST64.exe
2014-09-21 22:50 - 2014-09-21 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-21 03:18 - 2014-09-21 03:18 - 00000000 ____D () C:\Windows\system32\SPReview
2014-09-17 23:51 - 2014-09-17 23:51 - 00000000 ____D () C:\SoftThinks
2014-09-17 23:51 - 2014-09-17 23:51 - 00000000 ____D () C:\DataSafeOnline
2014-09-16 14:51 - 2014-09-16 14:51 - 00001867 _____ () C:\Users\Wade Jones\Desktop\AdwCleaner[s0].txt
2014-09-16 10:39 - 2014-09-21 16:27 - 00000000 ____D () C:\AdwCleaner
2014-09-16 02:58 - 2014-09-16 02:58 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 02:33 - 2014-09-16 02:33 - 00443496 _____ () C:\Windows\Minidump\091614-22011-01.dmp
2014-09-15 00:02 - 2014-09-15 00:02 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-09-14 18:05 - 2014-09-14 18:05 - 00007168 __RSH () C:\Users\Wade Jones\AppData\Roaming\{00002370-561E-78C8-5AE6-AF7957FD792B}.exe
2014-09-14 18:05 - 2014-09-14 18:05 - 00000324 _____ () C:\Windows\Tasks\wxs.job
2014-09-14 18:05 - 2014-09-14 18:05 - 00000276 _____ () C:\Windows\Tasks\wsx.job
2014-09-09 23:36 - 2014-09-04 21:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-09 23:36 - 2014-09-04 20:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-30 12:45 - 2014-09-21 19:12 - 441228790 _____ () C:\Windows\MEMORY.DMP
2014-08-30 12:45 - 2014-09-21 19:12 - 00000000 ____D () C:\Windows\Minidump
2014-08-30 12:45 - 2014-08-30 12:45 - 00262144 _____ () C:\Windows\Minidump\083014-20529-01.dmp
2014-08-30 11:17 - 2014-09-21 18:10 - 00006918 _____ () C:\Windows\PFRO.log
2014-08-26 14:15 - 2014-09-22 01:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 14:15 - 2014-09-19 02:49 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-26 14:15 - 2014-08-26 14:15 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-26 14:15 - 2014-08-26 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-26 14:15 - 2014-08-26 14:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-26 14:15 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-26 14:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-24 01:00 - 2014-09-21 22:37 - 00003373 _____ () C:\Windows\setupact.log
2014-08-24 01:00 - 2014-08-24 01:00 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 01:21 - 2014-09-22 00:57 - 00021350 _____ () C:\Users\Wade Jones\Desktop\FRST.txt
2014-09-22 01:21 - 2014-02-11 16:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf27744c0e4e6c.job
2014-09-22 01:18 - 2014-08-26 14:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 01:06 - 2011-08-26 01:50 - 01837756 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 01:04 - 2014-09-22 00:45 - 00000000 ____D () C:\FRST
2014-09-21 23:30 - 2014-09-22 00:41 - 02105856 _____ (Farbar) C:\Users\Wade Jones\Desktop\FRST64.exe
2014-09-21 22:58 - 2009-07-13 23:45 - 00019760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-21 22:58 - 2009-07-13 23:45 - 00019760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-21 22:50 - 2014-09-21 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-21 22:38 - 2011-11-29 01:36 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-21 22:38 - 2011-03-02 23:21 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-09-21 22:38 - 2011-03-02 23:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-09-21 22:38 - 2011-02-24 15:08 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-09-21 22:37 - 2014-08-24 01:00 - 00003373 _____ () C:\Windows\setupact.log
