Sponsored By

Lou74

Members
  • Content Count

    43
  • Joined

  • Last visited

Everything posted by Lou74

  1. Chuck, you rock!!! Would you like me to give you a shout out on Powell Valley Exchange? So thankful for your help and expertise
  2. oh my goodness Chuck, the laptop is running much nicer!! I probably need to get it protected now right? An install the up dates and remove the old versions of things? I am starting to get used to how things work lol!! Thank you for all your help so far...as per normal you have been a huge blessing, very good at what you do and I very much appreciate it!!! I have been more able to get it done in a quicker time frame this time!! Thank you for your efficiency also!
  3. Results of screen317's Security Check version 0.99.88 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 11.8.800.94 Flash Player out of Date! Mozilla Firefox 27.0.1 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
  4. actually, as I posted the last comment, the log appeared above!!
  5. looks like Norton was removed successfully. I did run the fix and posted the log...cant see it on here though...will look for it and post it again
  6. All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found. HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-21-1188590839-2654030184-3022409848-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1188590839-2654030184-3022409848-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. C:\Users\Susan\AppData\Roaming\Mozilla\Extensions folder moved successfully. C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\extensions folder moved successfully. File C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\extensions\[email protected] not found. C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter Home Page Guard 64 bit deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. File Protocol\Handler\wlpg - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:livessp deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Public User: Susan Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Susan ->Flash cache emptied: 5507 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Susan ->Temp folder emptied: 57558655 bytes ->Temporary Internet Files folder emptied: 183436457 bytes ->FireFox cache emptied: 106579618 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 69961874 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes RecycleBin emptied: 328311838 bytes Total Files Cleaned = 711.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 10102014_204330 Files\Folders moved on Reboot... C:\Users\Susan\AppData\Local\Temp\winstore.log moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NFK6NUYA\2q6dNtNfG1YHziVjQ1hUSA[1].woff moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NFK6NUYA\aclk[1].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NFK6NUYA\postmessageRelay[1].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KHYOUERL\ads[10].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KHYOUERL\ads[11].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KHYOUERL\fastbutton[3].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KHYOUERL\KFZn1BJ0LYk[1].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KHYOUERL\KFZn1BJ0LYk[3].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KHYOUERL\like[3].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KHYOUERL\page-2[1].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E2VPN2P6\sNpRL69iYnSa-pHm90cZTA[1].woff moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2ZPSI1YC\c359731T223347B20680R2[1].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2ZPSI1YC\zrt_lookup[2].htm moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  7. ok, I think that might be everything?
  8. OTL Extras logfile created on: 10/9/2014 10:20:56 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Susan\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16863) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.60 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 63.42% Memory free 4.22 Gb Paging File | 2.77 Gb Available in Paging File | 65.64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 273.93 Gb Total Space | 230.71 Gb Free Space | 84.22% Space Free | Partition Type: NTFS Drive D: | 23.39 Gb Total Space | 2.82 Gb Free Space | 12.07% Space Free | Partition Type: NTFS Computer Name: MWPREP07102013 | User Name: Susan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1188590839-2654030184-3022409848-1002\SOFTWARE\Classes\<extension>] .html [@ = TorchHTML.UD6AEBVKRWJMMAYMZM7WNELFN4] -- "C:\Users\Susan\AppData\Local\Torch\Application\torch.exe" -- "%1" ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{11985C4F-FA46-4D09-9015-6A8B6D80371D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{14F7941E-E8CC-423E-A065-1DC7327151CF}" = rport=445 | protocol=6 | dir=out | app=system | "{182F1B69-C495-4A81-8BAE-30242A47C944}" = lport=445 | protocol=6 | dir=in | app=system | "{1CF8E9F1-56CE-4D07-911E-3A8B2D758903}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{22388E38-D4A0-4F3A-A869-3EE9EB30293B}" = lport=139 | protocol=6 | dir=in | app=system | "{42EDAED6-9450-45E0-B122-8AC1C90ECC0C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{46EA4475-969D-4598-B318-F27B3ED6E8BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4FC0A922-C193-449D-A7EE-DF6755D00B3D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5BD7BD99-EDCD-4755-AAEF-AB70F3F31B7C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{6CC371BD-A0C1-43B8-A10D-3C2894D40C3C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7C497268-BCBB-49DB-B076-60F82BDFD0A0}" = lport=138 | protocol=17 | dir=in | app=system | "{86593733-7106-41DA-A3DE-CCDE885BAC7C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8E72A1FE-EF81-4964-A736-3D8FFC02E06D}" = rport=10243 | protocol=6 | dir=out | app=system | "{907B4DB3-CE9C-44E7-9A9C-3AA8FEC4D7A0}" = rport=137 | protocol=17 | dir=out | app=system | "{9D72ED86-C422-420A-A217-7B609B9AB815}" = lport=2869 | protocol=6 | dir=in | app=system | "{9F3CB633-A441-48EC-8BB4-918037335FBC}" = lport=137 | protocol=17 | dir=in | app=system | "{B9A8078B-E49D-4D31-B279-3AA0D7E24E12}" = lport=10243 | protocol=6 | dir=in | app=system | "{BF955460-C66C-4AA1-B05C-0055AB4E9240}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BFE09C25-FF62-40D5-B168-4CA4AF1291E4}" = rport=138 | protocol=17 | dir=out | app=system | "{C0693279-6C36-4640-A49D-72C0BD7DAA64}" = rport=139 | protocol=6 | dir=out | app=system | "{D58582AF-22E5-4C02-B344-27C8199D947D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{E8376E5C-4EE2-4C0D-84C4-5C9AF4AF37D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EE03A89D-2B7B-41C6-BC8C-6763A02A7D80}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02FB65BA-B38E-4BF0-B753-7EA78945D740}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{04C46421-C699-40C4-BFFB-2B631B463359}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{0605B2D6-1A29-4645-823C-E8EEAED6FCC0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{07105629-0986-474D-B349-12AAB57CD965}" = dir=out | name=getting started with windows 8 | "{0758B42B-2DD6-4329-8DF8-FAECA7B668B1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{0CC3B692-06D6-46C8-BB4A-62BA665330E4}" = protocol=1 | dir=in | [email protected],-28543 | "{147ACC80-BE47-4741-A113-3E2A2811DDF4}" = dir=out | [email protected]{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{14D9E642-3BCD-49BC-A67D-6EB2FDF2C7FE}" = dir=out | [email protected]{microsoft.zunemusic_1.5.