Sponsored By

Lou74

Members
  • Content Count

    43
  • Joined

  • Last visited

About Lou74

  • Rank
    Full Member
  1. Chuck, you rock!!! Would you like me to give you a shout out on Powell Valley Exchange? So thankful for your help and expertise
  2. oh my goodness Chuck, the laptop is running much nicer!! I probably need to get it protected now right? An install the up dates and remove the old versions of things? I am starting to get used to how things work lol!! Thank you for all your help so far...as per normal you have been a huge blessing, very good at what you do and I very much appreciate it!!! I have been more able to get it done in a quicker time frame this time!! Thank you for your efficiency also!
  3. Results of screen317's Security Check version 0.99.88 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 11.8.800.94 Flash Player out of Date! Mozilla Firefox 27.0.1 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
  4. actually, as I posted the last comment, the log appeared above!!
  5. looks like Norton was removed successfully. I did run the fix and posted the log...cant see it on here though...will look for it and post it again
  6. All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found. HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-21-1188590839-2654030184-3022409848-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1188590839-2654030184-3022409848-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. C:\Users\Susan\AppData\Roaming\Mozilla\Extensions folder moved successfully. C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\extensions folder moved successfully. File C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\extensions\[email protected]ayev.com.xpi not found. C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter Home Page Guard 64 bit deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. File Protocol\Handler\wlpg - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:livessp deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Public User: Susan Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Susan ->Flash cache emptied: 5507 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Susan ->Temp folder emptied: 57558655 bytes ->Temporary Internet Files folder emptied: 183436457 bytes ->FireFox cache emptied: 106579618 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 69961874 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes RecycleBin emptied: 328311838 bytes Total Files Cleaned = 711.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 10102014_204330 Files\Folders moved on Reboot... C:\Users\Susan\AppData\Local\Temp\winstore.log moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NFK6NUYA\2q6dNtNfG1YHziVjQ1hUSA[1].woff moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NFK6NUYA\aclk[1].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NFK6NUYA\postmessageRelay[1].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KHYOUERL\ads[10].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KHYOUERL\ads[11].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KHYOUERL\fastbutton[3].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KHYOUERL\KFZn1BJ0LYk[1].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KHYOUERL\KFZn1BJ0LYk[3].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KHYOUERL\like[3].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KHYOUERL\page-2[1].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E2VPN2P6\sNpRL69iYnSa-pHm90cZTA[1].woff moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2ZPSI1YC\c359731T223347B20680R2[1].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2ZPSI1YC\zrt_lookup[2].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  7. ok, I think that might be everything?
  8. OTL Extras logfile created on: 10/9/2014 10:20:56 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Susan\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16863) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.60 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 63.42% Memory free 4.22 Gb Paging File | 2.77 Gb Available in Paging File | 65.64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 273.93 Gb Total Space | 230.71 Gb Free Space | 84.22% Space Free | Partition Type: NTFS Drive D: | 23.39 Gb Total Space | 2.82 Gb Free Space | 12.07% Space Free | Partition Type: NTFS Computer Name: MWPREP07102013 | User Name: Susan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1188590839-2654030184-3022409848-1002\SOFTWARE\Classes\<extension>] .html [@ = TorchHTML.UD6AEBVKRWJMMAYMZM7WNELFN4] -- "C:\Users\Susan\AppData\Local\Torch\Application\torch.exe" -- "%1" ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{11985C4F-FA46-4D09-9015-6A8B6D80371D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{14F7941E-E8CC-423E-A065-1DC7327151CF}" = rport=445 | protocol=6 | dir=out | app=system | "{182F1B69-C495-4A81-8BAE-30242A47C944}" = lport=445 | protocol=6 | dir=in | app=system | "{1CF8E9F1-56CE-4D07-911E-3A8B2D758903}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{22388E38-D4A0-4F3A-A869-3EE9EB30293B}" = lport=139 | protocol=6 | dir=in | app=system | "{42EDAED6-9450-45E0-B122-8AC1C90ECC0C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{46EA4475-969D-4598-B318-F27B3ED6E8BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4FC0A922-C193-449D-A7EE-DF6755D00B3D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5BD7BD99-EDCD-4755-AAEF-AB70F3F31B7C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{6CC371BD-A0C1-43B8-A10D-3C2894D40C3C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7C497268-BCBB-49DB-B076-60F82BDFD0A0}" = lport=138 | protocol=17 | dir=in | app=system | "{86593733-7106-41DA-A3DE-CCDE885BAC7C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8E72A1FE-EF81-4964-A736-3D8FFC02E06D}" = rport=10243 | protocol=6 | dir=out | app=system | "{907B4DB3-CE9C-44E7-9A9C-3AA8FEC4D7A0}" = rport=137 | protocol=17 | dir=out | app=system | "{9D72ED86-C422-420A-A217-7B609B9AB815}" = lport=2869 | protocol=6 | dir=in | app=system | "{9F3CB633-A441-48EC-8BB4-918037335FBC}" = lport=137 | protocol=17 | dir=in | app=system | "{B9A8078B-E49D-4D31-B279-3AA0D7E24E12}" = lport=10243 | protocol=6 | dir=in | app=system | "{BF955460-C66C-4AA1-B05C-0055AB4E9240}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BFE09C25-FF62-40D5-B168-4CA4AF1291E4}" = rport=138 | protocol=17 | dir=out | app=system | "{C0693279-6C36-4640-A49D-72C0BD7DAA64}" = rport=139 | protocol=6 | dir=out | app=system | "{D58582AF-22E5-4C02-B344-27C8199D947D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{E8376E5C-4EE2-4C0D-84C4-5C9AF4AF37D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EE03A89D-2B7B-41C6-BC8C-6763A02A7D80}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02FB65BA-B38E-4BF0-B753-7EA78945D740}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{04C46421-C699-40C4-BFFB-2B631B463359}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{0605B2D6-1A29-4645-823C-E8EEAED6FCC0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{07105629-0986-474D-B349-12AAB57CD965}" = dir=out | name=getting started with windows 8 | "{0758B42B-2DD6-4329-8DF8-FAECA7B668B1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{0CC3B692-06D6-46C8-BB4A-62BA665330E4}" = protocol=1 | dir=in | [email protected],-28543 | "{147ACC80-BE47-4741-A113-3E2A2811DDF4}" = dir=out | [email protected]{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{14D9E642-3BCD-49BC-A67D-6EB2FDF2C7FE}" = dir=out | [email protected]{microsoft.zunemusic_1.5.