2014-09-21 22:37 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-21 19:12 - 2014-08-30 12:45 - 441228790 _____ () C:\Windows\MEMORY.DMP
2014-09-21 19:12 - 2014-08-30 12:45 - 00000000 ____D () C:\Windows\Minidump
2014-09-21 18:10 - 2014-08-30 11:17 - 00006918 _____ () C:\Windows\PFRO.log
2014-09-21 18:10 - 2011-04-01 00:50 - 00000000 ____D () C:\Users\Wade Jones\AppData\Local\{1997A12F-6433-4E1C-95AF-602619BC229E}
2014-09-21 16:27 - 2014-09-16 10:39 - 00000000 ____D () C:\AdwCleaner
2014-09-21 03:18 - 2014-09-21 03:18 - 00000000 ____D () C:\Windows\system32\SPReview
2014-09-19 16:53 - 2011-02-24 15:05 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-09-19 02:49 - 2014-08-26 14:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-17 23:51 - 2014-09-17 23:51 - 00000000 ____D () C:\SoftThinks
2014-09-17 23:51 - 2014-09-17 23:51 - 00000000 ____D () C:\DataSafeOnline
2014-09-16 14:51 - 2014-09-16 14:51 - 00001867 _____ () C:\Users\Wade Jones\Desktop\AdwCleaner[s0].txt
2014-09-16 02:58 - 2014-09-16 02:58 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 02:33 - 2014-09-16 02:33 - 00443496 _____ () C:\Windows\Minidump\091614-22011-01.dmp
2014-09-15 21:02 - 2009-07-14 00:13 - 00727334 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 21:00 - 2011-02-24 14:45 - 00000000 ____D () C:\ProgramData\Sonic
2014-09-15 15:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-15 00:02 - 2014-09-15 00:02 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-09-14 18:05 - 2014-09-14 18:05 - 00007168 __RSH () C:\Users\Wade Jones\AppData\Roaming\{00002370-561E-78C8-5AE6-AF7957FD792B}.exe
2014-09-14 18:05 - 2014-09-14 18:05 - 00000324 _____ () C:\Windows\Tasks\wxs.job
2014-09-14 18:05 - 2014-09-14 18:05 - 00000276 _____ () C:\Windows\Tasks\wsx.job
2014-09-14 01:03 - 2011-02-24 15:05 - 00000000 ____D () C:\Windows\en
2014-09-10 03:05 - 2014-07-09 03:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 03:05 - 2014-01-06 20:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 03:01 - 2011-03-03 02:22 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-04 21:01 - 2014-09-09 23:36 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 20:55 - 2014-09-09 23:36 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-30 12:45 - 2014-08-30 12:45 - 00262144 _____ () C:\Windows\Minidump\083014-20529-01.dmp
2014-08-26 14:15 - 2014-08-26 14:15 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-26 14:15 - 2014-08-26 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-26 14:15 - 2014-08-26 14:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-25 06:53 - 2011-12-23 03:39 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-24 01:00 - 2014-08-24 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-23 10:22 - 2011-03-27 19:23 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-23 10:22 - 2011-03-27 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-23 10:22 - 2011-03-27 19:23 - 00000000 ____D () C:\Program Files\CCleaner