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{18876433-C9EE-40DA-86C8-CA9991787BF9}" = protocol=6 | dir=in | app=c:\users\susan\appdata\local\ilivid\ilivid.exe | "{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 | "{1DF630E4-095D-4135-BC3B-02DA108E4B65}" = dir=out | [email protected]{microsoft.zunevideo_1.5.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{1E6621FC-2934-4337-AFCC-A5010EE96E00}" = dir=out | name=ebay | "{2CA55DD1-0850-4058-8FBC-2022A52E01A2}" = protocol=6 | dir=in | app=c:\program files (x86)\movies toolbar\datamngr\srtool~1\ie\dtuser.exe | "{355E9DA8-1070-458F-8381-B5E068B3A138}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{365C4E46-04A3-416D-B0E4-D7269EC80E4F}" = dir=out | [email protected]{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{4332C09D-9B7C-41C3-AFF8-A1CBAFD7F56E}" = dir=out | [email protected]{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{4CE9A841-A20E-426B-93EA-6FC2DE0BBD30}" = protocol=58 | dir=out | [email protected],-28546 | "{51EFD743-9A1E-491E-AAA1-34AA224E503A}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{523E0522-1A03-4C16-9FBB-47A0C7D27330}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{53DFF62D-E84F-472F-8B04-6327FD269514}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5E8E505C-52B9-45FF-80ED-2FE07728FB64}" = dir=in | name=ebay | "{6B17F256-0622-45FC-AE3E-E0013BAB3F9F}" = protocol=58 | dir=in | [email protected],-28545 | "{796FAD90-6A17-41ED-B03F-C724A535035F}" = dir=out | [email protected]{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{7A04DBCB-FEF0-4C16-AEBD-D042293CD2AD}" = dir=out | name=kindle | "{7AC604BA-E8BA-4D99-B785-23FD404C0CEC}" = dir=out | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{7BA2FB5C-334F-447D-AEFC-5373AE3C2BA6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{87E93DD5-7952-49AE-8323-C70EEBD10A38}" = dir=out | name=skype | "{8AC873E5-2C76-45B5-BA76-27DF4806D0F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8B2E13E6-FE17-46D0-9409-B645F13EAAD9}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{8BB4A3E3-D19C-43F8-BFF1-270020A3C6FB}" = protocol=1 | dir=out | [email protected],-28544 | "{8D3FF601-8EB2-4B5F-855C-A0B5627B9238}" = dir=in | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{8DB95C2F-12FE-4C98-B130-2A0421C72158}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8E03066A-775C-467F-83C9-1BF1A71A68AA}" = dir=out | name=microsoft mahjong | "{9636DCD2-955A-434B-8139-1B54F148B3FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{99929453-DC3A-4663-9525-810C652C83A0}" = dir=in | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{9D06DFB6-593C-42D7-A0C5-C34DEFF67B1E}" = dir=out | name=netflix | "{A31E6A35-133E-48F5-A217-EF7BC2B187C9}" = dir=in | name=kindle | "{A5E5F4BD-9D6F-40F0-B046-8CEDCAB62EB0}" = dir=out | name=hp+ | "{A7A4E2B8-BCF1-47C3-B4EF-D8B91E96DF24}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A980D8A1-EA05-4EE6-B5EA-F4FB0B4F367D}" = dir=out | [email protected]{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{AA001491-3448-4258-A296-0773929A7FEB}" = dir=in | app=c:\users\susan\appdata\local\torch\plugins\hola\hola_plugin.exe | "{AC784835-1CFC-48F2-A3F8-6DD15942042A}" = dir=out | [email protected]{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{AE772DA2-C506-4A1F-A545-A31251C28564}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AE8624FD-E8F6-4527-A10E-02B653A6847A}" = dir=in | app=c:\users\susan\appdata\local\torch\plugins\hola\hola_plugin_x64.exe | "{B14175E7-D504-406F-8B60-1F54A5CFFAA4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B3A41E1D-956D-4B6E-A0C7-2CEE61BBCD79}" = protocol=17 | dir=in | app=c:\program files (x86)\movies toolbar\datamngr\srtool~1\ie\dtuser.exe | "{BA74AC7D-46FE-40F5-8959-34A0DA446BD0}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{BF7F7AFC-D20C-42DE-9033-347655200DE9}" = protocol=17 | dir=in | app=c:\users\susan\appdata\local\ilivid\ilivid.exe | "{BF9FC51A-CCF7-482C-9BE9-A348B9BB1701}" = dir=out | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{C09723CB-C798-4E83-AB09-7D611C39D026}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CA76D5AC-090D-4C9A-A502-C3DC042628FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CE106D4C-6DF9-4CAF-982C-CED2BF3B3A3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D30AFF4A-7F9B-4896-BB80-9B9BB8853A86}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DB5B1A0C-D5FD-4566-80D6-131AB32F0C48}" = dir=out | name=microsoft solitaire collection | "{DBD2D3F4-ADA2-423B-84F4-DEAC15DECEA1}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{E3C107B4-2787-4E7B-AC42-29E8369271D9}" = dir=in | app=c:\users\susan\appdata\local\torch\application\torch.exe | "{E6C58CB1-EDA8-4566-9806-C804AC525720}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{E7D8A5B3-E31C-4B0E-9E10-4CA26AE1DFE7}" = dir=out | name=iheartradio | "{EB43A59B-958C-43BF-9D95-C0E9DC7D6D54}" = dir=out | [email protected]{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{EC0494C1-63B7-42EB-B64E-845C0C20C5DF}" = dir=out | name=hp connected photo powered by snapfish | "{ED425500-336F-4C96-8F9F-54ACE213C94D}" = dir=out | [email protected]{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{EF2BCB0C-628C-4565-860F-1B29241CE08B}" = dir=out | name=hp registration | "{F2C9151F-2369-4604-97DC-0D0B95CAB63E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F851F89E-9625-4123-8916-A48E500D9A65}" = dir=in | name=skype | "{F8CF21AB-800E-47DA-834F-2B4240FFA3D2}" = dir=out | name=norton studio | "{FAF5E8D9-94C0-4B79-9EEB-35EC8E376536}" = protocol=6 | dir=out | app=system | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{63ADEC24-A374-80A8-E89B-BE401C787F75}" = AMD Catalyst Install Manager "{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A79A9231-0A5A-9384-21D0-DB753C2BE59B}" = AMD Fuel "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service "{E82EC5DF-28FD-C8F4-ED08-B88728158260}" = ccc-utility64 "{E9F0BCD8-6BD5-1ED7-EDA3-9FCF2A478AA1}" = Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) "McAfee Security Scan" = McAfee Security Scan Plus "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0123AB93-E7A4-7F40-83B6-41EC2CF84B3F}" = CCC Help Dutch "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C3B99D2-35D0-6993-3C4B-A759419A8678}" = CCC Help Korean "{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center "{0DCCD5F4-29E7-4AA0-8C1D-F8E1503B91F4}" = Catalyst Control Center - Branding "{1225C0F8-AB1A-BE3A-CD0C-DB8CA1613940}" = CCC Help Greek "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3C41A693-28E1-4335-A738-528B09DB600C}" = CCC Help Thai "{3C458872-A5BB-89F3-933C-2406F6D9E6F8}" = CCC Help Finnish "{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch "{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager "{52A3FC19-6F84-F293-08C6-80A1D2F7477F}" = CCC Help Swedish "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5CD2FE1D-A3DB-F273-2798-EFAACF8492A5}" = CCC Help Portuguese "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A66D912-541C-54C6-43E6-17AF24700B91}" = CCC Help German "{6C8FF546-B0C0-0935-2F5E-7DC2DA727CFD}" = CCC Help Czech "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{734846E6-3E7A-04AC-0612-638A1D8A63F8}" = CCC Help Russian "{747F3993-036E-5F4F-1B82-7DA844B73966}" = Catalyst Control Center Localization All "{793ED091-3F14-4968-3864-5C8A7727A5DA}" = CCC