Sponsored By

Winland

Members
  • Content Count

    12
  • Joined

  • Last visited

Everything posted by Winland

  1. Winland

    Need Help

    Having a lot of pop up issues. Running slow.
  2. Winland

    Need Help

    No more pop ups. Still runs a little bit slow but again the annoying pop ups are gone. A big thank you to you.
  3. Winland

    Need Help

    # DelFix v1.010 - Logfile created 29/06/2015 at 23:07:57 # Updated 26/04/2015 by Xplode # Username : winland - WINLAND-PC # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) ~ Removing disinfection tools ... Deleted : C:\_OTL Deleted : C:\AdwCleaner Deleted : C:\RegBackup Deleted : C:\Users\winland\Desktop\dds.txt Deleted : C:\Users\winland\Desktop\JRT.txt Deleted : C:\Users\winland\Downloads\Extras.Txt Deleted : C:\Users\winland\Downloads\OTL.Txt Deleted : HKLM\SOFTWARE\OldTimer Tools Deleted : HKLM\SOFTWARE\AdwCleaner ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #388 [Windows Update | 01/11/2015 17:24:36] Deleted : RP #390 [Windows Defender Checkpoint | 01/11/2015 17:36:34] Deleted : RP #391 [Windows Update | 01/16/2015 23:40:32] Deleted : RP #392 [Windows Update | 01/25/2015 20:53:27] Deleted : RP #393 [Windows Update | 01/30/2015 23:14:06] Deleted : RP #394 [Windows Update | 02/06/2015 02:43:34] Deleted : RP #396 [Windows Defender Checkpoint | 02/06/2015 03:06:22] Deleted : RP #397 [Windows Update | 03/10/2015 00:51:00] Deleted : RP #398 [Windows Update | 03/10/2015 09:01:22] Deleted : RP #399 [Windows Update | 03/15/2015 16:42:21] Deleted : RP #400 [Windows Update | 03/17/2015 09:00:47] Deleted : RP #401 [Windows Update | 03/19/2015 09:00:31] Deleted : RP #402 [Windows Update | 03/29/2015 21:25:30] Deleted : RP #403 [Windows Update | 05/01/2015 09:00:46] Deleted : RP #404 [Windows Update | 05/10/2015 02:27:07] Deleted : RP #405 [Windows Update | 05/11/2015 01:38:10] Deleted : RP #406 [Windows Update | 05/13/2015 09:01:43] Deleted : RP #407 [Windows Update | 05/16/2015 17:13:19] Deleted : RP #408 [Windows Update | 06/07/2015 05:50:02] Deleted : RP #409 [Windows Update | 06/07/2015 09:00:24] Deleted : RP #410 [Windows Update | 06/30/2015 00:39:09] Deleted : RP #411 [OTL Restore Point - 6/29/2015 10:41:02 PM | 06/30/2015 04:41:05] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  4. Winland

    Need Help

    All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-21-756214247-1336522751-3168458980-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-756214247-1336522751-3168458980-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\www.exent.com/GameTreatWidget\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@doubletwist.com/NPPodcast\ deleted successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_metadata folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_TW folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_CN folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\vi folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\uk folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\tr folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\th folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sv folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sr folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sl folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sk folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ru folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ro folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_PT folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_BR folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pl folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\no folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\nl folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ms folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lv folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lt folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ko folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ja folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\it folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\id folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hu folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hr folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hi folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\he folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fr folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fil folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fi folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\eu folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\et folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es_419 folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_US folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_GB folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\el folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\de folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\da folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\cs folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ca folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\bg folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ar folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0 folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\zh-Hant folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\zh folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\vi folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\tr folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\sv folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\sr-Latn folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\sr-Cyrl folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\sr folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\ru folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\ro folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\pt-BR folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\pt folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\pl folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\nl folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\nb folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\lv folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\lt folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\ko folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\kk folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\ja folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\it folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\id folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\hu folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\fr folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\fi folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\fa folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\et folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\es-MX folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\es folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\en folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\el folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\de folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\da folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\cs folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\bg folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\ar folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\plugin folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\images folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\content_scripts folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\background folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1 folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednfpjleaanokkjcgljbmamhlbkddcgh\12768.4517.4046_0 folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag\1.0.1.450_0\_metadata folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag\1.0.1.450_0\_locales\en folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag\1.0.1.450_0\_locales folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag\1.0.1.450_0 folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\_locales\en folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\_locales folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\plugin folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\images folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\content_scripts folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\browser_action folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\background folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1 folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_metadata folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\zh_TW folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\zh_CN folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\vi folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\uk folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\tr folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\th folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sv folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sr folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sl folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sk folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ru folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ro folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pt_PT folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pt_BR folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pl folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\nl folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\nb folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\lv folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\lt folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ko folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ja folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\it folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\id folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hu folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hr folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hi folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fr folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fil folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fi folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\et folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\es_419 folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\es folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\en_GB folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\en folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\el folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\de folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\da folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\cs folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ca folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\bg folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\html folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\css folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0 folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1\_locales\en folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1\_locales folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1\plugin folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1\images folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1\background folder moved successfully. C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1 folder moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender deleted successfully. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender deleted successfully. Registry value HKEY_USERS\S-1-5-21-756214247-1336522751-3168458980-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BBQLeadsApplication deleted successfully. Registry value HKEY_USERS\S-1-5-21-756214247-1336522751-3168458980-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON NX420 Series deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk moved successfully. File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk scheduled to be moved on reboot. C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson Other Registration.lnk moved successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully. File Protocol\Handler\grooveLocalGWS - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully. File Protocol\Handler\livecall - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. File Protocol\Handler\msnim - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully. File Protocol\Handler\wlmailhtml - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. File Protocol\Handler\wlpg - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. ADS C:\ProgramData\Temp:9D6EAEC3 deleted successfully. ADS C:\ProgramData\Temp:98CD9221 deleted successfully. ADS C:\ProgramData\Temp:5F1019FF deleted successfully. ADS C:\ProgramData\Temp:E5496666 deleted successfully. ADS C:\ProgramData\Temp:FBFC061F deleted successfully. ADS C:\ProgramData\Temp:1663E41B deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Public User: winland ->Java cache emptied: 1441054 bytes Total Java Files Cleaned = 1.00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: winland ->Flash cache emptied: 3351734 bytes Total Flash Files Cleaned = 3.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: winland ->Temp folder emptied: 63414963 bytes ->Temporary Internet Files folder emptied: 727035617 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 14158654 bytes ->Apple Safari cache emptied: 32422912 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 127447889 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42321243 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 960.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 06292015_223900 Files\Folders moved on Reboot... File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found! C:\Users\winland\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Users\winland\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot. C:\Windows\temp\fb_132.lck moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  5. Winland