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{18876433-C9EE-40DA-86C8-CA9991787BF9}" = protocol=6 | dir=in | app=c:\users\susan\appdata\local\ilivid\ilivid.exe | "{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 | "{1DF630E4-095D-4135-BC3B-02DA108E4B65}" = dir=out | [email protected]{microsoft.zunevideo_1.5.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{1E6621FC-2934-4337-AFCC-A5010EE96E00}" = dir=out | name=ebay | "{2CA55DD1-0850-4058-8FBC-2022A52E01A2}" = protocol=6 | dir=in | app=c:\program files (x86)\movies toolbar\datamngr\srtool~1\ie\dtuser.exe | "{355E9DA8-1070-458F-8381-B5E068B3A138}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{365C4E46-04A3-416D-B0E4-D7269EC80E4F}" = dir=out | [email protected]{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{4332C09D-9B7C-41C3-AFF8-A1CBAFD7F56E}" = dir=out | [email protected]{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{4CE9A841-A20E-426B-93EA-6FC2DE0BBD30}" = protocol=58 | dir=out | [email protected],-28546 | "{51EFD743-9A1E-491E-AAA1-34AA224E503A}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{523E0522-1A03-4C16-9FBB-47A0C7D27330}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{53DFF62D-E84F-472F-8B04-6327FD269514}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5E8E505C-52B9-45FF-80ED-2FE07728FB64}" = dir=in | name=ebay | "{6B17F256-0622-45FC-AE3E-E0013BAB3F9F}" = protocol=58 | dir=in | [email protected]ewallapi.dll,-28545 | "{796FAD90-6A17-41ED-B03F-C724A535035F}" = dir=out | [email protected]{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{7A04DBCB-FEF0-4C16-AEBD-D042293CD2AD}" = dir=out | name=kindle | "{7AC604BA-E8BA-4D99-B785-23FD404C0CEC}" = dir=out | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{7BA2FB5C-334F-447D-AEFC-5373AE3C2BA6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{87E93DD5-7952-49AE-8323-C70EEBD10A38}" = dir=out | name=skype | "{8AC873E5-2C76-45B5-BA76-27DF4806D0F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8B2E13E6-FE17-46D0-9409-B645F13EAAD9}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{8BB4A3E3-D19C-43F8-BFF1-270020A3C6FB}" = protocol=1 | dir=out | [email protected],-28544 | "{8D3FF601-8EB2-4B5F-855C-A0B5627B9238}" = dir=in | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{8DB95C2F-12FE-4C98-B130-2A0421C72158}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8E03066A-775C-467F-83C9-1BF1A71A68AA}" = dir=out | name=microsoft mahjong | "{9636DCD2-955A-434B-8139-1B54F148B3FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{99929453-DC3A-4663-9525-810C652C83A0}" = dir=in | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{9D06DFB6-593C-42D7-A0C5-C34DEFF67B1E}" = dir=out | name=netflix | "{A31E6A35-133E-48F5-A217-EF7BC2B187C9}" = dir=in | name=kindle | "{A5E5F4BD-9D6F-40F0-B046-8CEDCAB62EB0}" = dir=out | name=hp+ | "{A7A4E2B8-BCF1-47C3-B4EF-D8B91E96DF24}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A980D8A1-EA05-4EE6-B5EA-F4FB0B4F367D}" = dir=out | [email protected]{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{AA001491-3448-4258-A296-0773929A7FEB}" = dir=in | app=c:\users\susan\appdata\local\torch\plugins\hola\hola_plugin.exe | "{AC784835-1CFC-48F2-A3F8-6DD15942042A}" = dir=out | [email protected]{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{AE772DA2-C506-4A1F-A545-A31251C28564}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AE8624FD-E8F6-4527-A10E-02B653A6847A}" = dir=in | app=c:\users\susan\appdata\local\torch\plugins\hola\hola_plugin_x64.exe | "{B14175E7-D504-406F-8B60-1F54A5CFFAA4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B3A41E1D-956D-4B6E-A0C7-2CEE61BBCD79}" = protocol=17 | dir=in | app=c:\program files (x86)\movies toolbar\datamngr\srtool~1\ie\dtuser.exe | "{BA74AC7D-46FE-40F5-8959-34A0DA446BD0}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{BF7F7AFC-D20C-42DE-9033-347655200DE9}" = protocol=17 | dir=in | app=c:\users\susan\appdata\local\ilivid\ilivid.exe | "{BF9FC51A-CCF7-482C-9BE9-A348B9BB1701}" = dir=out | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{C09723CB-C798-4E83-AB09-7D611C39D026}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CA76D5AC-090D-4C9A-A502-C3DC042628FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CE106D4C-6DF9-4CAF-982C-CED2BF3B3A3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D30AFF4A-7F9B-4896-BB80-9B9BB8853A86}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DB5B1A0C-D5FD-4566-80D6-131AB32F0C48}" = dir=out | name=microsoft solitaire collection | "{DBD2D3F4-ADA2-423B-84F4-DEAC15DECEA1}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{E3C107B4-2787-4E7B-AC42-29E8369271D9}" = dir=in | app=c:\users\susan\appdata\local\torch\application\torch.exe | "{E6C58CB1-EDA8-4566-9806-C804AC525720}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{E7D8A5B3-E31C-4B0E-9E10-4CA26AE1DFE7}" = dir=out | name=iheartradio | "{EB43A59B-958C-43BF-9D95-C0E9DC7D6D54}" = dir=out | [email protected]{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{EC0494C1-63B7-42EB-B64E-845C0C20C5DF}" = dir=out | name=hp connected photo powered by snapfish | "{ED425500-336F-4C96-8F9F-54ACE213C94D}" = dir=out | [email protected]{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{EF2BCB0C-628C-4565-860F-1B29241CE08B}" = dir=out | name=hp registration | "{F2C9151F-2369-4604-97DC-0D0B95CAB63E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F851F89E-9625-4123-8916-A48E500D9A65}" = dir=in | name=skype | "{F8CF21AB-800E-47DA-834F-2B4240FFA3D2}" = dir=out | name=norton studio | "{FAF5E8D9-94C0-4B79-9EEB-35EC8E376536}" = protocol=6 | dir=out | app=system | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{63ADEC24-A374-80A8-E89B-BE401C787F75}" = AMD Catalyst Install Manager "{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A79A9231-0A5A-9384-21D0-DB753C2BE59B}" = AMD Fuel "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service "{E82EC5DF-28FD-C8F4-ED08-B88728158260}" = ccc-utility64 "{E9F0BCD8-6BD5-1ED7-EDA3-9FCF2A478AA1}" = Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) "McAfee Security Scan" = McAfee Security Scan Plus "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0123AB93-E7A4-7F40-83B6-41EC2CF84B3F}" = CCC Help Dutch "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C3B99D2-35D0-6993-3C4B-A759419A8678}" = CCC Help