Help Chinese Standard "{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{9285EABA-D88C-4A8A-6E9D-5F55BF03E46F}" = Catalyst Control Center InstallProxy "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93EB60BA-458D-FBE6-E466-CD170080E719}" = CCC Help Polish "{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C0F4CBD-8543-96CC-46F1-75E57B1B22A6}" = Catalyst Control Center Graphics Previews Common "{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom "{9EF69B68-6DFE-F916-2D6E-E486D21A26C2}" = CCC Help Spanish "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92509EA-B526-4869-B8B3-A39E20DBBE7A}_is1" = EasyWorship 2009 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}" = HP Documentation "{B1E7FE70-3B18-5BA2-8032-2547FC636A50}" = CCC Help Japanese "{B424890D-64FC-E0D1-4A17-4B512CA45CD9}" = CCC Help Italian "{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant "{BE64A239-E22E-9D77-AA57-36AE0443EC2F}" = CCC Help Chinese Traditional "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF8C33C1-C978-527D-E0AF-530882DEB146}" = AMD VISION Engine Control Center "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D5DC9541-12F0-59CF-9430-1136D5A58BD0}" = CCC Help Hungarian "{D7FBE7DC-A18F-4DFF-80BB-A478E4E09CF7}" = CCC Help Danish "{DC3C5C4A-1869-A99C-3AE4-55E0191105F0}" = CCC Help Norwegian "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EB2CDF95-92D4-AC57-63B1-4E7F0BD8F9B8}" = CCC Help French "{ECA42F46-D80E-AD40-18FB-4BF64491CEE3}" = CCC Help English "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF282A38-D10B-E302-FBAD-5903C9DD9A5B}" = CCC Help Turkish "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8 "ilividmoviestoolbarhaIE" = Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10 "InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012 "Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NIS" = Norton Internet Security "VideoDownloadConverter_4zbar Uninstall Internet Explorer" = VideoDownloadConverter Internet Explorer Toolbar "WildTangent hp Master Uninstall" = HP Games "WildTangent wildgames Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials "WTA-01851457-3bff-4899-9744-3eefb4f4616a" = Final Drive Fury "WTA-18e5ee17-ef58-43de-a1a4-8c0a1a07978d" = Zuma's Revenge "WTA-212b1a7b-4f17-4604-a8aa-e5bd382792fc" = Mortimer Beckett and the Crimson Thief Premium Edition "WTA-295825ae-4150-45dc-92ee-2404310de8b9" = Governor of Poker 2 Premium Edition "WTA-3141a45e-c8ae-4235-8719-700c73febb4d" = Luxor Evolved "WTA-3798a934-f35b-4733-9c05-8c452efc00ca" = Build-a-lot 4 - Power Source "WTA-3a2190cd-bfdf-4d4d-81a3-36cded4dd416" = 4 Elements II "WTA-444310a7-5ae4-4709-b381-770dbfb7e72e" = Polar Golfer "WTA-5aa60ebc-03a8-4ef3-ade4-25ea925282b8" = Cradle Of Egypt Collector's Edition "WTA-6879b103-4fa1-4d06-82b2-493d5053f4f4" = Chuzzle Deluxe "WTA-6d272bad-7716-481d-9af3-c97a08a72e4e" = FlatOut 2 "WTA-83d9748c-fd52-4cfa-bc58-a778ff472b67" = FATE: The Cursed King "WTA-84237f55-78ca-4e8c-b11a-2964b4fbda03" = Tales of Lagoona "WTA-953416ff-7332-494c-96af-f4ca86e092a1" = Roads of Rome 3 "WTA-99a582cd-7a86-4de5-99e1-f4c0c4f132fd" = Mahjongg Dimensions Deluxe: Tiles in Time "WTA-9e7f5fc3-e2a8-4dd7-8a40-718d2f2bcdf5" = Vacation Questâ„¢ - Australia "WTA-ab11b200-54fa-4530-afd3-abcdb7190e5f" = Mystery P.I. - Curious Case of Counterfeit Cove "WTA-b5825377-38b5-458e-8a6e-927da5df4725" = Hoyle Card Games "WTA-c1eff67a-ac94-4045-a5db-f3a56f456037" = John Deere Drive Green "WTA-c312f532-d003-47b1-9d8a-65f30250b407" = Jewel Match 3 "WTA-d1d9a918-e8fb-4e69-a76a-2e6cb230e0a3" = Peggle Nights "WTA-d7df8d42-f130-4e88-926b-e3bc9616e662" = Cradle of Rome 2 "WTA-e316102c-5e73-40f1-a6e9-e11ab64b21a7" = Bejeweled 3 "WTA-ed09f4aa-9d25-4f6c-8dc4-933017fb2c80" = Polar Bowler "WTA-f2316993-7da7-454f-a5a4-b40474d148d5" = Penguins! "WTA-fd147121-ff31-4350-be02-26b6e512c694" = Farm Frenzy ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10/9/2014 11:53:33 AM | Computer Name = MWPREP07102013 | Source = Application Error | ID = 1000 Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: QtCore4.dll, version: 4.8.4.0, time stamp: 0x51352df8 Exception code: 0xc0000005 Fault offset: 0x0010ebb3 Faulting process id: 0x1018 Faulting application start time: 0x01cfe3d4e8bde6a6 Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\QtCore4.dll Report Id: 6b885ace-4fcc-11e4-bec0-d4c9ef7c16a8 Faulting package full name: Faulting package-relative application ID: < End of report >
  9. OTL logfile created on: 10/9/2014 10:20:56 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Susan\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16863) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.60 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 63.42% Memory free 4.22 Gb Paging File | 2.77 Gb Available in Paging File | 65.64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 273.93 Gb Total Space | 230.71 Gb Free Space | 84.22% Space Free | Partition Type: NTFS Drive D: | 23.39 Gb Total Space | 2.82 Gb Free Space | 12.07% Space Free | Partition Type: NTFS Computer Name: MWPREP07102013 | User Name: Susan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/10/09 10:15:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Susan\Downloads\OTL.com PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe PRC - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe PRC - [2012/07/27 19:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2012/07/09 14:40:02 | 000,580,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2012/07/09 14:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2012/06/07 21:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe PRC - [2012/03/28 19:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe ========== Modules (No Company Name) ========== MOD - [2012/06/08 12:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll MOD - [2012/06/07 21:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll MOD - [2012/05/30 00:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\wincfi39.dll ========== Services (SafeList) ========== SRV:64bit: - [2014/05/22 03:02:59 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2014/01/15 18:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService) SRV:64bit: - [2013/10/25 01:34:55 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013/08/15 23:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2013/06/24 16:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2013/06/01 03:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2013/05/04 00:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013/05/04 00:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2013/04/08 22:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2013/03/01 20:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013/03/01 20:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013/01/09 17:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2012/09/20 00:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012/08/06 13:08:48 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012/08/02 03:06:02 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012/07/25 21:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012/07/25 21:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012/07/25 21:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012/07/25 21:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012/07/25 21:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012/07/25 21:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012/07/25 21:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012/07/25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012/07/25 21:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012/07/25 21:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012/07/25 21:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2014/03/07 18:18:05 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe -- (NIS) SRV - [2012/08/10 18:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2012/07/25 21:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012/07/25 21:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012/07/25 21:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2012/07/25 21:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2012/07/09 14:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014/10/09 10:10:07 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV:64bit: - [2014/05/12 07:26:14 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mwac.sys -- (MBAMWebAccessControl) DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/10/25 01:34:52 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013/10/24 16:34:32 | 000,248,240 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013/10/10 05:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2013/10/05 00:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013/10/01 20:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013/08/15 23:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2013/08/10 00:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013/07/13 20:31:59 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013/07/09 02:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2013/07/01 19:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013/07/01 19:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2013/06/29 00:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013/05/31 21:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013/05/22 23:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1405000.01C\symefa64.sys -- (SymEFA) DRV:64bit: - [2013/05/20 23:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1405000.01C\symds64.sys -- (SymDS) DRV:64bit: - [2013/05/16 20:12:22 | 000,524,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2013/05/15 23:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1405000.01C\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013/04/24 18:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1405000.01C\symnets.sys -- (SymNetS) DRV:64bit: - [2013/04/15 20:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1405000.01C\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2013/03/04 19:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1405000.01C\ironx64.sys -- (SymIRON) DRV:64bit: - [2013/03/04 19:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1405000.01C\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013/03/02 04:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013/03/02 04:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013/01/09 19:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012/11/26 21:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012/11/19 22:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012/11/05 21:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012/10/12 02:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/10/11 01:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012/09/20 01:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012/09/20 01:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012/08/24 03:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2012/08/24 03:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv) DRV:64bit: - [2012/08/03 15:07:30 | 000,020,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver) DRV:64bit: - [2012/08/02 04:54:18 | 010,280,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/08/02 02:09:30 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/07/31 13:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012/07/25 23:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/07/25 23:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012/07/25 23:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012/07/25 23:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012/07/25 23:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012/07/25 23:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012/07/25 23:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012/07/25 23:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012/07/25 23:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012/07/25 23:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012/07/25 23:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012/07/25 23:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012/07/25 23:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012/07/25 23:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012/07/25 23:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012/07/25 23:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012/07/25 23:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012/07/25 22:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012/07/25 22:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012/07/25 21:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012/07/25 20:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012/07/25 20:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012/07/25 20:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012/07/25 20:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012/07/25 20:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012/07/25 20:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012/07/25 20:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012/07/25 20:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012/07/25 20:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012/07/25 20:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012/07/25 20:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012/07/25 20:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012/07/25 20:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012/07/25 20:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/07/25 20:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012/07/25 20:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012/07/25 20:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/07/25 20:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012/07/25 20:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012/07/25 20:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012/07/25 20:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012/07/24 09:44:02 | 003,618,304 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr) DRV:64bit: - [2012/07/23 15:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2012/07/23 15:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2012/07/17 10:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService) DRV:64bit: - [2012/06/25 11:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive) DRV:64bit: - [2012/06/20 15:27:30 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1405000.01C\symelam.sys -- (SymELAM) DRV:64bit: - [2012/06/18 20:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2012/06/13 20:24:00 | 