    Need Help

    Results of screen317's Security Check version 1.004 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Kaspersky Anti-Virus Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 60 Java version 32-bit out of Date! Adobe Flash Player 11.6.602.171 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome (43.0.2357.130) Google Chrome (43.0.2357.81) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Kaspersky Lab Kaspersky Anti-Virus 2012 avp.exe Malwarebytes Anti-Malware mbamscheduler.exe iolo Common Lib ioloServiceManager.exe iolo System Mechanic LiveBoost.exe iolo System Mechanic iologovernor64.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 8% ````````````````````End of Log``````````````````````
  6. Winland

    Need Help

    OTL Extras logfile created on: 6/29/2015 9:43:35 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\winland\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17801) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.97 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 49.33% Memory free 5.93 Gb Paging File | 3.66 Gb Available in Paging File | 61.67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450.04 Gb Total Space | 333.56 Gb Free Space | 74.12% Space Free | Partition Type: NTFS Drive D: | 2.19 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: WINLAND-PC | User Name: winland | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{15F77064-A8C8-41C7-A39C-644586896249}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{1A63A3D9-5C6F-4CBB-AAD4-1B4234791989}" = rport=137 | protocol=17 | dir=out | app=system | "{3814EA2C-727C-40DA-8AC3-948BD90808BE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{3E825AFD-F0ED-42A1-B7F2-B3F2B2F5A903}" = lport=138 | protocol=17 | dir=in | app=system | "{40107E6B-183A-4F25-B08F-DE82CD799605}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{420FA269-4BF0-488C-8B9F-249CC7EE150C}" = rport=138 | protocol=17 | dir=out | app=system | "{4A944DF8-1F9B-48DB-9DAE-0576424EA527}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{58E26DF1-345C-4B5C-BF82-2DBB888581A8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{5E78C295-CD3F-4956-BFE7-3A16548441CD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{5EDFB865-DF4B-44AD-A748-02C5213188ED}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{6316E4BA-1EEB-4A5E-A1BA-DFE51D9890CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{63841B59-898D-4B27-B82E-1591B13C1DBC}" = rport=10243 | protocol=6 | dir=out | app=system | "{70034F3D-DAFC-4486-BEC0-0C122E17B3D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{754C1CA7-9735-46BA-92C1-11B119FC0E54}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{7EAE286B-C1E5-4309-8F44-2751D1AF3A77}" = lport=139 | protocol=6 | dir=in | app=system | "{8B334D28-6D04-4E04-965A-F031496F3FEA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9C301049-8E76-43E6-87E9-7F791D989CB9}" = rport=445 | protocol=6 | dir=out | app=system | "{A8C6F9A9-DF48-4C68-98CC-482640BBDB74}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AE04CBDF-1E7F-4BDC-9B7E-6DDD880A96A8}" = lport=445 | protocol=6 | dir=in | app=system | "{B21B6C43-0123-4F0F-A595-7C44288532A7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B42F43A1-95EF-43D5-96AF-2D9F0E08ED07}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C3F28A11-63D0-41CA-BD42-176C0D0FC1E2}" = lport=137 | protocol=17 | dir=in | app=system | "{C6CF57BE-9249-42BE-9196-721060A49C22}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E2F424D9-4A4C-4F98-AC17-DC1A7921574C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E4916E69-00B8-449C-BFD6-0E918693CA97}" = lport=10243 | protocol=6 | dir=in | app=system | "{E764230C-07F9-4CF0-8BB8-1FF6EBB497AC}" = rport=139 | protocol=6 | dir=out | app=system | "{FB2493D8-B27D-4749-8305-58E65ACCCEBC}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02854A9F-EEF3-4393-A63B-2591D53E10A2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{0303AE19-BCF3-42B1-A8DB-A300A8184C15}" = dir=in | app=c:\programdata\zoomify2\1.1.0.27\cozhost.exe | "{19D6DA09-83F6-4400-A71A-38684852C31B}" = protocol=6 | dir=in | app=c:\programdata\zoomify2\1.1.0.27\cozhost.exe | "{44778854-557A-4FA9-AAD0-0199C3756167}" = dir=in | app=c:\program files (x86)\gateway\gateway touchportal\touch movie\touchmovieservice.exe | "{456E7F89-8AF0-4338-BAEB-BD5B3513123B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4729C31B-A139-403D-8260-EACDD3DA9429}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4C90D59B-CAB7-4813-B3B4-103E6D741CEB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{4DFDB0F0-6659-4F81-B992-8DFE8A16D347}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4F555B3F-961A-43B7-B30C-CE837481109F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5146B551-9B76-483F-AB0B-3E80D8D7279B}" = protocol=6 | dir=out | app=system | "{54FEC050-56A5-4D8B-967C-D9F725FBCF16}" = protocol=1 | dir=out | [email protected],-28544 | "{56F6894F-688E-4B55-ACE9-EE0FC3581E5A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{58D9C7B9-3FDE-4E43-AF07-6C1622636F4A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{58E51611-68A5-4DA0-9034-B520972A0451}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{5C5EC641-36F8-4E2B-8453-3539A691E536}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "{5E8617F8-26D4-488D-862F-8D9D63332FE8}" = protocol=58 | dir=out | [email protected],-28546 | "{640FA995-8962-4C60-A3E9-59F6CB5D9D00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6749E32B-E41D-4A8D-8194-E81076142DF2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{6AFCF9C6-05B9-48E0-933D-5A9EF442D2CA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{71DF4223-92E6-4011-B7B6-BC1183B40BAC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{77293018-D62A-4D00-BB75-0078EA20812A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{7B65D486-1A39-4E8E-BFAD-94662A5E3012}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{813D4CE7-9A7B-4A53-B1D2-67E8E257C5AA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{827024F5-9A20-45AD-B0E6-24A595CE71D5}" = protocol=58 | dir=in | [email protected],-28545 | "{89EAF96B-9097-48A6-B634-C5C259CCD705}" = dir=in | app=c:\program files (x86)\gateway\gateway touchportal\touch movie\touchmovie.exe | "{8E604430-6FF2-4C8B-963C-390BF071D7FB}" = dir=in | app=c:\program files (x86)\gateway\gateway touchportal\touch mvp\touchphoto.exe | "{9B154749-9441-46E0-A182-2F35EC832E0C}" = protocol=17 | dir=in | app=c:\programdata\zoomify2\1.1.0.27\cozhost.exe | "{9E75B3CA-98EC-4CBA-8B80-C880D813737D}" = protocol=1 | dir=in | [email protected],-28543 | "{A4622239-6738-4B48-9DB5-D410316F3064}" = protocol=17 | dir=in | app=c:\programdata\zoomify2\1.1.0.27\cozhost.exe | "{B193A3BB-4FD6-4737-8559-185E021ACC14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B4420BD6-56F5-424B-8C2F-112A819D0769}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BA912183-3012-4193-A11D-6893C8570846}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{BB8BFD11-30DA-4B1B-BF84-1EC99729C2D0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BD90CAA9-D469-49C9-99AF-2C30E0CF5173}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C0C2B864-DAB0-4277-9CA4-52E0C75CC5F1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C12FC2E3-67DF-46C8-9670-F2379A271081}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "{C5EEC0C9-D156-4497-B7AE-9A002E178928}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{CB744BA4-AE35-4D4E-9FE5-18EE3884287C}" = dir=in | app=c:\program files (x86)\gateway\gateway touchportal\touch mvp\touchvideo.exe | "{CEB02D72-9FAE-441D-B165-35FAA87D7689}" = protocol=6 | dir=in | app=c:\programdata\zoomify2\1.1.0.27\cozhost.exe | "{CFEA05B1-FA13-4DFF-A49B-ADD06D270C2F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{DDBD8C51-A74A-4328-93D8-E113EE65057B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DDFFD265-407A-4E11-B684-415BB17AB9C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E0DA024F-CB73-48D4-A6E0-53818C104057}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E503EBEF-AA89-4361-AF47-C22CBAAC105F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E5C9AC8B-6125-4C60-8C56-44C2FDDD5E85}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EAB4154B-52E1-4DC9-B298-C3A25418A3B4}" = dir=in | app=c:\program files (x86)\gateway\gateway touchportal\touch mvp\touchmusic.exe | "{F4ABE971-2492-470B-9683-9C06954B47E0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{01D6C2CE-986E-47F3-9716-109E9C3F148F}C:\users\winland\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\winland\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "TCP Query User{9F0DC80D-6038-48EA-9CAA-EA0BB01B7416}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{AF4973D6-0070-446A-8FB1-16BEA846C78A}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{B1D9331C-EFC5-49AE-A189-6D516D28A0EA}C:\users\winland\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\winland\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}" = iTunes "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4E7CCB76-687B-4C53-9A5E-08780AF3A551}" = Motorola Mobile Drivers Installation 5.9.0 "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Virtual Earth 3D (Beta) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app "EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall "Inspiration 9 PDF Driver_is1" = Inspiration 9 PDF Driver (novaPDF 7.0 