Korean "{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center "{0DCCD5F4-29E7-4AA0-8C1D-F8E1503B91F4}" = Catalyst Control Center - Branding "{1225C0F8-AB1A-BE3A-CD0C-DB8CA1613940}" = CCC Help Greek "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3C41A693-28E1-4335-A738-528B09DB600C}" = CCC Help Thai "{3C458872-A5BB-89F3-933C-2406F6D9E6F8}" = CCC Help Finnish "{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch "{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager "{52A3FC19-6F84-F293-08C6-80A1D2F7477F}" = CCC Help Swedish "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5CD2FE1D-A3DB-F273-2798-EFAACF8492A5}" = CCC Help Portuguese "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A66D912-541C-54C6-43E6-17AF24700B91}" = CCC Help German "{6C8FF546-B0C0-0935-2F5E-7DC2DA727CFD}" = CCC Help Czech "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{734846E6-3E7A-04AC-0612-638A1D8A63F8}" = CCC Help Russian "{747F3993-036E-5F4F-1B82-7DA844B73966}" = Catalyst Control Center Localization All "{793ED091-3F14-4968-3864-5C8A7727A5DA}" = CCC Help Chinese Standard "{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{9285EABA-D88C-4A8A-6E9D-5F55BF03E46F}" = Catalyst Control Center InstallProxy "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93EB60BA-458D-FBE6-E466-CD170080E719}" = CCC Help Polish "{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C0F4CBD-8543-96CC-46F1-75E57B1B22A6}" = Catalyst Control Center Graphics Previews Common "{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom "{9EF69B68-6DFE-F916-2D6E-E486D21A26C2}" = CCC Help Spanish "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92509EA-B526-4869-B8B3-A39E20DBBE7A}_is1" = EasyWorship 2009 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}" = HP Documentation "{B1E7FE70-3B18-5BA2-8032-2547FC636A50}" = CCC Help Japanese "{B424890D-64FC-E0D1-4A17-4B512CA45CD9}" = CCC Help Italian "{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant "{BE64A239-E22E-9D77-AA57-36AE0443EC2F}" = CCC Help Chinese Traditional "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF8C33C1-C978-527D-E0AF-530882DEB146}" = AMD VISION Engine Control Center "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D5DC9541-12F0-59CF-9430-1136D5A58BD0}" = CCC Help Hungarian "{D7FBE7DC-A18F-4DFF-80BB-A478E4E09CF7}" = CCC Help Danish "{DC3C5C4A-1869-A99C-3AE4-55E0191105F0}" = CCC Help Norwegian "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EB2CDF95-92D4-AC57-63B1-4E7F0BD8F9B8}" = CCC Help French "{ECA42F46-D80E-AD40-18FB-4BF64491CEE3}" = CCC Help English "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF282A38-D10B-E302-FBAD-5903C9DD9A5B}" = CCC Help Turkish "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8 "ilividmoviestoolbarhaIE" = Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10 "InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012 "Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NIS" = Norton Internet Security "VideoDownloadConverter_4zbar Uninstall Internet Explorer" = VideoDownloadConverter Internet Explorer Toolbar "WildTangent hp Master Uninstall" = HP Games "WildTangent wildgames Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials "WTA-01851457-3bff-4899-9744-3eefb4f4616a" = Final Drive Fury "WTA-18e5ee17-ef58-43de-a1a4-8c0a1a07978d" = Zuma's Revenge "WTA-212b1a7b-4f17-4604-a8aa-e5bd382792fc" = Mortimer Beckett and the Crimson Thief Premium Edition "WTA-295825ae-4150-45dc-92ee-2404310de8b9" = Governor of Poker 2 Premium Edition "WTA-3141a45e-c8ae-4235-8719-700c73febb4d" = Luxor Evolved "WTA-3798a934-f35b-4733-9c05-8c452efc00ca" = Build-a-lot 4 - Power Source "WTA-3a2190cd-bfdf-4d4d-81a3-36cded4dd416" = 4 Elements II "WTA-444310a7-5ae4-4709-b381-770dbfb7e72e" = Polar Golfer "WTA-5aa60ebc-03a8-4ef3-ade4-25ea925282b8" = Cradle Of Egypt Collector's Edition "WTA-6879b103-4fa1-4d06-82b2-493d5053f4f4" = Chuzzle Deluxe "WTA-6d272bad-7716-481d-9af3-c97a08a72e4e" = FlatOut 2 "WTA-83d9748c-fd52-4cfa-bc58-a778ff472b67" = FATE: The Cursed King "WTA-84237f55-78ca-4e8c-b11a-2964b4fbda03" = Tales of Lagoona "WTA-953416ff-7332-494c-96af-f4ca86e092a1" = Roads of Rome 3 "WTA-99a582cd-7a86-4de5-99e1-f4c0c4f132fd" = Mahjongg Dimensions Deluxe: Tiles in Time "WTA-9e7f5fc3-e2a8-4dd7-8a40-718d2f2bcdf5" = Vacation Questâ„¢ - Australia "WTA-ab11b200-54fa-4530-afd3-abcdb7190e5f" = Mystery P.I. - Curious Case of Counterfeit Cove "WTA-b5825377-38b5-458e-8a6e-927da5df4725" = Hoyle Card Games "WTA-c1eff67a-ac94-4045-a5db-f3a56f456037" = John Deere Drive Green "WTA-c312f532-d003-47b1-9d8a-65f30250b407" = Jewel Match 3 "WTA-d1d9a918-e8fb-4e69-a76a-2e6cb230e0a3" = Peggle Nights "WTA-d7df8d42-f130-4e88-926b-e3bc9616e662" = Cradle of Rome 2 "WTA-e316102c-5e73-40f1-a6e9-e11ab64b21a7" = Bejeweled 3 "WTA-ed09f4aa-9d25-4f6c-8dc4-933017fb2c80" = Polar Bowler "WTA-f2316993-7da7-454f-a5a4-b40474d148d5" = Penguins! "WTA-fd147121-ff31-4350-be02-26b6e512c694" = Farm Frenzy ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10/9/2014 11:53:33 AM | Computer Name = MWPREP07102013 | Source = Application Error | ID = 1000 Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: QtCore4.dll, version: 4.8.4.0, time stamp: 0x51352df8 Exception code: 0xc0000005 Fault offset: 0x0010ebb3 Faulting process id: 0x1018 Faulting application start time: 0x01cfe3d4e8bde6a6 Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\QtCore4.dll Report Id: 6b885ace-4fcc-11e4-bec0-d4c9ef7c16a8 Faulting package full name: Faulting package-relative application ID: < End of report >
  9. OTL logfile created on: 10/9/2014 10:20:56 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Susan\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16863) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.60 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 63.42% Memory free 4.22 Gb Paging File | 2.77 Gb Available in Paging File | 65.64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 273.93 Gb Total Space | 230.71 Gb Free Space | 84.22% Space Free | Partition Type: NTFS Drive D: | 23.39 Gb Total Space | 2.82 Gb Free Space | 12.07% Space Free | Partition Type: NTFS Computer Name: MWPREP07102013 | User Name: Susan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/10/09 10:15:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Susan\Downloads\OTL.com PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe PRC - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe PRC - [2012/07/27 19:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2012/07/09 14:40:02 | 000,580,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2012/07/09 14:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2012/06/07 21:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe PRC - [2012/03/28 19:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe ========== Modules (No Company Name) ========== MOD - [2012/06/08 12:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll MOD - [2012/06/07 21:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll MOD - [2012/05/30 00:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\wincfi39.dll ========== Services (SafeList) ========== SRV:64bit: - [2014/05/22 03:02:59 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2014/01/15 18:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService) SRV:64bit: - [2013/10/25 01:34:55 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013/08/15 23:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2013/06/24 16:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2013/06/01 03:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2013/05/04 00:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013/05/04 00:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2013/04/08 22:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2013/03/01 20:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013/03/01 20:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013/01/09 17:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2012/09/20 00:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012/08/06 13:08:48 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012/08/02 03:06:02 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012/07/25 21:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012/07/25 21:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012/07/25 21:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012/07/25 21:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012/07/25 21:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012/07/25 21:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012/07/25 21:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012/07/25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012/07/25 21:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012/07/25 21:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012/07/25 21:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2014/03/07 18:18:05 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe -- (NIS) SRV - [2012/08/10 18:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2012/07/25 21:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012/07/25 21:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012/07/25 21:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2012/07/25 21:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2012/07/09 14:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014/10/09 10:10:07 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV:64bit: - [2014/05/12 07:26:14 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mwac.sys -- (MBAMWebAccessControl) DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/10/25 01:34:52 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013/10/24 16:34:32 | 000,248,240 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013/10/10 05:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2013/10/05 00:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013/10/01 20:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013/08/15 23:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2013/08/10 00:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013/07/13 20:31:59 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013/07/09 02:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2013/07/01 19:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013/07/01 19:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2013/06/29 00:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013/05/31 21:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013/05/22 23:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1405000.01C\symefa64.sys -- (SymEFA) DRV:64bit: - [2013/05/20 23:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1405000.01C\symds64.sys -- (SymDS) DRV:64bit: - [2013/05/16 20:12:22 | 000,524,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2013/05/15 23:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1405000.01C\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013/04/24 18:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1405000.01C\symnets.sys -- (SymNetS) DRV:64bit: - [2013/04/15 20:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1405000.01C\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2013/03/04 19:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1405000.01C\ironx64.sys -- (SymIRON) DRV:64bit: - [2013/03/04 19:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1405000.01C\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013/03/02 04:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013/03/02 04:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013/01/09 19:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012/11/26 21:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012/11/19 22:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012/11/05 21:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012/10/12 02:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/10/11 01:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012/09/20 01:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012/09/20 01:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012/08/24 03:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2012/08/24 03:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv) DRV:64bit: - [2012/08/03 15:07:30 | 000,020,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver) DRV:64bit: - [2012/08/02 04:54:18 | 010,280,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/08/02 02:09:30 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/07/31 13:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012/07/25 23:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/07/25 23:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012/07/25 23:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012/07/25 23:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012/07/25 23:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012/07/25 23:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012/07/25 23:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012/07/25 23:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012/07/25 23:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012/07/25 23:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012/07/25 23:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012/07/25 23:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012/07/25 23:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012/07/25 23:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012/07/25 23:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012/07/25 23:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012/07/25 23:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012/07/25 22:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012/07/25 22:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012/07/25 21:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012/07/25 20:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012/07/25 20:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012/07/25 20:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012/07/25 20:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012/07/25 20:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012/07/25 20:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012/07/25 20:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012/07/25 20:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012/07/25 20:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012/07/25 20:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012/07/25 20:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012/07/25 20:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012/07/25 20:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012/07/25 20:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/07/25 20:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012/07/25 20:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012/07/25 20:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/07/25 20:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012/07/25 20:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012/07/25 20:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012/07/25 20:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012/07/24 09:44:02 | 003,618,304 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr) DRV:64bit: - [2012/07/23 15:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2012/07/23 15:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2012/07/17 10:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService) DRV:64bit: - [2012/06/25 11:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive) DRV:64bit: - [2012/06/20 15:27:30 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1405000.01C\symelam.sys -- (SymELAM) DRV:64bit: - [2012/06/18 20:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2012/06/13 20:24:00 | 000,266,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR) DRV:64bit: - [2012/06/12 23:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012/06/02 08:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV - [2013/07/10 14:52:04 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130712.001\IDSviA64.sys -- (IDSVia64) DRV - [2013/07/10 11:03:10 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130713.006\ex64.sys -- (NAVEX15) DRV - [2013/07/10 11:03:10 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013/07/10 11:03:10 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013/07/10 11:03:10 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130713.006\eng64.sys -- (NAVENG) DRV - [2013/07/02 04:01:42 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130702.001\BHDrvx64.sys -- (BHDrvx64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1188590839-2654030184-3022409848-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE - HKU\S-1-5-21-1188590839-2654030184-3022409848-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-1188590839-2654030184-3022409848-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ IE - HKU\S-1-5-21-1188590839-2654030184-3022409848-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1188590839-2654030184-3022409848-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1188590839-2654030184-3022409848-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: YoutubeDownloader%40PeterOlayev.com:2.3.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ [2013/07/10 10:41:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2014/10/09 10:12:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/02 13:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susan\AppData\Roaming\Mozilla\Extensions [2014/10/09 09:04:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\extensions [2014/06/19 22:39:51 | 000,076,689 | ---- | M] () (No name found) -- C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\extensions\[email protected] [2014/03/07 18:17:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2014/03/07 18:18:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2012/07/25 23:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [VideoDownloadConverter Home Page Guard 64 bit] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe" File not found O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}: DhcpNameServer = 192.168.200.1 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8A8E7B6-ABE2-483A-8179-30EB537F185D}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: x64 - (c:\program files (x86)\movies toolbar\datamngr\x64\apcrtldr.dll) - File not found O36 - AppCertDlls: x86 - (c:\program files (x86)\movies toolbar\datamngr\apcrtldr.dll) - File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/10/09 09:23:09 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014/10/09 09:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2014/10/09 09:21:58 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014/10/09 09:21:58 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014/10/09 09:21:58 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014/10/09 09:21:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2014/10/09 09:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014/10/09 09:21:26 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Local\Programs [2014/10/09 08:55:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014/10/09 08:42:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/10/09 08:21:05 | 000,000,000 | ---D | C] -- C:\zoek_backup ========== Files - Modified Within 30 Days ========== [2014/10/09 10:14:03 | 000,941,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/10/09 10:14:03 | 000,783,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/10/09 10:14:03 | 000,158,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/10/09 10:11:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/10/09 10:10:07 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014/10/09 10:09:18 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2014/10/09 10:09:17 | 3088,900,096 | -HS- | M] () -- C:\hiberfil.sys [2014/10/09 09:22:05 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/10/02 19:44:16 | 000,305,931 | ---- | M] () -- C:\Users\Susan\Documents\10-5-14.ews [2014/09/25 20:08:11 | 000,304,210 | ---- | M] () -- C:\Users\Susan\Documents\9-28-14.ews [2014/09/21 10:59:59 | 001,261,265 | ---- | M] () -- C:\Users\Susan\Documents\9-21-14.ews [2014/09/17 18:44:29 | 000,003,584 | ---- | M] () -- C:\Users\Susan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/09/14 11:04:48 | 000,174,839 | ---- | M] () -- C:\Users\Susan\Documents\9-14-14.ews ========== Files Created - No Company Name ========== [2014/10/09 09:22:05 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/10/01 22:16:42 | 000,305,931 | ---- | C] () -- C:\Users\Susan\Documents\10-5-14.ews [2014/09/24 22:18:09 | 000,304,210 | ---- | C] () -- C:\Users\Susan\Documents\9-28-14.ews [2014/09/18 09:37:24 | 001,261,265 | ---- | C] () -- C:\Users\Susan\Documents\9-21-14.ews [2014/09/17 18:44:28 | 000,003,584 | ---- | C] () -- C:\Users\Susan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/09/10 21:03:30 | 000,174,839 | ---- | C] () -- C:\Users\Susan\Documents\9-14-14.ews [2013/09/19 10:47:34 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013/07/13 17:06:33 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL ========== ZeroAccess Check ========== [2012/08/17 12:05:29 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014/05/22 03:03:38 | 019,759,104 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014/05/22 03:03:45 | 017,562,112 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/07/13 17:05:15 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\Softouch [2013/07/10 10:40:08 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\Synaptics [2013/12/20 12:25:31 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\TFP [2013/08/30 08:59:39 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\WebApp [2013/12/29 11:01:04 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\WildTangent ========== Purity Check ========== < End of report >
  10. # AdwCleaner v3.311 - Report created 09/10/2014 at 10:06:24 # Updated 30/09/2014 by Xplode # Operating System : Windows 8 (64 bits) # Username : Susan - MWPREP07102013 # Running from : C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMWT6YZ8\adwcleaner_3.311 (1).exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : DatamngrCoordinator Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A91196222 ***** [ Files / Folders ] ***** [#] Folder Deleted : C:\ProgramData\BitGuard [#] Folder Deleted : C:\ProgramData\Browser Manager [#] Folder Deleted : C:\ProgramData\BrowserProtect [!] Folder Deleted : C:\ProgramData\DataMngr [!] Folder Deleted : C:\Program Files (x86)\Movies Toolbar Folder Deleted : C:\Program Files (x86)\VideoDownloadConverter Folder Deleted : C:\Program Files (x86)\VideoDownloadConverter_4z Folder Deleted : C:\Users\Susan\AppData\Local\iLivid Folder Deleted : C:\Users\Susan\AppData\Local\torch Folder Deleted : C:\Users\Susan\AppData\LocalLow\DataMngr Folder Deleted : C:\Users\Susan\AppData\LocalLow\ilividmoviestoolbarha Folder Deleted : C:\Users\Susan\AppData\Roaming\FirefoxToolbar Folder Deleted : C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch Folder Deleted : C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\ilividmoviestoolbarha File Deleted : C:\Users\Public\Desktop\eBay.lnk File Deleted : C:\Users\Susan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk File Deleted : C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk File Deleted : C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Key Deleted : HKCU\Software\Classes\iLivid.torrent Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid] Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter EPM Support] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter_4z Browser Plugin Loader 64] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin Key Deleted : HKLM\SOFTWARE\MozillaPlugins\TorchVLC Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64] Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3719959C-1CCD-4FA7-8EBB-7D9DED86FCCB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84B7B98F-E018-4DBB-AB4C-4DDD3DFCB5FB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8A4E8BCB-5598-4CAF-9DEC-4D452760E28D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A86782D8-7B41-452F-A217-1854F72DBA54} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF48DBA6-5DD8-4D10-9EB0-0FA968502E66} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{37923200-6887-4B44-95D4-CAE8F83ECFEE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{385F1935-3784-48D0-A61F-6385493DED3C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A4E8BCB-5598-4CAF-9DEC-4D452760E28D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3D86A75B-CB6B-4764-885D-CA6336F04BA2}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93A3111F-4F74-4ED8-895E-D9708497629E}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{C547C6C2-561B-4169-A2A5-20BA771CA93B} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKCU\Software\APN DTX Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\torch Key Deleted : HKCU\Software\VideoDownloadConverter_4z Key Deleted : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z Key Deleted : HKLM\SOFTWARE\DataMngr Key Deleted : HKLM\SOFTWARE\torch Key Deleted : HKLM\SOFTWARE\VideoDownloadConverter Key Deleted : HKLM\SOFTWARE\VideoDownloadConverter_4z Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall Firefox Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Mozilla Firefox v27.0.1 (en-US) [ File : C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\prefs.js ] ************************* AdwCleaner[R0].txt - [22912 octets] - [09/10/2014 08:43:20] AdwCleaner[R1].txt - [13501 octets] - [09/10/2014 10:04:38] AdwCleaner[s0].txt - [12792 octets] - [09/10/2014 10:06:24] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [12853 octets] ##########
  11. can you use those log files with the lines crossed through? It hasn't done that previously when I have posted logs
  12. Malwarebytes Anti-Malware www.malwarebytes.org Protection, 10/9/2014 9:23:11 AM, SYSTEM, MWPREP07102013, Protection, Malware Protection, Starting, Protection, 10/9/2014 9:23:11 AM, SYSTEM, MWPREP07102013, Protection, Malware Protection, Started, Protection, 10/9/2014 9:23:12 AM, SYSTEM, MWPREP07102013, Protection, Malicious Website Protection, Starting, Protection, 10/9/2014 9:23:12 AM, SYSTEM, MWPREP07102013, Protection, Malicious Website Protection, Started, Update, 10/9/2014 9:23:15 AM, SYSTEM, MWPREP07102013, Manual, Rootkit Database, 2014.2.20.1, 2014.10.8.1, Update, 10/9/2014 9:23:21 AM, SYSTEM, MWPREP07102013, Manual, Malware Database, 2014.3.4.9, 2014.10.9.6, Protection, 10/9/2014 9:23:22 AM, SYSTEM, MWPREP07102013, Protection, Refresh, Starting, Protection, 10/9/2014 9:23:22 AM, SYSTEM, MWPREP07102013, Protection, Malicious Website Protection, Stopping, Protection, 10/9/2014 9:23:22 AM, SYSTEM, MWPREP07102013, Protection, Malicious Website Protection, Stopped, Protection, 10/9/2014 9:23:35 AM, SYSTEM, MWPREP07102013, Protection, Refresh, Success, Protection, 10/9/2014 9:23:35 AM, SYSTEM, MWPREP07102013, Protection, Malicious Website Protection, Starting, Protection, 10/9/2014 9:23:36 AM, SYSTEM, MWPREP07102013, Protection, Malicious Website Protection, Started, Detection, 10/9/2014 9:51:16 AM, SYSTEM, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MoviesToolbar.A, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Quarantine, [9d0dbd55b8c42c0a359bae3736ccc63a] Detection, 10/9/2014 9:51:16 