000,266,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR) DRV:64bit: - [2012/06/12 23:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012/06/02 08:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV - [2013/07/10 14:52:04 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130712.001\IDSviA64.sys -- (IDSVia64) DRV - [2013/07/10 11:03:10 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130713.006\ex64.sys -- (NAVEX15) DRV - [2013/07/10 11:03:10 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013/07/10 11:03:10 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013/07/10 11:03:10 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130713.006\eng64.sys -- (NAVENG) DRV - [2013/07/02 04:01:42 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130702.001\BHDrvx64.sys -- (BHDrvx64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1188590839-2654030184-3022409848-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE - HKU\S-1-5-21-1188590839-2654030184-3022409848-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-1188590839-2654030184-3022409848-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ IE - HKU\S-1-5-21-1188590839-2654030184-3022409848-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1188590839-2654030184-3022409848-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1188590839-2654030184-3022409848-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: YoutubeDownloader%40PeterOlayev.com:2.3.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ [2013/07/10 10:41:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2014/10/09 10:12:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/02 13:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susan\AppData\Roaming\Mozilla\Extensions [2014/10/09 09:04:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\extensions [2014/06/19 22:39:51 | 000,076,689 | ---- | M] () (No name found) -- C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\extensions\[email protected] [2014/03/07 18:17:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2014/03/07 18:18:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2012/07/25 23:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [VideoDownloadConverter Home Page Guard 64 bit] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe" File not found O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}: DhcpNameServer = 192.168.200.1 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8A8E7B6-ABE2-483A-8179-30EB537F185D}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: x64 - (c:\program files (x86)\movies toolbar\datamngr\x64\apcrtldr.dll) - File not found O36 - AppCertDlls: x86 - (c:\program files (x86)\movies toolbar\datamngr\apcrtldr.dll) - File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/10/09 09:23:09 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014/10/09 09:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2014/10/09 09:21:58 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014/10/09 09:21:58 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014/10/09 09:21:58 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014/10/09 09:21:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2014/10/09 09:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014/10/09 09:21:26 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Local\Programs [2014/10/09 08:55:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014/10/09 08:42:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/10/09 08:21:05 | 000,000,000 | ---D | C] -- C:\zoek_backup ========== Files - Modified Within 30 Days ========== [2014/10/09 10:14:03 | 000,941,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/10/09 10:14:03 | 000,783,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/10/09 10:14:03 | 000,158,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/10/09 10:11:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/10/09 10:10:07 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014/10/09 10:09:18 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2014/10/09 10:09:17 | 3088,900,096 | -HS- | M] () -- C:\hiberfil.sys [2014/10/09 09:22:05 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/10/02 19:44:16 | 000,305,931 | ---- | M] () -- C:\Users\Susan\Documents\10-5-14.ews [2014/09/25 20:08:11 | 000,304,210 | ---- | M] () -- C:\Users\Susan\Documents\9-28-14.ews [2014/09/21 10:59:59 | 001,261,265 | ---- | M] () -- C:\Users\Susan\Documents\9-21-14.ews [2014/09/17 18:44:29 | 000,003,584 | ---- | M] () -- C:\Users\Susan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/09/14 11:04:48 | 000,174,839 | ---- | M] () -- C:\Users\Susan\Documents\9-14-14.ews ========== Files Created - No Company Name ========== [2014/10/09 09:22:05 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/10/01 22:16:42 | 000,305,931 | ---- | C] () -- C:\Users\Susan\Documents\10-5-14.ews [2014/09/24 22:18:09 | 000,304,210 | ---- | C] () -- C:\Users\Susan\Documents\9-28-14.ews [2014/09/18 09:37:24 | 001,261,265 | ---- | C] () -- C:\Users\Susan\Documents\9-21-14.ews [2014/09/17 18:44:28 | 000,003,584 | ---- | C] () -- C:\Users\Susan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/09/10 21:03:30 | 000,174,839 | ---- | C] () -- C:\Users\Susan\Documents\9-14-14.ews [2013/09/19 10:47:34 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013/07/13 17:06:33 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL ========== ZeroAccess Check ========== [2012/08/17 12:05:29 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014/05/22 03:03:38 | 019,759,104 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014/05/22 03:03:45 | 017,562,112 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/07/13 17:05:15 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\Softouch [2013/07/10 10:40:08 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\Synaptics [2013/12/20 12:25:31 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\TFP [2013/08/30 08:59:39 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\WebApp [2013/12/29 11:01:04 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\WildTangent ========== Purity Check ========== < End of report >
  10. # AdwCleaner v3.311 - Report created 09/10/2014 at 10:06:24 # Updated 30/09/2014 by Xplode # Operating System : Windows 8 (64 bits) # Username : Susan - MWPREP07102013 # Running from : C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMWT6YZ8\adwcleaner_3.311 (1).exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : DatamngrCoordinator Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A91196222 ***** [ Files / Folders ] ***** [#] Folder Deleted : C:\ProgramData\BitGuard [#] Folder Deleted : C:\ProgramData\Browser Manager [#] Folder Deleted : C:\ProgramData\BrowserProtect [!] Folder Deleted : C:\ProgramData\DataMngr [!] Folder Deleted : C:\Program Files (x86)\Movies Toolbar Folder Deleted : C:\Program Files (x86)\VideoDownloadConverter Folder Deleted : C:\Program Files (x86)\VideoDownloadConverter_4z Folder Deleted : C:\Users\Susan\AppData\Local\iLivid Folder Deleted : C:\Users\Susan\AppData\Local\torch Folder Deleted : C:\Users\Susan\AppData\LocalLow\DataMngr Folder Deleted : C:\Users\Susan\AppData\LocalLow\ilividmoviestoolbarha Folder Deleted : C:\Users\Susan\AppData\Roaming\FirefoxToolbar Folder Deleted : C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch Folder Deleted : C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\ilividmoviestoolbarha File Deleted : C:\Users\Public\Desktop\eBay.lnk File Deleted : C:\Users\Susan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk File Deleted : C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk File Deleted : C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Key Deleted : HKCU\Software\Classes\iLivid.torrent Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid] Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter EPM Support] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter_4z Browser Plugin Loader 64] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin Key Deleted : HKLM\SOFTWARE\MozillaPlugins\TorchVLC Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64] Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3719959C-1CCD-4FA7-8EBB-7D9DED86FCCB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84B7B98F-E018-4DBB-AB4C-4DDD3DFCB5FB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8A4E8BCB-5598-4CAF-9DEC-4D452760E28D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A86782D8-7B41-452F-A217-1854F72DBA54} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF48DBA6-5DD8-4D10-9EB0-0FA968502E66} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{37923200-6887-4B44-95D4-CAE8F83ECFEE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{385F1935-3784-48D0-A61F-6385493DED3C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A4E8BCB-5598-4CAF-9DEC-4D452760E28D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3D86A75B-CB6B-4764-885D-CA6336F04BA2}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93A3111F-4F74-4ED8-895E-D9708497629E}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{C547C6C2-561B-4169-A2A5-20BA771CA93B} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKCU\Software\APN DTX Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\torch Key Deleted : HKCU\Software\VideoDownloadConverter_4z Key Deleted : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z Key Deleted : HKLM\SOFTWARE\DataMngr Key Deleted : HKLM\SOFTWARE\torch Key Deleted : HKLM\SOFTWARE\VideoDownloadConverter Key Deleted : HKLM\SOFTWARE\VideoDownloadConverter_4z Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall Firefox Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Mozilla Firefox v27.0.1 (en-US) [ File : C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\prefs.js ] ************************* AdwCleaner[R0].txt - [22912 octets] - [09/10/2014 08:43:20] AdwCleaner[R1].txt - [13501 octets] - [09/10/2014 10:04:38] AdwCleaner[s0].txt - [12792 octets] - [09/10/2014 10:06:24] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [12853 octets] ##########
  11. can you use those log files with the lines crossed through? It hasn't done that previously when I have posted logs
  12. Malwarebytes Anti-Malware www.malwarebytes.org Protection, 10/9/2014 9:23:11 AM, SYSTEM, MWPREP07102013, Protection, Malware Protection, Starting, Protection, 10/9/2014 9:23:11 AM, SYSTEM, MWPREP07102013, Protection, Malware Protection, Started, Protection, 10/9/2014 9:23:12 AM, SYSTEM, MWPREP07102013, Protection, Malicious Website Protection, Starting, Protection, 10/9/2014 9:23:12 AM, SYSTEM, MWPREP07102013, Protection, Malicious Website Protection, Started, Update, 10/9/2014 9:23:15 AM, SYSTEM, MWPREP07102013, Manual, Rootkit Database, 2014.2.20.1, 2014.10.8.1, Update, 10/9/2014 9:23:21 AM, SYSTEM, MWPREP07102013, Manual, Malware Database, 2014.3.4.9, 2014.10.9.6, Protection, 10/9/2014 9:23:22 AM, SYSTEM, MWPREP07102013, Protection, Refresh, Starting, Protection, 10/9/2014 9:23:22 AM, SYSTEM, MWPREP07102013, Protection, Malicious Website Protection, Stopping, Protection, 10/9/2014 9:23:22 AM, SYSTEM, MWPREP07102013, Protection, Malicious Website Protection, Stopped, Protection, 10/9/2014 9:23:35 AM, SYSTEM, MWPREP07102013, Protection, Refresh, Success, Protection, 10/9/2014 9:23:35 AM, SYSTEM, MWPREP07102013, Protection, Malicious Website Protection, Starting, Protection, 10/9/2014 9:23:36 AM, SYSTEM, MWPREP07102013, Protection, Malicious Website Protection, Started, Detection, 10/9/2014 9:51:16 AM, SYSTEM, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MoviesToolbar.A, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Quarantine, [9d0dbd55b8c42c0a359bae3736ccc63a] Detection, 10/9/2014 9:51:16 AM, SYSTEM, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MoviesToolbar.A, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Quarantine, [eebc25edb6c6b086ae2236af13efa65a] Protection, 10/9/2014 9:51:16 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Error, 10/9/2014 9:51:16 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Detection, 10/9/2014 9:53:30 AM, SYSTEM, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MoviesToolbar.A, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Quarantine, [9d0dbd55b8c42c0a359bae3736ccc63a] Detection, 10/9/2014 9:53:30 AM, SYSTEM, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MoviesToolbar.A, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Quarantine, [eebc25edb6c6b086ae2236af13efa65a] Protection, 10/9/2014 9:53:31 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Error, 10/9/2014 9:53:31 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Protection, 10/9/2014 9:53:31 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Error, 10/9/2014 9:53:31 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Detection, 10/9/2014 9:55:02 AM, SYSTEM, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MindSpark.A, C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8RES.DLL, Quarantine, [6d3d64ae3e3ea690bf28826a659d9868] Detection, 10/9/2014 9:55:37 AM, Susan, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MoviesToolbar.A, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll, Quarantine, [d4d647cb720aad89eee29f46da28ce32] Protection, 10/9/2014 9:55:37 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll, Error, 10/9/2014 9:55:37 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll, Detection, 10/9/2014 9:55:38 AM, SYSTEM, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MoviesToolbar.A, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Quarantine, [9d0dbd55b8c42c0a359bae3736ccc63a] Detection, 10/9/2014 9:55:38 AM, Susan, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MoviesToolbar.A, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Quarantine, [eebc25edb6c6b086ae2236af13efa65a] Protection, 10/9/2014 9:55:38 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Error, 10/9/2014 9:55:38 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Protection, 10/9/2014 9:55:38 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Error, 10/9/2014 9:55:38 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Detection, 10/9/2014 9:58:37 AM, Susan, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MoviesToolbar.A, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Quarantine, [9d0dbd55b8c42c0a359bae3736ccc63a] Detection, 10/9/2014 9:58:38 AM, SYSTEM, MWPREP07102013, Protection, Malware Protection, File, PUP.Optional.MoviesToolbar.A, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Quarantine, [eebc25edb6c6b086ae2236af13efa65a] Protection, 10/9/2014 9:58:38 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Error, 10/9/2014 9:58:38 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, Protection, 10/9/2014 9:58:38 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, Error, 10/9/2014 9:58:38 AM, SYSTEM, MWPREP07102013, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, (end)