printer) "McAfee Security Scan" = McAfee Security Scan Plus [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = TouchCam "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{14C52FEF-0236-4D8C-BBE2-E6D7C4F2926D}" = Cooliris for Internet Explorer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Touch MVP "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 60 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005 "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2 "{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7 "{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012 "{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{75880CD4-9436-4EDD-B7E7-400EBFD60B2C}" = TouchSettings "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{81DE15C9-5390-4533-81DF-2DC936C1A40C}" = Motorola Device Software Update "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CA345D8-38CF-4450-A98D-934309465C81}" = CoachYouths On-Demand 2011 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{97BE901A-9940-4ACF-9921-A6FAA284AC03}" = THX TruStudio Pro "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Touch Movie "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C652F86F-348A-4A65-8BE8-A3F7A6370D98}" = Gateway TouchPortal "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{e1f93164-faf7-4d1d-98d8-038b45485714}" = Nero 9 Essentials "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E6B43401-E818-4961-AFED-118DD8E87642}" = RAF "{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "18 Wheels of Steel: American Long Haul" = 18 Wheels of Steel: American Long Haul "7-zip" = 7-zip v9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "bbqleads" = BBQLeads "BFGC" = Big Fish Games: Game Manager "BFG-Hells Kitchen" = Hell's Kitchen "BlitzMediaPlayer" = Blitz Media Player "Bus Driver" = Bus Driver 1.0 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Scanner" = EPSON Scan "exent_466550" = The Treasures of Montezuma "exent_586350" = 7 Wonders II "exent_706250" = Roads of Rome "exent_708650" = Unlikely Suspects "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "FinePix Genie_is1" = FUJIFILM MyFinePix Studio 2.0 "Gateway InfoCentre" = Gateway InfoCentre "Gateway Registration" = Gateway Registration "Gateway Screensaver" = Gateway ScreenSaver "Gateway Welcome Center" = Welcome Center "Google Chrome" = Google Chrome "Hotkey Utility" = Hotkey Utility "Identity Card" = Identity Card "Inspiration 9" = Inspiration 9 "InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012 "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.8.1057 "SelectRebatesUninstall" = ShopAtHome.com Toolbar "WildTangent gateway Master Uninstall" = Gateway Games "WildTangent wildgames Master Uninstall" = WildTangent Games "WildTangentGameProvider-gateway-main" = Game Channels "WildTangentGameProvider-gateway-touch" = Game Channels "WinLiveSuite" = Windows Live Essentials "WT088049" = Agatha Christie - Death on the Nile "WT088062" = Bejeweled 2 Deluxe "WT088067" = Build-a-lot 2 "WT088074" = Chuzzle Deluxe "WT088080" = Diner Dash 2 Restaurant Rescue "WT088115" = Jewel Quest Solitaire 2 "WT088135" = Plants vs. Zombies "WT088375" = Blackhawk Striker 2 "WT088395" = Dora's Carnival Adventure "WT088415" = FATE "WT088447" = John Deere Drive Green "WT088451" = Penguins! "WT088455" = Polar Bowler "WT088459" = Polar Golfer "WT088507" = Virtual Villagers 4 - The Tree of Life "WT088546" = Zuma's Revenge "WT088651" = 18 Wheels of Steel - American Long Haul "WT088655" = Jewel Quest - Heritage "WTA-b10866a3-d59d-435e-ba52-7cf2325c7a63" = Word Up "WTA-b6f4a261-2599-48fa-b9c3-707bbeac3905" = Eighteen Wheels of Steel: Extreme Trucker 2 "WTA-dce4fd47-f111-43f9-ba54-99dd199c57a5" = 18 Wheels of Steel Extreme Trucker ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "48e4cff94f039634" = Best Buy pc app "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/1/2013 4:34:42 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3120 Error - 12/1/2013 4:34:42 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3120 Error - 12/1/2013 4:34:43 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12/1/2013 4:34:43 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4118 Error - 12/1/2013 4:34:43 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4118 Error - 12/1/2013 4:34:44 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12/1/2013 4:34:44 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5117 Error - 12/1/2013 4:34:44 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5117 Error - 12/1/2013 4:34:45 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12/1/2013 4:34:45 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6115 [ Media Center Events ] Error - 5/21/2012 8:34:38 AM | Computer Name = winland-PC | Source = MCUpdate | ID = 0 Description = 6:34:37 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/21/2012 8:58:29 PM | Computer Name = winland-PC | Source = MCUpdate | ID = 0 Description = 6:56:49 PM - Failed to retrieve NetTV (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 5/21/2012 9:01:32 PM | Computer Name = winland-PC | Source = MCUpdate | ID = 0 Description = 6:59:52 PM - Failed to retrieve MCESpotlight (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 5/21/2012 9:04:30 PM | Computer Name = winland-PC | Source = MCUpdate | ID = 0 Description = 7:03:14 PM - Failed to retrieve MCEClientUX (Error: Invalid security token.) Error - 5/21/2012 9:04:33 PM | Computer Name = winland-PC | Source = MCUpdate | ID = 0 Description = 7:04:33 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/21/2012 10:05:53 PM | Computer Name = winland-PC | Source = MCUpdate | ID = 0 Description = 8:05:52 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/22/2012 9:00:15 AM | Computer Name = winland-PC | Source = MCUpdate | ID = 0 Description = 7:00:11 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/22/2012 8:17:11 PM | Computer Name = winland-PC | Source = MCUpdate | ID = 0 Description = 6:17:11 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/23/2012 8:46:16 AM | Computer Name = winland-PC | Source = MCUpdate | ID = 0 Description = 6:46:16 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 6/7/2012 8:36:37 AM | Computer Name = winland-PC | Source = MCUpdate | ID = 0 Description = 6:36:37 AM - Error connecting to the internet. 6:36:37 AM - Unable to contact server.. [ OSession Events ] Error - 11/5/2011 2:30:11 PM | Computer Name = winland-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3298 seconds with 240 seconds of active time. This session ended with a crash. Error - 11/13/2011 12:20:14 PM | Computer Name = winland-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18 seconds with 0 seconds of active time. This session ended with a crash. Error - 11/13/2011 12:20:56 PM | Computer Name = winland-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34 seconds with 0 seconds of active time. This session ended with a crash. Error - 11/13/2011 1:26:57 PM | Computer Name = winland-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4636 seconds with 2760 seconds of active time. This session ended with a crash. Error - 12/23/2011 5:31:17 PM | Computer Name = winland-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7889 seconds with 1500 seconds of active time. This session ended with a crash. Error - 5/12/2012 7:03:22 PM | Computer Name = winland-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32190 seconds with 480 seconds of active time. This session ended with a crash. Error - 9/28/2013 9:45:07 PM | Computer Name = winland-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 537141 seconds with 7980 seconds of active time. This session ended with a crash. Error - 5/5/2014 10:51:30 PM | Computer Name = winland-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2256 seconds with 840 seconds of active time. This session ended with a crash. [ System Events ] Error - 2/21/2013 1:30:57 PM | Computer Name = winland-PC | Source = Service Control Manager | ID = 7034 Description = The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s). Error - 2/26/2013 11:16:47 PM | Computer Name = winland-PC | Source = Service Control Manager | ID = 7030 Description = The Hotspot Shield Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 2/26/2013 11:16:49 PM | Computer Name = winland-PC | Source = Service Control Manager | ID = 7034 Description = The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 2 time(s). Error - 2/26/2013 11:18:52 PM | Computer Name = winland-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: KLIM6 Error - 2/27/2013 6:19:38 AM | Computer Name = winland-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: KLIM6 Error - 3/10/2013 10:32:01 PM | Computer Name = winland-PC | Source = Service Control Manager | ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 3/10/2013 10:32:16 PM | Computer Name = winland-PC | Source = Service Control Manager | ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 3/10/2013 10:33:16 PM | Computer Name = winland-PC | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: %%1056 Error - 3/14/2013 5:21:50 AM | Computer Name = winland-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 3:20:18 AM on ?3/?14/?2013 was unexpected. Error - 3/14/2013 5:22:12 AM | Computer Name = winland-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: KLIM6 < End of report >
  7. Winland