Some content of TEMP:
====================
C:\Users\Wade Jones\AppData\Local\Temp\gtezacl.dll
C:\Users\Wade Jones\AppData\Local\Temp\kbhmydo.dll
C:\Users\Wade Jones\AppData\Local\Temp\kwiaptc.dll
C:\Users\Wade Jones\AppData\Local\Temp\qcvolpa.dll
C:\Users\Wade Jones\AppData\Local\Temp\Quarantine.exe
C:\Users\Wade Jones\AppData\Local\Temp\raclbfp.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-06 00:55

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by Wade Jones at 2014-09-22 01:48:58
Running from C:\Users\Wade Jones\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Active Boot Disk (HKLM-x32\...\{40007E5C-19C8-4A25-AD70-A99D77D0A7DA}) (Version: 5.3.3 - LSoft Technologies)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.3.300.262 - Adobe Systems Incorporated)
Adobe Reader 9.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CodeWarrior Development Studio for Microcontrollers v10.2 (HKLM-x32\...\CW for MCU v10.2) (Version: 10.2 - Freescale Semiconductor, Inc.)
CodeWright 6.6 (HKLM-x32\...\CodeWright66) (Version:  - )
CodeWright Libraries (HKLM-x32\...\CodeWright Libraries) (Version:  - )
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
CutePDF Printer Setup (HKLM-x32\...\CutePDF Port Monitor) (Version:  - )
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3E8A1ADF-B72C-47FE-85F6-F7A73C487F6C}) (Version: 1.3.31.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.19 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.0.1011 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.0.1011 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Digilent Software (HKLM-x32\...\Digilent Software) (Version: 1.0.189 - Digilent, Inc.)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Freescale MQX 3.8 (HKLM-x32\...\{2E936DED-0236-49A5-BD62-5CE04C63713D}) (Version: 3.8.1 - Freescale)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
Java 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
JTAG Technologies - 3705/USB Driver (HKLM-x32\...\JTAG Technologies - 3705/USB Driver) (Version: 2.8.28.0 - JTAG Technologies)
JTAG Technologies - 37xx/PCI Driver (HKLM-x32\...\JTAG Technologies - 37xx/PCI Driver) (Version: 2.0.0.0 - JTAG Technologies)
JTAG Technologies - 37xx/TSI Driver (HKLM-x32\...\JTAG Technologies - 37xx/TSI Driver) (Version: ${PRODUCT_VDRIVER_ERSION}.0.0 - JTAG Technologies)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
LogicPort (HKLM-x32\...\{B498EC40-04DA-11DD-6784-0B58D97A18BE}) (Version: Build 2364 - Intronix Test Instruments, Inc.)
LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
P&E Device Drivers (HKLM-x32\...\DRIVERS10) (Version:  - )
P&E Device Drivers (HKLM-x32\...\PEDrivers) (Version:  - )
P&E Multilink Universal (HKLM-x32\...\multilink_universal) (Version:  - )
PCB Artist Version 1.5 (HKLM-x32\...\{284A25AA-96B4-449D-BBA0-D0C97A5E213E}) (Version: 1.5 - Advanced Circuits)
PE Micro Kinetis Tower Toolkit (HKLM-x32\...\{70CA3D5D-2395-4396-9326-9DF0D8F98738}) (Version: 1.00 - P&E Microcomputer Systems)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.5.0 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14034.12 - Samsung Electronics Co., Ltd.) Hidden
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.0.1 - Synaptics Incorporated)
TI Connect 1.6 (HKLM-x32\...\{A8B94669-8654-4126-BD28-D0D2412CDED6}) (Version: 1.6 - Texas Instruments Inc)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth  (03/24/2010 6.3.0.2501) (HKLM\...\AF09E130E2FD4D1BEFD1B9132AE624BAE0364719) (Version: 03/24/2010 6.3.0.2501 - Broadcom Corporation)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
Xilinx ISE Design Suite 13.2 (C:\Xilinx\13.2\ISE_DS) (HKLM\...\Xilinx ISE Design Suite 13.2) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1210981993-433607475-2485315512-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