AM, SYSTEM, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MoviesToolbar.A, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Quarantine, [eebc25edb6c6b086ae2236af13efa65a] Protection, 10/9/2014 9:51:16 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Error, 10/9/2014 9:51:16 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Detection, 10/9/2014 9:53:30 AM, SYSTEM, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MoviesToolbar.A, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Quarantine, [9d0dbd55b8c42c0a359bae3736ccc63a] Detection, 10/9/2014 9:53:30 AM, SYSTEM, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MoviesToolbar.A, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Quarantine, [eebc25edb6c6b086ae2236af13efa65a] Protection, 10/9/2014 9:53:31 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Error, 10/9/2014 9:53:31 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Protection, 10/9/2014 9:53:31 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Error, 10/9/2014 9:53:31 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Detection, 10/9/2014 9:55:02 AM, SYSTEM, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MindSpark.A, C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8RES.DLL, Quarantine, [6d3d64ae3e3ea690bf28826a659d9868] Detection, 10/9/2014 9:55:37 AM, Susan, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MoviesToolbar.A, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll, Quarantine, [d4d647cb720aad89eee29f46da28ce32] Protection, 10/9/2014 9:55:37 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll, Error, 10/9/2014 9:55:37 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll, Detection, 10/9/2014 9:55:38 AM, SYSTEM, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MoviesToolbar.A, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Quarantine, [9d0dbd55b8c42c0a359bae3736ccc63a] Detection, 10/9/2014 9:55:38 AM, Susan, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MoviesToolbar.A, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Quarantine, [eebc25edb6c6b086ae2236af13efa65a] Protection, 10/9/2014 9:55:38 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Error, 10/9/2014 9:55:38 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Protection, 10/9/2014 9:55:38 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Error, 10/9/2014 9:55:38 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Detection, 10/9/2014 9:58:37 AM, Susan, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MoviesToolbar.A, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Quarantine, [9d0dbd55b8c42c0a359bae3736ccc63a] Detection, 10/9/2014 9:58:38 AM, SYSTEM, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MoviesToolbar.A, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Quarantine, [eebc25edb6c6b086ae2236af13efa65a] Protection, 10/9/2014 9:58:38 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Error, 10/9/2014 9:58:38 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Protection, 10/9/2014 9:58:38 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Error, 10/9/2014 9:58:38 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, (end)
  13. Don't know why there is a line through all the text of the above log?
  14. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.2 (10.09.2014:1) OS: Windows 8 x64 Ran by Susan on Thu 10/09/2014 at 8:55:49.94 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Failed to stop: [service] datamngrcoordinator Successfully stopped: [service] torchcrashhandler Successfully deleted: [service] torchcrashhandler Successfully stopped: [service] videodownloadconverter_4zservice Successfully deleted: [service] videodownloadconverter_4zservice ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter_4z Browser Plugin Loader Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter Search Scope Monitor Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1188590839-2654030184-3022409848-1002\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.FeedManager Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.FeedManager.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.HTMLMenu Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.HTMLMenu.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.HTMLPanel Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.HTMLPanel.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.MultipleButton Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.MultipleButton.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.PseudoTransparentPlugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.PseudoTransparentPlugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.Radio Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.Radio.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.RadioSettings Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.RadioSettings.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.ScriptButton Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.ScriptButton.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.SettingsPlugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.SettingsPlugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.ThirdPartyInstaller Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.ThirdPartyInstaller.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.ToolbarProtector Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.ToolbarProtector.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} ~~~ Files ~~~ Folders Failed to delete: [Folder] "C:\ProgramData\datamngr" Successfully deleted: [Folder] "C:\ProgramData\torchcrashhandler" Successfully deleted: [Folder] "C:\ProgramData\wincert" Failed to delete: [Folder] "C:\Users\Susan\appdata\local\ilivid" Failed to delete: [Folder] "C:\Users\Susan\appdata\local\torch" Successfully deleted: [Folder] "C:\Users\Susan\appdata\local\videodownloadconverter_4z" Successfully deleted: [Folder] "C:\Users\Susan\appdata\locallow\datamngr" Successfully deleted: [Folder] "C:\Users\Susan\appdata\locallow\iac" Successfully deleted: [Folder] "C:\Users\Susan\appdata\locallow\videodownloadconverter_4z" Successfully deleted: [Folder] "C:\Users\Susan\appdata\locallow\videodownloadconverter_4zei" Failed to delete: [Folder] "C:\Program Files (x86)\movies toolbar" Failed to delete: [Folder] "C:\Program Files (x86)\videodownloadconverter_4z" ~~~ FireFox Successfully deleted: [File] C:\Users\Susan\AppData\Roaming\mozilla\firefox\profiles\k126fbi3.default\searchplugins\ask.xml Successfully deleted: [Folder] C:\Users\Susan\AppData\Roaming\mozilla\firefox\profiles\k126fbi3.default\extensions\[email protected]_4z.com Successfully deleted the following from C:\Users\Susan\AppData\Roaming\mozilla\firefox\profiles\k126fbi3.default\prefs.js user_pref("browser.search.order.1", "Ask.com"); user_pref("browser.search.selectedEngine", "Ask.com"); user_pref("browser.search.defaultenginename", "Ask.com"); ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 10/09/2014 at 9:06:15.72 