    Need Help

    OTL logfile created on: 6/29/2015 9:43:35 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\winland\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17801) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.97 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 49.33% Memory free 5.93 Gb Paging File | 3.66 Gb Available in Paging File | 61.67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450.04 Gb Total Space | 333.56 Gb Free Space | 74.12% Space Free | Partition Type: NTFS Drive D: | 2.19 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: WINLAND-PC | User Name: winland | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015/06/29 21:40:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\winland\Downloads\OTL-1.com PRC - [2015/06/18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2015/06/18 08:39:46 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2015/06/18 08:39:34 | 006,554,424 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe PRC - [2014/07/13 14:04:06 | 005,386,320 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe PRC - [2014/07/13 13:35:34 | 004,700,872 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe PRC - [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe PRC - [2012/05/30 20:06:40 | 000,014,224 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe PRC - [2011/08/24 17:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe PRC - [2010/12/03 00:00:42 | 000,618,600 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe PRC - [2010/11/30 11:11:00 | 000,438,376 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe PRC - [2010/11/12 16:21:30 | 000,155,752 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe PRC - [2010/09/27 15:49:38 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe PRC - [2010/08/06 14:57:50 | 001,370,624 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe PRC - [2009/12/09 03:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe ========== Modules (No Company Name) ========== MOD - [2015/05/13 03:52:58 | 001,669,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5911ca2046a5590ccd2af3eb029f572b\Microsoft.VisualBasic.ni.dll MOD - [2015/05/13 03:46:35 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c02c8e7414b69eab34c019a9ab3ec85f\PresentationFramework.ni.dll MOD - [2015/05/13 03:46:22 | 012,438,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f6ef958493f4280fb56201ddf37a546b\System.Windows.Forms.ni.dll MOD - [2015/05/13 03:46:16 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b0a82d399e3786dd19b06e094cdb7d9e\System.Drawing.ni.dll MOD - [2015/05/13 03:46:12 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\6b1d0aa3de627ea4a2c51e993c20adce\System.Configuration.ni.dll MOD - [2015/05/13 03:46:05 | 012,254,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\fe7835eea5e5436f9eba9b5410081b50\PresentationCore.ni.dll MOD - [2015/05/13 03:45:54 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\be3938e3f098b367f389fe9d95908c19\WindowsBase.ni.dll MOD - [2015/05/05 08:06:10 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2a251c78b1ae72c36cc6c3e6131efcff\System.Runtime.Remoting.ni.dll MOD - [2014/10/26 03:34:48 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7a042b46130d9b9c7498bf10af0cb036\System.Xml.ni.dll MOD - [2014/10/26 03:34:27 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ea649d6e9b7c95482ec8f75ba544ae5a\System.ni.dll MOD - [2014/10/11 14:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2014/09/20 03:37:42 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/03/22 11:40:50 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll MOD - [2012/03/22 11:40:28 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll MOD - [2010/12/03 00:00:42 | 000,618,600 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe MOD - [2010/12/02 21:44:54 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll MOD - [2010/08/13 13:00:24 | 000,014,368 | ---- | M] () -- C:\Program Files (x86)\Gateway\Gateway TouchPortal\LanguageDll\TouchPortalLauncher-en.dll ========== Services (SafeList) ========== SRV:64bit: - [2015/04/27 13:23:32 | 001,254,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:64bit: - [2015/04/21 10:35:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2013/09/06 11:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService) SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service) SRV:64bit: - [2009/09/13 23:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) SRV:64bit: - [2009/09/13 23:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) SRV - [2015/06/18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2015/06/18 08:39:46 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2014/07/13 13:35:34 | 004,700,872 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService) SRV - [2014/06/07 09:43:54 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014/06/05 16:10:46 | 000,203,344 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2014/04/24 15:04:16 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService) SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012/10/23 16:58:52 | 000,120,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager) SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service) SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP) SRV - [2010/01/15 16:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService) SRV - [2009/12/09 03:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) ========== Driver Services (SafeList) ========== DRV:64bit: - [2015/06/29 21:36:24 | 000,113,880 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV:64bit: - [2015/06/18 08:41:56 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) DRV:64bit: - [2015/06/18 08:41:40 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2014/08/16 00:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2014/07/13 13:33:58 | 000,032,912 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\rawdsk3.sys -- (RawDisk3) DRV:64bit: - [2014/04/30 10:03:26 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter) DRV:64bit: - [2014/04/30 10:03:24 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk) DRV:64bit: - [2013/01/04 21:48:36 | 000,042,328 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/08/01 12:13:40 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2012/06/11 12:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp) DRV:64bit: - [2012/06/08 17:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet) DRV:64bit: - [2012/06/08 17:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService) DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/25 15:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl) DRV:64bit: - [2011/11/08 14:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice) DRV:64bit: - [2011/04/20 15:50:08 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011/03/04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011/03/04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/02/06 01:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2009/12/09 03:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/11/17 17:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009/11/02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 14:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/01/29 19:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW IE - HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-756214247-1336522751-3168458980-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-756214247-1336522751-3168458980-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-756214247-1336522751-3168458980-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/11/08 06:52:26 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/11/08 06:52:26 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: File not found FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/02/21 18:52:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/02/21 18:52:34 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\ CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\ CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednfpjleaanokkjcgljbmamhlbkddcgh\12768.4517.4046_0\ CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag\1.0.1.450_0\ CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\ CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\ CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1\ O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe (Acer Corp.) O4:64bit: - HKLM..\Run: [TouchPortalV3Launcher] C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe (Acer Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Gateway\Gateway TouchPortal\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [TouchMovieService] C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [TouchPortalV3Launcher] C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe (Acer Corp.) O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKU\.DEFAULT..