21-09-2014 08:14:31 Windows 7 Service Pack 1

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {099E03C9-7406-4959-8D33-2A64CD7832B1} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
Task: {12CBB998-AE66-42B1-B774-BA33BB244637} - System32\Tasks\{DE9E5672-9B4F-4ED6-8FCE-849749EA1F36} => C:\Fndtn\ACTIVE\exe\PCM.EXE
Task: {2C1700F1-F023-49E7-B3E6-55FE38E73B4D} - System32\Tasks\GoogleUpdateTaskMachineUA1cf27744c0e4e6c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29] (Google Inc.)
Task: {3FD2571A-7944-4142-BA11-F44A643F3C30} - System32\Tasks\{614B6CEC-19DE-48B6-9BF5-8591C530CB82} => C:\Fndtn\ACTIVE\exe\PCM.EXE
Task: {56B2E2F1-82D6-4024-AF01-AD2D286ED914} - System32\Tasks\{F7C9A817-DC7B-4A8A-901D-9047D3C2CDA8} => C:\Fndtn\ACTIVE\exe\PCM.EXE
Task: {762321F0-5616-4C21-B6CE-6A54A1295697} - System32\Tasks\{F29BB5B8-EC69-40B6-84AC-0A4F3B4A3CBD} => C:\Fndtn\ACTIVE\exe\PCM.EXE
Task: {7924005C-A084-4608-85EF-BE022AADBFB4} - System32\Tasks\{D065BD97-7CB3-4C43-9AC3-60CEE69D5BE2} => C:\Fndtn\ACTIVE\exe\PCM.EXE
Task: {8118B493-7722-470F-B0BE-308DC0D5AEFF} - System32\Tasks\{84C0A228-CD8F-4C20-A186-E2F7458A96C5} => C:\Fndtn\ACTIVE\exe\PCM.EXE
Task: {8315D508-2803-4E3E-B6C8-C27F331EC5DD} - System32\Tasks\{2BB78B02-E92F-4355-BDAF-126179F5D3F9} => C:\Fndtn\ACTIVE\exe\PCM.EXE
Task: {97ADC8A7-B6C9-46EC-BDF7-503C32EAA09C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29] (Google Inc.)
Task: {CF8F4BA6-1BE1-446F-BBA4-BB708D8E94CB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {EED51C5D-A1A9-4CC7-A255-251AA9B06345} - System32\Tasks\{72EF76FA-270E-4F46-8C7B-F557996AE929} => C:\Fndtn\ACTIVE\exe\PCM.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf27744c0e4e6c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\wsx.job => C:\Users\Wade Jones\Application Data\{00002370-561E-78C8-5AE6-AF7957FD792B}.exe
Task: C:\Windows\Tasks\wxs.job => C:\Users\Wade Jones\Application Data\{00002370-561E-78C8-5AE6-AF7957FD792B}.exe

==================== Loaded Modules (whitelisted) =============

2011-03-11 23:54 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2009-12-29 15:19 - 2009-12-29 15:19 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-02-24 15:08 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-10-21 17:50 - 2011-10-21 17:50 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-01 11:50 - 2012-02-01 11:50 - 02195824 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-02-09 14:34 - 2010-02-09 14:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2012-02-01 11:50 - 2012-02-01 11:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2012-02-01 11:44 - 2012-02-01 11:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2013-01-10 04:41 - 2013-01-10 04:41 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bc86836625a08b5af8192179aa3709dd\IsdiInterop.ni.dll
2011-02-24 14:20 - 2010-06-08 11:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02966847.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\32438614.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90399895.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02966847.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\32438614.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\90399895.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom Virtual Wireless Adapter
Description: Broadcom Virtual Wireless Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BcmVWL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/21/2014 10:23:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ieframe.dll, version: 9.0.8112.16476, time stamp: 0x51271000
Exception code: 0xc0000005
Fault offset: 0x00000000000af7af
Faulting process id: 0x2604
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/21/2014 07:43:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (09/21/2014 07:43:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (09/21/2014 07:43:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (09/21/2014 07:43:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (09/21/2014 07:43:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (09/21/2014 07:43:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (09/21/2014 07:33:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (09/21/2014 07:33:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (09/21/2014 07:22:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

System errors:
=============
Error: (09/21/2014 10:52:35 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (09/21/2014 10:47:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management & Security Application User Notification Service service hung on starting.

Error: (09/21/2014 10:40:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/21/2014 10:39:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/21/2014 10:34:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (09/21/2014 08:25:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (09/21/2014 08:24:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {44603E4D-56AE-4C42-ABE4-EC155FE8F1CD}

Error: (09/21/2014 07:46:34 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (09/21/2014 07:41:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management & Security Application User Notification Service service hung on starting.

Error: (09/21/2014 07:35:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Microsoft Office Sessions:
=========================
Error: (09/21/2014 10:23:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ieframe.dll9.0.8112.1647651271000c000000500000000000af7af260401cfd60e27ad09b3C:\Windows\System32\svchost.exeC:\Windows\System32\ieframe.dlld6503ab8-4207-11e4-a83d-8a66c2b5296a

Error: (09/21/2014 07:43:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (09/21/2014 07:43:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (09/21/2014 07:43:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (09/21/2014 07:43:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (09/21/2014 07:43:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (09/21/2014 07:43:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (09/21/2014 07:33:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (09/21/2014 07:33:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (09/21/2014 07:22:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