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  15. # AdwCleaner v3.311 - Report created 09/10/2014 at 08:43:20 # Updated 30/09/2014 by Xplode # Operating System : Windows 8 (64 bits) # Username : Susan - MWPREP07102013 # Running from : C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMWT6YZ8\adwcleaner_3.311.exe # Option : Scan ***** [ Services ] ***** Service Found : DatamngrCoordinator Service Found : F06DEFF2-5B9C-490D-910F-35D3A91196222 Service Found : torchcrashhandler Service Found : VideoDownloadConverter_4zService ***** [ Files / Folders ] ***** File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml File Found : C:\Users\Public\Desktop\eBay.lnk File Found : C:\Users\Susan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk File Found : C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk File Found : C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk File Found : C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\searchplugins\Ask.xml File Found : C:\Users\Susan\Desktop\Facebook.lnk File Found : C:\Users\Susan\Desktop\Youtube.lnk Folder Found : C:\Program Files (x86)\Movies Toolbar Folder Found : C:\Program Files (x86)\VideoDownloadConverter Folder Found : C:\Program Files (x86)\VideoDownloadConverter_4z Folder Found : C:\ProgramData\BitGuard Folder Found : C:\ProgramData\Browser Manager Folder Found : C:\ProgramData\BrowserProtect Folder Found : C:\ProgramData\DataMngr Folder Found : C:\ProgramData\torchcrashhandler Folder Found : C:\ProgramData\wincert Folder Found : C:\Users\Susan\AppData\Local\iLivid Folder Found : C:\Users\Susan\AppData\Local\torch Folder Found : C:\Users\Susan\AppData\Local\VideoDownloadConverter_4z Folder Found : C:\Users\Susan\AppData\LocalLow\DataMngr Folder Found : C:\Users\Susan\AppData\LocalLow\iac Folder Found : C:\Users\Susan\AppData\LocalLow\ilividmoviestoolbarha Folder Found : C:\Users\Susan\AppData\LocalLow\VideoDownloadConverter_4z Folder Found : C:\Users\Susan\AppData\Roaming\FirefoxToolbar Folder Found : C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch Folder Found : C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\Extensions\[email protected]_4z.com Folder Found : C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\ilividmoviestoolbarha ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\APN DTX Key Found : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z Key Found : HKCU\Software\Classes\iLivid.torrent Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\ilivid Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3D86A75B-CB6B-4764-885D-CA6336F04BA2} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3D86A75B-CB6B-4764-885D-CA6336F04BA2} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A4E8BCB-5598-4CAF-9DEC-4D452760E28D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch Key Found : HKCU\Software\torch Key Found : HKCU\Software\VideoDownloadConverter_4z Key Found : [x64] HKCU\Software\APN DTX Key Found : [x64] HKCU\Software\DataMngr Key Found : [x64] HKCU\Software\ilivid Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : [x64] HKCU\Software\torch Key Found : [x64] HKCU\Software\VideoDownloadConverter_4z Key Found : HKLM\SOFTWARE\Classes\Applications\Torch.exe Key Found : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3719959C-1CCD-4FA7-8EBB-7D9DED86FCCB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3D86A75B-CB6B-4764-885D-CA6336F04BA2} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} Key Found : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83} Key Found : HKLM\SOFTWARE\Classes\CLSID\{84B7B98F-E018-4DBB-AB4C-4DDD3DFCB5FB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8A4E8BCB-5598-4CAF-9DEC-4D452760E28D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A86782D8-7B41-452F-A217-1854F72DBA54} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C547C6C2-561B-4169-A2A5-20BA771CA93B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FF48DBA6-5DD8-4D10-9EB0-0FA968502E66} Key Found : HKLM\SOFTWARE\Classes\iLivid.torrent Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631} Key Found : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Key Found : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60} Key Found : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7} Key Found : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C} Key Found : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC} Key Found : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} Key Found : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B} Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{37923200-6887-4B44-95D4-CAE8F83ECFEE} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{385F1935-3784-48D0-A61F-6385493DED3C} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8} Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1 Key Found : HKLM\SOFTWARE\DataMngr Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D86A75B-CB6B-4764-885D-CA6336F04BA2} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3D86A75B-CB6B-4764-885D-CA6336F04BA2} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall Firefox Key Found : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin Key Found : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin Key Found : HKLM\SOFTWARE\MozillaPlugins\TorchVLC Key Found : HKLM\SOFTWARE\torch Key Found : HKLM\SOFTWARE\VideoDownloadConverter Key Found : HKLM\SOFTWARE\VideoDownloadConverter_4z Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{C547C6C2-561B-4169-A2A5-20BA771CA93B} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93A3111F-4F74-4ED8-895E-D9708497629E}] Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3D86A75B-CB6B-4764-885D-CA6336F04BA2}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter EPM Support] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter Search Scope Monitor] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter_4z Browser Plugin Loader 64] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter_4z Browser Plugin Loader 64] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter_4z Browser Plugin Loader] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter_4z Browser Plugin Loader] Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64] Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86] Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64] Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86] ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Mozilla Firefox v27.0.1 (en-US) [ File : C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\prefs.js ] Line Found : user_pref("browser.search.order.1", "Ask.com"); Line Found : user_pref("browser.search.selectedEngine", "Ask.com"); Line Found : user_pref("browser.search.defaultenginename", "Ask.com"); ************************* AdwCleaner[R0].txt - [22682 octets] - [09/10/2014 08:43:20] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [22743 octets] ##########