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found O4 - HKU\S-1-5-18..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found O4 - HKU\S-1-5-19..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-756214247-1336522751-3168458980-1001..\Run: [bBQLeadsApplication] C:\Program Files (x86)\bbqleads\BBQLeadsApplication.exe File not found O4 - HKU\S-1-5-21-756214247-1336522751-3168458980-1001..\Run: [EPSON NX420 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_S1E1A.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = File not found O4 - Startup: C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson Other Registration.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E11211E-856F-467E-A8F2-277339C76536}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\bbqleads.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\bbqleadsapplication.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\bbqleadsservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\bbqquotes.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\ContentExplorer.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\donutleads.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\donutquotes.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\internetenhancer.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\internetenhancerservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\pastaleads.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\pastaquotes.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\theanswerfinder.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\wajaminternetenhancer.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\WajamInternetEnhancerApp.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\WajamInternetEnhancerAppservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:64bit: - HKLM IFEO\wajaminternetenhancerservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\bbqleads.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\bbqleadsapplication.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\bbqleadsservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\bbqquotes.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\ContentExplorer.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\donutleads.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\donutquotes.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\internetenhancer.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\internetenhancerservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\pastaleads.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\pastaquotes.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\theanswerfinder.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\wajaminternetenhancer.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\WajamInternetEnhancerApp.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\WajamInternetEnhancerAppservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\wajaminternetenhancerservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{ebc117e7-637a-11e2-b2aa-f80f410db1c0}\Shell - "" = AutoRun O33 - MountPoints2\{ebc117e7-637a-11e2-b2aa-f80f410db1c0}\Shell\AutoRun\command - "" = F:\MotorolaDeviceManagerSetup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015/06/29 20:37:55 | 000,113,880 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2015/06/29 20:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2015/06/29 20:37:28 | 000,109,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2015/06/29 20:37:28 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2015/06/29 20:37:28 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2015/06/29 20:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2015/06/29 20:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2015/06/29 20:22:09 | 000,000,000 | ---D | C] -- C:\RegBackup [2015/06/29 20:09:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2011/06/10 13:20:56 | 000,525,856 | ---- | C] (Catalina Marketing Corp. ) -- C:\Users\winland\CouponActivator.exe [2011/06/09 15:48:03 | 081,614,632 | ---- | C] (Apple Inc.) -- C:\Users\winland\iTunes64Setup.exe [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2015/06/29 21:38:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015/06/29 21:36:24 | 000,113,880 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2015/06/29 21:17:31 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2015/06/29 21:17:31 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2015/06/29 21:09:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015/06/29 21:08:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015/06/29 21:08:27 | 2388,529,152 | -HS- | M] () -- C:\hiberfil.sys [2015/06/29 20:37:50 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2015/06/29 20:22:13 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-WINLAND-PC-Windows-7-Home-Premium-(64-bit).dat [2015/06/29 19:59:01 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\029B560A371F4E00AB32838EBC01B9E7 [2015/06/29 19:56:49 | 000,000,188 | ---- | M] () -- C:\Users\winland\AppData\Roaming\WB.CFG [2015/06/29 19:44:50 | 000,002,304 | ---- | M] () -- C:\Users\winland\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2015/06/29 18:54:27 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2015/06/18 08:41:56 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2015/06/18 08:41:44 | 000,109,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2015/06/18 08:41:40 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2015/06/29 20:37:50 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2015/06/29 20:22:13 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-WINLAND-PC-Windows-7-Home-Premium-(64-bit).dat [2014/07/12 09:40:42 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat [2014/02/15 08:29:36 | 000,000,083 | ---- | C] () -- C:\ProgramData\SAH_Install.ini [2013/12/18 17:02:44 | 000,000,188 | ---- | C] () -- C:\Users\winland\AppData\Roaming\WB.CFG [2012/04/28 08:38:08 | 000,017,408 | ---- | C] () -- C:\Users\winland\AppData\Local\WebpageIcons.db [2012/02/05 12:17:35 | 000,003,584 | ---- | C] () -- C:\Users\winland\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015/02/12 23:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015/02/12 23:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/04/01 12:07:36 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\.minecraft [2012/03/03 08:00:45 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Big Fish Games [2011/06/10 13:21:33 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Catalina Marketing Corp [2011/08/21 10:20:41 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\EPSON [2011/07/06 18:24:06 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Inspiration Software [2014/08/24 10:33:02 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\iolo [2014/07/12 10:14:14 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\ioloGovernor [2011/03/27 17:23:47 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Leadertech [2012/02/26 12:09:11 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Ludia [2013/02/10 18:15:44 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Motorola [2013/02/10 18:17:18 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Motorola Mobility [2011/03/27 16:35:58 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\OEM [2012/02/26 21:07:57 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Packard Bell [2011/03/27 16:39:51 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\PowerCinema [2011/07/06 18:23:49 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Softland [2012/05/26 18:16:24 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Super-Cow [2012/04/09 15:21:33 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\tabagames [2014/12/07 20:34:44 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\TouchGadget [2011/04/22 22:08:55 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\TouchPortalV3 [2012/05/21 16:21:17 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\WildTangent ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012/02/19 17:32:07 | 000,000,244 | ---- | M] ()(C:\Users\winland\Desktop\1003i.pdf?(661KB)?.url) -- C:\Users\winland\Desktop\1003i.pdf‎(661KB)‎.url [2012/02/19 17:32:07 | 000,000,244 | ---- | C] ()(C:\Users\winland\Desktop\1003i.pdf?(661KB)?.url) -- C:\Users\winland\Desktop\1003i.pdf‎(661KB)‎.url ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9D6EAEC3 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:98CD9221 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5F1019FF @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:E5496666 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:FBFC061F @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:1663E41B < End of report >
  8. Winland