CodeIntegrity Errors:
===================================
  Date: 2013-11-29 14:23:30.040
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-29 14:23:30.040
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-29 14:23:30.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-09 16:57:53.925
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\windrvr6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-09 16:57:53.737
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\windrvr6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-09 16:57:53.565
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\windrvr6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-09 16:57:53.405
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\windrvr6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-05 00:18:57.377
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-05 00:18:57.159
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-05 00:18:54.348
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 89%
Total physical RAM: 3894.68 MB
Available physical RAM: 390.47 MB
Total Pagefile: 7989.48 MB
Available Pagefile: 1072.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:351.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 69534D9A)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Hi Wade, 
 
Please consider the following warning, and let me know how you wish to proceed. 
 

goGMWSt.gifBACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.

If you have used a router, you will need to reset it with a strong logon/password to ensure the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following articles for more information.

Please let me know how you wish to proceed, and if you have any questions.

 

Link to post
Share on other sites

I use this laptop for most of my personal business. Therefore, after reading those links, I am sufficiently spooked enough that I want to reformat and re-install. When I bought the computer, it came with everything installed. I was told to create a repair disk in the event of crash, etc. I did this. I assume that this is what I need to use to restore the computer. Thanks for your help.

Link to post
Share on other sites

OK Wade, this first post details steps I recommend you take before you reformat/restore. 
 
STEP 1
ypeNg1J.pngPanda USB Vaccine

  • Please download Panda USB Vaccine and save the file to your desktop.
  • Double-click USBVaccineSetup.exe to install the programme.
  • Read and accept the license agreement, then click Next.
  • Upon completion of the setup, ensure Launch Panda USB Vaccine is checked and click Finish.
  • Click the Vaccinate Computer button. It should now show a green checkmark and confirm Computer vaccinated.
  • Hold down the Shift key on your keyboard and insert your USB drive.
  • Follow these instructions on how to format your USB drive (this will remove all files on the device).
  • Return to Panda USB Vaccine. When the name of the drive appears in the Panda USB Vaccine dialog box, click the Vaccinate USB drive(s) button.
  • Exit the programme when done.

-- Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
 
 
STEP 2
nSymGHK.pngFolder Options

  • Press the Windows Key + r on your keyboard at the same time. Type Control Folders and click OK.
  • Click View. Under Hidden files and folders:
  • Place a checkmark next to Show hidden files, folders and drives.
  • Remove the checkmark next to Hide extensions for known file types.
  • Click Apply followed by OK.
     

STEP 3
LRQ3fDK.png Backup Data

The safest practice is not to backup any executable files (.exe), screensavers (.scr), dynamic link library (.dll), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml) files because they may be infected by malware. You should also avoid backing up compressed files (.zip, .cab, .rar) that have executables inside as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may disguise itself by hiding a file extension or by adding double file extensions (hence why STEP 2 is important) and/or space(s) in the file's name to hide the real extension, so be sure you look closely at the full file name.

  • Backing up documents, image, music and video is fine.
  • Specially crafted Word/Excel/PDF can be used for malicious intent, so I recommend only backing up such documents that you or other users created (as opposed to downloaded).
  • To repeat, do not backup up files with the following extensions:
.exe, .scr, .bat, .com, .cmd, .msi, .pif, .ini, .htm, .html, .hta, .php, .asp, .xml, .zip, .rar, .cab
  • Once you have decided which files you wish to backup, copy the files over to the USB drive. 
     

STEP 4
CXrghb6.png Download Installation Files
I recommend downloading your Network Adapter drivers before reformatting. This is a precaution in case you experience issues with Internet connectivity after reformatting.

  • Press the Windows Key + r on your keyboard at the same time. Type devmgmt.msc and click OK.
  • Locate Network Adapters and click the corresponding drop-down arrow.
  • Make a note of your Network Adapters.
  • Using this Dell page, enter your relevant product details and locate the Network Adapters you noted down. Save the files to your USB drive. 
     