  13. Don't know why there is a line through all the text of the above log?
  14. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.2 (10.09.2014:1) OS: Windows 8 x64 Ran by Susan on Thu 10/09/2014 at 8:55:49.94 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Failed to stop: [service] datamngrcoordinator Successfully stopped: [service] torchcrashhandler Successfully deleted: [service] torchcrashhandler Successfully stopped: [service] videodownloadconverter_4zservice Successfully deleted: [service] videodownloadconverter_4zservice ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter_4z Browser Plugin Loader Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter Search Scope Monitor Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1188590839-2654030184-3022409848-1002\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.FeedManager Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.FeedManager.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.HTMLMenu Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.HTMLMenu.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.HTMLPanel Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.HTMLPanel.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.MultipleButton Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.MultipleButton.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.PseudoTransparentPlugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.PseudoTransparentPlugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.Radio Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.Radio.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.RadioSettings Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.RadioSettings.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.ScriptButton Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.ScriptButton.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.SettingsPlugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.SettingsPlugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.ThirdPartyInstaller Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.ThirdPartyInstaller.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.ToolbarProtector Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\VideoDownloadConverter_4z.ToolbarProtector.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} ~~~ Files ~~~ Folders Failed to delete: [Folder] "C:\ProgramData\datamngr" Successfully deleted: [Folder] "C:\ProgramData\torchcrashhandler" Successfully deleted: [Folder] "C:\ProgramData\wincert" Failed to delete: [Folder] "C:\Users\Susan\appdata\local\ilivid" Failed to delete: [Folder] "C:\Users\Susan\appdata\local\torch" Successfully deleted: [Folder] "C:\Users\Susan\appdata\local\videodownloadconverter_4z" Successfully deleted: [Folder] "C:\Users\Susan\appdata\locallow\datamngr" Successfully deleted: [Folder] "C:\Users\Susan\appdata\locallow\iac" Successfully deleted: [Folder] "C:\Users\Susan\appdata\locallow\videodownloadconverter_4z" Successfully deleted: [Folder] "C:\Users\Susan\appdata\locallow\videodownloadconverter_4zei" Failed to delete: [Folder] "C:\Program Files (x86)\movies toolbar" Failed to delete: [Folder] "C:\Program Files (x86)\videodownloadconverter_4z" ~~~ FireFox Successfully deleted: [File] C:\Users\Susan\AppData\Roaming\mozilla\firefox\profiles\k126fbi3.default\searchplugins\ask.xml Successfully deleted: [Folder] C:\Users\Susan\AppData\Roaming\mozilla\firefox\profiles\k126fbi3.default\extensions\[email protected]_4z.com Successfully deleted the following from C:\Users\Susan\AppData\Roaming\mozilla\firefox\profiles\k126fbi3.default\prefs.js user_pref("browser.search.order.1", "Ask.com"); user_pref("browser.search.selectedEngine", "Ask.com"); user_pref("browser.search.defaultenginename", "Ask.com"); ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 10/09/2014 at 9:06:15.72 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  15. # AdwCleaner v3.311 - Report created 09/10/2014 at 08:43:20 # Updated 30/09/2014 by Xplode # Operating System : Windows 8 (64 bits) # Username : Susan - MWPREP07102013 # Running from : C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMWT6YZ8\adwcleaner_3.311.exe # Option : Scan ***** [ Services ] ***** Service Found : DatamngrCoordinator Service Found : F06DEFF2-5B9C-490D-910F-35D3A91196222 Service Found : torchcrashhandler Service Found : VideoDownloadConverter_4zService ***** [ Files / Folders ] ***** File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml File Found : C:\Users\Public\Desktop\eBay.lnk File Found : C:\Users\Susan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk File Found : C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk File Found : C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk File Found : C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\searchplugins\Ask.xml File Found : C:\Users\Susan\Desktop\Facebook.lnk File Found : C:\Users\Susan\Desktop\Youtube.lnk Folder Found : C:\Program Files (x86)\Movies Toolbar Folder Found : C:\Program Files (x86)\VideoDownloadConverter Folder Found : C:\Program Files (x86)\VideoDownloadConverter_4z Folder Found : C:\ProgramData\BitGuard Folder Found : C:\ProgramData\Browser Manager Folder Found : C:\ProgramData\BrowserProtect Folder Found : C:\ProgramData\DataMngr Folder Found : C:\ProgramData\torchcrashhandler Folder Found : C:\ProgramData\wincert Folder Found : C:\Users\Susan\AppData\Local\iLivid Folder Found : C:\Users\Susan\AppData\Local\torch Folder Found : C:\Users\Susan\AppData\Local\VideoDownloadConverter_4z Folder Found : C:\Users\Susan\AppData\LocalLow\DataMngr Folder Found : C:\Users\Susan\AppData\LocalLow\iac Folder Found : C:\Users\Susan\AppData\LocalLow\ilividmoviestoolbarha Folder Found : C:\Users\Susan\AppData\LocalLow\VideoDownloadConverter_4z Folder Found : C:\Users\Susan\AppData\Roaming\FirefoxToolbar Folder Found : C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch Folder Found : C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\Extensions\[email protected]_4z.com Folder Found : C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\ilividmoviestoolbarha ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\APN DTX Key Found : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z Key Found : HKCU\Software\Classes\iLivid.torrent Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\ilivid Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3D86A75B-CB6B-4764-885D-CA6336F04BA2} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3D86A75B-CB6B-4764-885D-CA6336F04BA2} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A4E8BCB-5598-4CAF-9DEC-4D452760E28D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch Key Found : HKCU\Software\torch Key Found : HKCU\Software\VideoDownloadConverter_4z Key Found : [x64] HKCU\Software\APN DTX Key Found : [x64] HKCU\Software\DataMngr Key Found : [x64] HKCU\Software\ilivid Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : [x64] HKCU\Software\torch Key Found : [x64] HKCU\Software\VideoDownloadConverter_4z Key Found : HKLM\SOFTWARE\Classes\Applications\Torch.exe Key Found : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3719959C-1CCD-4FA7-8EBB-7D9DED86FCCB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3D86A75B-CB6B-4764-885D-CA6336F04BA2} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} Key Found : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83} Key Found : HKLM\SOFTWARE\Classes\CLSID\{84B7B98F-E018-4DBB-AB4C-4DDD3DFCB5FB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8A4E8BCB-5598-4CAF-9DEC-4D452760E28D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A86782D8-7B41-452F-A217-1854F72DBA54} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C547C6C2-561B-4169-A2A5-20BA771CA93B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FF48DBA6-5DD8-4D10-9EB0-0FA968502E66} Key Found : HKLM\SOFTWARE\Classes\iLivid.torrent Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631} Key Found : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Key Found : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60} Key Found : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7} Key Found : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C} Key Found : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC} Key Found : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} Key Found : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B} Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{37923200-6887-4B44-95D4-CAE8F83ECFEE} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{385F1935-3784-48D0-A61F-6385493DED3C} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8} Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller.1 Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector Key Found : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1 Key Found : HKLM\SOFTWARE\DataMngr Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D86A75B-CB6B-4764-885D-CA6336F04BA2} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3D86A75B-CB6B-4764-885D-CA6336F04BA2} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall Firefox Key Found : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin Key Found : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin Key Found : HKLM\SOFTWARE\MozillaPlugins\TorchVLC Key Found : HKLM\SOFTWARE\torch Key Found : HKLM\SOFTWARE\VideoDownloadConverter Key Found : HKLM\SOFTWARE\VideoDownloadConverter_4z Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{C547C6C2-561B-4169-A2A5-20BA771CA93B} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93A3111F-4F74-4ED8-895E-D9708497629E}] Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3D86A75B-CB6B-4764-885D-CA6336F04BA2}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter EPM Support] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter Search Scope Monitor] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter_4z Browser Plugin Loader 64] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter_4z Browser Plugin Loader 64] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter_4z Browser Plugin Loader] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter_4z Browser Plugin Loader] Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64] Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86] Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64] Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86] ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Mozilla Firefox v27.0.1 (en-US) [ File : C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\k126fbi3.default\prefs.js ] Line Found : user_pref("browser.search.order.1", "Ask.com"); Line Found : user_pref("browser.search.selectedEngine", "Ask.com"); Line Found : user_pref("browser.search.defaultenginename", "Ask.com"); ************************* AdwCleaner[R0].txt - [22682 octets] - [09/10/2014 08:43:20] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [22743 octets] ##########
  16. Hi Flashh4, it's Lou K here again! I am now on the lap top of our church, and it hasn't ever had any virus protection on it, and it's doing annoying things on boot up.... probably needs a clean up! Can you help me AGAIN?!!!!!!
  17. HI Chuck, yes we already have the option changed to "never sleep" as this was a problem that we had previously. The internet is running real quick now thank you! We will clean up regularly from now on. I am over at mother in laws tomorrow at some point, so I will begin once again on their clean up! Thank you so much, I appreciate what you do
  18. is this how Amazon know how to send things to my email that "I may like" because of what I bought previously, or how my FB page shows me adverts according to my buying habits? It's probably all very concerning and as you say, we really have no idea of who knows what about us. How do you actively avoid PUPS? My computer start up did the same thing this morning...it commenced then kind of went to a sleep mode and I had to forcibly shut it down. When I re-attempted, it started up just fine. Could be the computer I think.
  19. You have been a huge help, and have great knowledge! I will definitely promote you wherever I can
  20. HI Chuck, it seems to be great! Was there anything to suggest a problem with the start up program? If it continues to have problems now that it is clean, maybe the computer itself is the problem? I have to get back over to mothers computer... please don't deactivate the post in the forum, I will try and get over there in the next few days! Thank you so much again! I am sorry we had such problems with posting, I have no idea why. DO you get that problem with other people?
  21. not sure I can see how to "run as administrator" option .... I think I might have goofed up as I clicked run scan and now it's going through again and I cant stop it
  22. I have in boxed you on this site with the clean up log
  23. that java 7 update 67 is the only one listed in my programs
  24. do you mean uninstall spybot search and destroy?