    Need Help

    . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 3/27/2011 4:34:00 PM System Uptime: 6/29/2015 9:08:17 PM (0 hours ago) . Motherboard: Gateway | | ZX4931 Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz | CPU 1 | 1185/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 450 GiB total, 333.554 GiB free. D: is CDROM (UDF) E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: X5XSEx_Pr143 Device ID: ROOT\LEGACY_X5XSEX_PR143\0000 Manufacturer: Name: X5XSEx_Pr143 PNP Device ID: ROOT\LEGACY_X5XSEX_PR143\0000 Service: X5XSEx_Pr143 . Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: Microsoft PS/2 Mouse Device ID: ACPI\PNP0F03\4&15F6138A&0 Manufacturer: Microsoft Name: Microsoft PS/2 Mouse PNP Device ID: ACPI\PNP0F03\4&15F6138A&0 Service: i8042prt . ==== System Restore Points =================== . RP387: 12/30/2014 3:54:47 PM - Windows Update RP388: 1/11/2015 10:24:36 AM - Windows Update RP390: 1/11/2015 10:36:34 AM - Windows Defender Checkpoint RP391: 1/16/2015 4:40:32 PM - Windows Update RP392: 1/25/2015 1:53:27 PM - Windows Update RP393: 1/30/2015 4:14:06 PM - Windows Update RP394: 2/5/2015 7:43:34 PM - Windows Update RP396: 2/5/2015 8:06:22 PM - Windows Defender Checkpoint RP397: 3/9/2015 5:51:00 PM - Windows Update RP398: 3/10/2015 2:01:22 AM - Windows Update RP399: 3/15/2015 10:42:21 AM - Windows Update RP400: 3/17/2015 3:00:47 AM - Windows Update RP401: 3/19/2015 3:00:31 AM - Windows Update RP402: 3/29/2015 3:25:30 PM - Windows Update RP403: 5/1/2015 3:00:46 AM - Windows Update RP404: 5/9/2015 8:27:07 PM - Windows Update RP405: 5/10/2015 7:38:10 PM - Windows Update RP406: 5/13/2015 3:01:43 AM - Windows Update RP407: 5/16/2015 11:13:19 AM - Windows Update RP408: 6/6/2015 11:50:02 PM - Windows Update RP409: 6/7/2015 3:00:24 AM - Windows Update RP410: 6/29/2015 6:39:09 PM - Windows Update . ==== Image File Execution Options ============= . IFEO: bbqleads.exe - TaskList.exe IFEO: bbqleadsapplication.exe - TaskList.exe IFEO: bbqleadsservice.exe - TaskList.exe IFEO: bbqquotes.exe - TaskList.exe IFEO: ContentExplorer.exe - TaskList.exe IFEO: donutleads.exe - TaskList.exe IFEO: donutquotes.exe - TaskList.exe IFEO: internetenhancer.exe - TaskList.exe IFEO: internetenhancerservice.exe - TaskList.exe IFEO: pastaleads.exe - TaskList.exe IFEO: pastaquotes.exe - TaskList.exe IFEO: theanswerfinder.exe - TaskList.exe IFEO: wajaminternetenhancer.exe - TaskList.exe IFEO: WajamInternetEnhancerApp.exe - TaskList.exe IFEO: WajamInternetEnhancerAppservice.exe - TaskList.exe IFEO: wajaminternetenhancerservice.exe - TaskList.exe x64-IFEO: bbqleads.exe - TaskList.exe x64-IFEO: bbqleadsapplication.exe - TaskList.exe x64-IFEO: bbqleadsservice.exe - TaskList.exe x64-IFEO: bbqquotes.exe - TaskList.exe x64-IFEO: ContentExplorer.exe - TaskList.exe x64-IFEO: donutleads.exe - TaskList.exe x64-IFEO: donutquotes.exe - TaskList.exe x64-IFEO: internetenhancer.exe - TaskList.exe x64-IFEO: internetenhancerservice.exe - TaskList.exe x64-IFEO: pastaleads.exe - TaskList.exe x64-IFEO: pastaquotes.exe - TaskList.exe x64-IFEO: theanswerfinder.exe - TaskList.exe x64-IFEO: wajaminternetenhancer.exe - TaskList.exe x64-IFEO: WajamInternetEnhancerApp.exe - TaskList.exe x64-IFEO: WajamInternetEnhancerAppservice.exe - TaskList.exe x64-IFEO: wajaminternetenhancerservice.exe - TaskList.exe . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 18 Wheels of Steel - American Long Haul 18 Wheels of Steel Extreme Trucker 18 Wheels of Steel: American Long Haul 7-zip v9.20 7 Wonders II Acrobat.com Adobe AIR Adobe Flash Player 11 Plugin Adobe Flash Player 13 ActiveX Adobe Reader 9.5.5 MUI Advertising Center Agatha Christie - Death on the Nile Apple Application Support Apple Mobile Device Support Apple Software Update BBQLeads Bejeweled 2 Deluxe Best Buy pc app Big Fish Games: Game Manager Blackhawk Striker 2 Blitz Media Player Bonjour Build-a-lot 2 Bus Driver 1.0 Chuzzle Deluxe CoachYouths On-Demand 2011 Cooliris for Internet Explorer D3DX10 Diner Dash 2 Restaurant Rescue Dora's Carnival Adventure Eighteen Wheels of Steel: Extreme Trucker 2 Epson CreativeZone Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) Epson Event Manager EPSON NX420 Series Printer Uninstall EPSON Scan FATE ffdshow [rev 2527] [2008-12-19] FUJIFILM MyFinePix Studio 2.0 Game Channels Gateway Games Gateway InfoCentre Gateway Recovery Management Gateway Registration Gateway ScreenSaver Gateway TouchPortal Google Chrome Google Toolbar for Internet Explorer Google Update Helper Hell's Kitchen Hotkey Utility Identity Card ImagXpress Inspiration 9 Inspiration 9 PDF Driver (novaPDF 7.0 printer) Intel® Control Center Intel® Graphics Media Accelerator Driver iolo technologies' System Mechanic iTunes Java 7 Update 60 Java Auto Updater Jewel Quest - Heritage Jewel Quest Solitaire 2 John Deere Drive Green Junk Mail filter update Kaspersky Anti-Virus 2012 Malwarebytes Anti-Malware version 2.1.8.1057 McAfee Security Scan Plus MediaShow Espresso Mesh Runtime Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Touch Pack for Windows 7 Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft XNA Framework Redistributable 3.0 Motorola Device Manager Motorola Device Software Update Motorola Mobile Drivers Installation 5.9.0 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) Nero 9 Essentials Nero ControlCenter Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml Octoshape add-in for Adobe Flash Player Penguins! Plants vs. Zombies PMB Polar Bowler Polar Golfer QuickTime 7 RAF Realtek High Definition Audio Driver Roads of Rome Safari Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft .NET Framework 4.5.1 (KB3023224) Security Update for Microsoft .NET Framework 4.5.1 (KB3035490) Security Update for Microsoft .NET Framework 4.5.1 (KB3037581) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2883029) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2965282) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956106) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2965210) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2956103) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2899580) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2965284) 32-Bit Edition ShopAtHome.com Toolbar The Treasures of Montezuma THX TruStudio Pro Touch Movie Touch MVP TouchCam TouchSettings Unlikely Suspects Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2920794) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2986252) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update Installer for WildTangent Games App Virtual Earth 3D (Beta) Virtual Villagers 4 - The Tree of Life Welcome Center WildTangent Games WildTangent Games App Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Word Up Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 6/29/2015 9:08:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KLIM6 6/29/2015 9:08:56 PM, Error: Service Control Manager [7000] - The X5XSEx_Pr143 service failed to start due to the following error: The system cannot find the path specified. 6/29/2015 8:23:45 PM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/29/2015 8:23:44 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 6/29/2015 8:23:44 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 6/29/2015 8:23:40 PM, Error: Service Control Manager [7034] - The USBS3S4Detection service terminated unexpectedly. It has done this 1 time(s). 6/29/2015 8:23:40 PM, Error: Service Control Manager [7034] - The Updater Service service terminated unexpectedly. It has done this 1 time(s). 6/29/2015 8:23:40 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 6/29/2015 8:23:39 PM, Error: Service Control Manager [7034] - The PMBDeviceInfoProvider service terminated unexpectedly. It has done this 1 time(s). 6/29/2015 8:23:39 PM, Error: Service Control Manager [7034] - The iolo System Service service terminated unexpectedly. It has done this 1 time(s). 6/29/2015 8:23:39 PM, Error: Service Control Manager [7034] - The GREGService service terminated unexpectedly. It has done this 1 time(s). 6/29/2015 8:23:39 PM, Error: Service Control Manager [7031] - The PST Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service. 6/29/2015 8:23:38 PM, Error: Service Control Manager [7034] - The EPSON V5 Service4(04) service terminated unexpectedly. It has done this 1 time(s). 6/29/2015 8:23:38 PM, Error: Service Control Manager [7034] - The EPSON V3 Service4(04) service terminated unexpectedly. It has done this 1 time(s). 6/29/2015 8:23:38 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). 6/29/2015 8:23:37 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/29/2015 8:12:41 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 6/29/2015 8:12:41 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 6/29/2015 8:12:41 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 6/29/2015 8:12:41 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/29/2015 8:12:41 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/29/2015 8:12:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. 6/29/2015 8:11:39 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 6/29/2015 8:11:38 PM, Error: Service Control Manager [7034] - The vToolbarUpdater18.5.0 service terminated unexpectedly. It has done this 1 time(s). 6/29/2015 8:11:38 PM, Error: Service Control Manager [7034] - The VO Service component service terminated unexpectedly. It has done this 1 time(s). 6/29/2015 8:11:37 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/29/2015 7:03:46 PM, Error: Schannel [36887] - The following fatal alert was received: 40. . ==== End Of File ===========================
  9. Winland