Download the Anti-Virus installation file of your choice. You need only download the installation file; do not click or open the file. Once downloaded, save the file to your USB drive. You must only install one Anti-Virus after reformatting.

Each paid-for Anti-Virus comes with a free trial if you wish to try the software before purchasing. Alternatively, you may wish to use the trial, and revert to a free anti-virus afterwards. 
 
For a paid solution, my choice of anti-virus is ESET NOD32. For a free solution, my choice of anti-virus is avast!. However, please be aware that there is no universal solution that works for everyone, and there is no single best anti-virus. What works for me may not work for you and your machine. 
 
Once you have downloaded the drivers and the Anti-Virus installation file of your choice, right-click the USB drive in the system-tray, and follow the prompts to safely remove the device. Now remove your USB drive from the computer 
 
 
STEP 5
6YRrgUC.png Paid-for/Premium/Licensed Software
Do you have any paid-for software that was activated using a code or key? If so, ensure you have all relevant information noted down before reformatting. 
 
If you have a Malwarebytes Anti-Malware Premium license, but do not possess your details, follow the instructions below.
 

You cannot look up your Activation ID and Key from the Registry unless you have a previously licensed 1.x version installed.  Fresh installs now encrypt that data so make very sure you have your ID and Key before you proceed.  Previous 1.x PRO versions did store the ID and Key in the following locations of the Registry but a clean fresh install of version 2.0 will not store it in the Registry.
 

Location for Windows x86 32-Bit
HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware
 
Location for Windows x64 64-Bit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware

 
 
If you cannot locate your license activation information in the Registry and no longer have access to your order number you can contact cleverbridge to obtain information about your order including license registration and activation information. Please note that cleverbridge does not offer technical support for any products. They will only provide you with your order information: Contact cleverbridge customer service If you purchased Malwarebytes Anti-Malware from another vendor or reseller and still require the license activation information you will need to contact that vendor or reseller to obtain the information before you proceed otherwise you will not be able to re-activate the product.

 

Link to post
Share on other sites

The following steps explain how you can reformat/restore, setup your machine once done, and safely move your backed up data across. 
 
STEP 6
jUWtJiD.png Reformatting/Restoring
There are several options available.

  • Restore to factory default using your Dell Recovery partition.
  • Reformat using Windows built-in tools.
  • Reformat using Darik's Boot and Nuke (DBAN).

The advantage of using your Recovery partition is that you do not need to reinstall Windows afterwards. The Recovery partition will restore the computer to the state it was before the very first time you switched it on. This is the option I recommend you take. 
 
Before proceeding, double-check you have backed up all the files you need. Now follow these instructions on using your Dell Recovery partition to restore to factory default. Take heed of the warnings provided to you, and take your time as you progress through the various stages. Do not click or agree to anything without first ensuring you've fully read what you're agreeing to. 
 
 
STEP 7
dPS9R8h.png Computer Setup
Before restoring your backed up data, it's important you do the following in the order specified.
 
Confirm Windows Firewall is enabled

  • Press the Windows Key + r on your keyboard at the same time. Type firewall.cpl and click OK.
  • Confirm Windows Firewall is enabled.
  • If not, enable the Firewall.

Install an Anti-Virus

  • Hold the shift key and insert your USB drive. Move the AV installation file to your Desktop. Remove your USB drive.
  • Open the installation file, and follow the prompts to install the Anti-Virus.
  • Once installed, connect to Internet and immediately download the latest updates for the Anti-Virus.
  • Run a scan if you wish to.
  • Note: Avast! requires an active Internet connection during the installation. You must connect to the Internet before starting the installation if you chose avast!.

Install Windows Updates

  • Press the Windows Key + r on your keyboard at the same time. Type wuapp.exe and click OK.
  • Click Check for updates.
  • Install all recommended updates (you may wish to uncheck any optional updates).
  • Do not use the computer whilst updates are installing.

Confirm there are no Issues with...

  • Audio/Sound
  • Battery
  • Display
  • CD/DVD drive
  • Keyboard
  • Mouse
  • Wireless Network

If you find issues with any of the above, do the following.

  • Press the Windows Key + r on your keyboard at the same time. Type devmgmt.msc and click OK.
  • Locate the relevant category, and click the corresponding drop-down arrow.
  • Right-click the relevant driver, and click Uninstall.
  • Follow any prompts.
  • Reboot your computer.
  • Windows should notify you that it has found and installed the driver after the reboot.
  • Confirm if the issue is resolved. 
     

STEP 8
ypeNg1J.png Panda USB Vaccine

  • Install Panda USB Vaccine as instructed in STEP 1. Skip the instructions that proceed Computer vaccinated.
  • I recommend keeping the programme installed for future use. 
     

STEP 9
LRQ3fDK.png Restoring Backed Up Data

  • Hold the shift key and insert your USB drive.
  • Open your Anti-Virus. Run a scan, ensuring you select the option to scan removal media or the drive letter associated with your USB drive.
  • Confirm no threats found.
  • Open Windows Explorer, and navigate to your USB drive. Copy the backed up files to your Desktop, or the location of your choice.
  • Remove your USB drive.
     

STEP 10
CXrghb6.png Install Previously Installed Software
Here are links to some of your previously installed software. I do not recommend installing Java for the reasons below.

Using zANS9oB.png Java is an unnecessary security risk; especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.

Java is one of those technologies that you find installed on the majority of computer systems despite the fact that average users do not come across many Java-powered websites or desktop applications [...] According to W3Techs, only four percent of websites use Java on the server side [...] it is used by 0.2 percent of all websites on the client side. And two tenths of a percent includes sites that do not use it for their core functionality [...] there are sites and applications that require Java, and if you use any of them, you obviously need Java. But that makes you a minority. The majority of Internet users do not need Java. They do not need the Java plugin, nor do they need the Java Runtime Environment installed on their operating system.

Link to post
Share on other sites

Below I have compiled a list of recommend software and resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.
 
STEP 11
CXrghb6.png Recommended Software
The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpg Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) incorporates real-time protection and is designed to run alongside your Anti-Virus. 
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file. 
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xsHjS79L.png.pagespeed.ic.n4Sk8_GzZn.jpg Unchecky automatically removes checkmarks for additional software in programme installers, helping you avoid adware and PUPs. 
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. 
     

Setup on my Windows 8 machine:

  • ESET Smart Security
  • Malwarebytes Anti-Malware Premium
  • Emsisoft Antimalware
  • Sandboxie
  • SpywareBlaster
  • Secunia PSI
  • CCleaner
  • WOT, Adblock & NoScript
     

STEP 12
CALdreV.png Recommended Reading on Preventative Measures and How to Avoid Infection

Please read through the above, and let me know if you have any questions.

Link to post
Share on other sites

Adam,

 

Thank you for the information. I'll get started on this tonight but may take a couple of days to complete. I did have a quick question. For anti-virus software, I've been using McAfee Internet Security bundled free for 5 computers with my Cox Communications plan (I have 4 PC's to protect). Do you have an opinion about McAfee as AV software? I've considered ESET but not sure if it would be any better.

Link to post
Share on other sites

Because of the issue with downloads using the infected PC, I'm going to format,vaccinate and load up the USB stick using my good PC with all download files. I'll then transfer all the noted files, including the USB vaccination program onto the infected PC and proceed from there. Do you think that will be OK?

Link to post
Share on other sites

That sounds fine - but of course, the above doesn't mention backing up files on the infected PC. Are you OK with this? 

 

If you want a full-proof method of backing up your files, I can provide instructions. I must warn you in advance, the process is somewhat cumbersome, and involves booting into a Linux environment. Is this something you'd be interested in? 

Link to post
Share on other sites

I think what you have already given me would probably be fine but I would be willing to try this alternative method if it is more reliable and safe. I think I have most of my most important files already backed up prior to the infection. There shouldn't be that much to backup but I know there are some items that are not backed up as the latest. I need to capture these.