    Need Help

    DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17801 BrowserJavaVersion: 10.60.2 Run by winland at 21:26:50 on 2015-06-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.1688 [GMT -6:00] . AV: Kaspersky Anti-Virus *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k utcsvc C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\OEM\USBDECTION\USBS3S4Detection.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskeng.exe C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Safari\Safari.exe C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE C:\Windows\servicing\TrustedInstaller.exe C:\Windows\splwow64.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW mWinlogon: Userinit = userinit.exe, uRun: [EPSON NX420 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_S1E1A.tmp" /EF "HKCU" uRun: [bBQLeadsApplication] C:\Program Files (x86)\bbqleads\BBQLeadsApplication.exe mRun: [TouchPortalV3Launcher] C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe na mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [MDS_Menu] "C:\Program Files (x86)\Gateway\Gateway TouchPortal\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Gateway\Gateway TouchPortal\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" mRun: [TouchMovieService] "C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe" mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup StartupFolder: C:\Users\winland\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONO~1.LNK - D:\Common\EpsonReg\EpsonReg.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - TCP: NameServer = 192.168.2.1 TCP: Interfaces\{3E11211E-856F-467E-A8F2-277339C76536} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{3E11211E-856F-467E-A8F2-277339C76536}\C696E6B6379737 : DHCPNameServer = 192.168.32.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome IFEO: bbqleads.exe - TaskList.exe IFEO: bbqleadsapplication.exe - TaskList.exe IFEO: bbqleadsservice.exe - TaskList.exe IFEO: bbqquotes.exe - TaskList.exe IFEO: ContentExplorer.exe - TaskList.exe x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [TouchPortalV3Launcher] C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe na x64-Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64 x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-Notify: klogon - C:\Windows\System32\klogon.dll x64-SSODL: WebCheck - <orphaned> x64-IFEO: bbqleads.exe - TaskList.exe x64-IFEO: bbqleadsapplication.exe - TaskList.exe x64-IFEO: bbqleadsservice.exe - TaskList.exe x64-IFEO: bbqquotes.exe - TaskList.exe x64-IFEO: ContentExplorer.exe - TaskList.exe . Note: multiple IFEO entries found. Please refer to Attach.txt . ============= SERVICES / DRIVERS =============== . R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2014-7-12 30752] R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864] R1 RawDisk3;RawDisk3;C:\Windows\System32\drivers\rawdsk3.sys [2014-8-24 32912] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -r [?] R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136] R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-3-27 166400] R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-3-27 128512] R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584] R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2014-8-24 4700872] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-6-29 1871160] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-6-29 1133880] R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2014-7-12 82160] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-8-24 430136] R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-2-10 65657] R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-11-8 243232] R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2010-11-8 76320] R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-6-29 25816] R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-6-29 113880] R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-6-29 63704] R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2007-10-10 32344] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-8 690208] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 29488] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144] S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-4-24 227904] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-5-13 114688] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776] S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016] S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728] S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136] S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776] S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-4 42328] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-16 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-28 1255736] S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344] S4 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2015-06-30 02:37:55 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-06-30 02:37:28 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2015-06-30 02:37:28 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2015-06-30 02:37:28 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-06-30 02:37:28 -------- d-----w- C:\ProgramData\Malwarebytes 2015-06-30 02:37:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-06-30 02:22:09 -------- d-----w- C:\RegBackup 2015-06-30 02:09:55 -------- d-----w- C:\AdwCleaner 2015-06-30 00:41:23 12221144 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{95EC2466-DD64-466E-9E87-630295CEA447}\mpengine.dll . ==================== Find3M ==================== . 2015-05-05 01:29:39 342016 ----a-w- C:\Windows\System32\schannel.dll 2015-05-05 01:12:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll 2015-05-01 13:17:03 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll 2015-05-01 13:16:41 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2015-04-27 19:28:36 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-04-27 19:28:35 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-04-27 19:28:35 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-04-27 19:26:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll 2015-04-27 19:22:57 47104 ----a-w- C:\Windows\System32\typeperf.exe 2015-04-27 19:22:57 404992 ----a-w- C:\Windows\System32\tracerpt.exe 2015-04-27 19:22:53 112640 ----a-w- C:\Windows\System32\smss.exe 2015-04-27 19:22:47 296960 ----a-w- C:\Windows\System32\rstrui.exe 2015-04-27 19:22:46 43008 ----a-w- C:\Windows\System32\relog.exe 2015-04-27 19:22:35 31232 ----a-w- C:\Windows\System32\lsass.exe 2015-04-27 19:22:34 104448 ----a-w- C:\Windows\System32\logman.exe 2015-04-27 19:22:26 19456 ----a-w- C:\Windows\System32\diskperf.exe 2015-04-27 19:22:08 338432 ----a-w- C:\Windows\System32\conhost.exe 2015-04-27 19:21:37 64000 ----a-w- C:\Windows\System32\auditpol.exe 2015-04-27 19:18:37 60416 ----a-w- C:\Windows\System32\msobjs.dll 2015-04-27 19:18:25 146432 ----a-w- C:\Windows\System32\msaudite.dll 2015-04-27 19:11:55 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2015-04-27 19:11:54 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2015-04-27 19:08:02 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll 2015-04-27 19:05:40 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll 2015-04-27 19:05:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll 2015-04-27 19:05:34 635392 ----a-w- C:\Windows\SysWow64\tdh.dll 2015-04-27 19:05:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll 2015-04-27 19:05:29 92160 ----a-w- C:\Windows\SysWow64\sechost.dll 2015-04-27 19:05:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2015-04-27 19:05:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2015-04-27 19:05:17 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2015-04-27 19:05:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll 2015-04-27 19:04:45 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll 2015-04-27 19:04:37 17408 ----a-w- C:\Windows\SysWow64\credssp.dll 2015-04-27 19:04:33 641536 ----a-w- C:\Windows\SysWow64\advapi32.dll 2015-04-27 19:04:33 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2015-04-27 19:04:24 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe 2015-04-27 19:04:24 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe 2015-04-27 19:04:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2015-04-27 19:04:12 37888 ----a-w- C:\Windows\SysWow64\relog.exe 2015-04-27 19:04:04 82944 ----a-w- C:\Windows\SysWow64\logman.exe 2015-04-27 19:03:58 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe 2015-04-27 19:03:52 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe 2015-04-27 19:03:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2015-04-27 19:03:36 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2015-04-27 19:03:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2015-04-27 19:01:33 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll 2015-04-27 19:01:22 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll 2015-04-27 18:06:48 36864 ----a-w- C:\Windows\System32\UtcResources.dll 2015-04-27 17:57:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2015-04-27 17:57:31 2048 ----a-w- C:\Windows\SysWow64\user.exe 2015-04-27 17:55:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2015-04-27 17:55:03 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-27 17:55:03 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2015-04-27 17:55:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2015-04-21 17:08:08 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2015-04-21 17:07:54 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2015-04-21 16:51:08 66560 ----a-w- C:\Windows\System32\iesetup.dll 2015-04-21 16:50:14 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2015-04-21 16:50:12 584192 ----a-w- C:\Windows\System32\vbscript.dll 2015-04-21 16:50:03 417792 ----a-w- C:\Windows\System32\html.iec 2015-04-21 16:48:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll 2015-04-21 16:35:51 144384 ----a-w- C:\Windows\System32\ieUnatt.exe 2015-04-21 16:35:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe 2015-04-21 16:34:59 814080 ----a-w- C:\Windows\System32\jscript9diag.dll 2015-04-21 16:31:56 6025728 ----a-w- C:\Windows\System32\jscript9.dll 2015-04-21 16:26:35 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2015-04-21 16:25:34 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2015-04-21 16:14:33 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2015-04-21 16:11:10 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll 2015-04-21 16:11:07 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll 2015-04-21 16:10:12 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2015-04-21 16:09:57 341504 ----a-w- C:\Windows\SysWow64\html.iec 2015-04-21 16:08:41 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll 2015-04-21 15:58:45 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2015-04-21 15:57:57 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2015-04-21 15:47:04 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2015-04-21 15:46:50 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl 2015-04-21 15:43:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll 2015-04-21 15:31:13 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll 2015-04-21 15:27:25 2352128 ----a-w- C:\Windows\System32\wininet.dll 2015-04-21 15:25:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2015-04-21 15:24:48 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll 2015-04-21 15:02:00 1882112 ----a-w- C:\Windows\SysWow64\wininet.dll 2015-04-20 03:17:07 1647104 ----a-w- C:\Windows\System32\DWrite.dll 2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll 2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll 2015-04-20 02:11:23 3204608 ----a-w- C:\Windows\System32\win32k.sys 2015-04-18 03:10:57 460800 ----a-w- C:\Windows\System32\certcli.dll 2015-04-18 02:56:57 342016 ----a-w- C:\Windows\SysWow64\certcli.dll 2015-04-13 03:28:33 328704 ----a-w- C:\Windows\System32\services.exe 2015-04-08 03:29:07 275456 ----a-w- C:\Windows\System32\InkEd.dll 2015-04-08 03:29:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll 2015-04-08 03:14:07 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll . ============= FINISH: 21:29:52.63 ===============
  10. Winland