Link to post
Share on other sites

Hello Wade, 
 
The following will ensure your USB drive does not become infected unless you specifically copy over an infected file. The process is however rather cumbersome, and may not be suited for someone who has limited experience with burning an .iso to a CD, modifying BIOS settings and booting into/using a Linux environment. If you don't feel comfortable following the steps below, I recommend you stick to my previous instructions on how to backup data (STEP 3 in my earlier post). 
 
 
These instructions come courtesy of phillpower2 from Geeks To Go, and modified by LiquidTension. 

===================
 
Required Hardware

  • CD Burner (CDRW) Drive
  • Blank CD
  • Extra Storage Device (USB Flash Drive, External Hard Drive)

===================

 

1. Burn Puppy Linux Live CD Using Clean PC

  • Using your clean PC:
  • Open BurnCDCC.
  • Extract All files to a convenient location.  
  • Double-Click 1BurnCDCCIcon.PNGBurnCDCC.
  • Click Browse 2BurnCDCCBrowseButton.PNG and navigate to the Puppy Linux ISO file you downloaded earlier.
  • Double-Click the file.
  • Important: Adjust the speed bar to CD: 4x DVD: 1x.
  • Click Start 3BurnCDCCStartButton.PNG.
  • Your CD Burner Tray will automatically open. 
  • Insert a blank CD and close the tray.
  • Click OK.
  • Your Puppy Linux Live CD will now be created.
     

2. Change BIOS Boot Priority

  • Restart the infected PC.
  • Read the following instructions (scroll down for Dell).
  • Open your CD ROM drive and insert your Puppy Linux Live CD.
  • Press F10 to save and exit.
  • Press Y to continue.
  • Your computer will restart and boot from your Puppy Linux Live CD.
     

3. Recover Your Data
Once Puppy Linux has loaded, it will in your computer's memory (RAM). You will see a fully functioning Graphical User Interface similar to what you consider your "normal computer". Internet access may or may not be available depending on your machine, so it is recommended you print the following instructions or ensure you have access using a different device.
 
Note: Double-clicking is unnecessary in Puppy Linux. To expand, or open folders/icons, a single click is all that is required.
 

3a. Mount Drives

  • Click the Mount located at the top left corner of your Desktop. 5PuppyLinuxMountIcon.PNG
  • A Window will open. By default, the "drive" tab will be forward/highlighted. Click on Mount for your hard drive.
  • Assuming you only have one hard drive and/or partition, there may only be one selection to mount.
  • USB Flash Drives usually automatically mount upon boot, but click the "usbdrv" tab and make sure it is mounted.
  • If using an external hard drive for the data recovery, do this under the "drive" tab. Mount it now.
     

3b. Transfer Files

  • At the bottom left corner of your Desktop a list of all hard drives/partitions, USB Drives, and Optical Drives are listed with a familiar looking hard drive icon.
  • Open your hard drive i.e. sda1
  • Next, open your USB Flash Drive or External Drive. i.e. sdc or sdb1
  • If you open the wrong drive, simply X out at the top right corner of the window that opens (just like in Windows)
  • From your hard drive, drag and drop whatever files/folders you wish to transfer to your USB Drive's Window.

Remember, you need only click once! No double clicking! Once you drag and drop your first folder, you will notice a small menu appear giving you the option to move or copy. Choose COPY each time you drag and drop.

The safest practice is not to backup any executable (.exe), screensavers (.scr), dynamic link library (.dll), autorun (.ini) or script (.php,.asp.htm.html.xml) files because they may be infected by malware. You should also avoid backing up compressed (.zip.cab.rar) files that have executables inside as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may disguise itself by hiding a file extension or by adding double file extensions and/or space(s) in the file's name to hide the real extension, so be sure you look closely at the full file name.

  • Backing up documents, image, music and video is fine.
  • To repeat, do not backup up files with the following extensions:
.exe, .scr, .bat, .com, .cmd, .msi, .pif, .ini, .htm, .html, .hta, .php, .asp, .xml, .zip, .rar, .cab

You are now done! Click Menu > Mouse Over Shutdown > Reboot/Turn Off Computer. Be sure to plug your USB Drive into another working windows machine to verify all data is there and transferred without corruption.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.