    Need Help

    Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/29/2015 Scan Time: 8:40 PM Logfile: Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.06.29.06 Rootkit Database: v2015.06.26.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: winland Scan Type: Threat Scan Result: Completed Objects Scanned: 379575 Time Elapsed: 24 min, 37 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 24 PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [9cde4878305a82b4dc8097de91724fb1], PUP.Optional.WeCare, HKLM\SOFTWARE\CLASSES\TYPELIB\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1}, Quarantined, [9cde4878305a82b4dc8097de91724fb1], PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B60591CD-AA25-4261-B05A-77826471C0A3}, Quarantined, [9cde4878305a82b4dc8097de91724fb1], PUP.Optional.WeCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B60591CD-AA25-4261-B05A-77826471C0A3}, Quarantined, [9cde4878305a82b4dc8097de91724fb1], PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1}, Quarantined, [9cde4878305a82b4dc8097de91724fb1], PUP.Optional.WeCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1}, Quarantined, [9cde4878305a82b4dc8097de91724fb1], PUP.Optional.WeCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [9cde4878305a82b4dc8097de91724fb1], PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [a2d8fcc4513968cebbbbae4c49badd23], PUP.Optional.WeCareReminder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{18753869-2CAE-44DD-B98A-0A8AC24B0D57}, Quarantined, [1d5dfec2e2a83600018844b4f50e8d73], PUP.Optional.HQVideo.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\HQ-Video-Pro-2.1cV04.12, Quarantined, [f783a7190c7e2115b37d414009fce020], PUP.Optional.WeCare, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [bdbdb60afe8c0d291645b86b9e66e31d], PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B1BC3B1-316E-4EED-8BC3-47CDD6CD224A}, Quarantined, [3d3de0e0880247efa4a57b16768fa25e], PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21722549-9FE8-49F6-830E-A4886162EDD4}, Quarantined, [5624625e2862102670da93fe27de619f], PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2DEF6D7D-EEA6-4262-8671-1B12B5652F26}, Quarantined, [98e2c9f7ec9e4beb2e1b39584cb9cc34], PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3675257B-E5F8-425E-B4E0-20F25779D73C}, Quarantined, [98e212ae573350e6f554afe2699c1ae6], PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4C26882B-BC59-46FD-8F61-A8F974ACE643}, Quarantined, [74068d33d9b1201670da5f3258ad3fc1], PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4C68D435-1E69-42D0-9826-464E5D8C41CD}, Quarantined, [344689374644c472a6a35839b94c55ab], PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{653C6B20-A7AE-4B3B-BC67-37AC759C899E}, Quarantined, [4f2b6858e2a872c47cceff92867f47b9], PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8FE92B89-7488-4EE8-9D0A-5481B32E584B}, Quarantined, [ff7b6d5309812e0800483f5230d5c43c], PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BC29DA9F-2AC1-4881-B06D-32FA8CFD1118}, Quarantined, [0d6ddce48bffe84e96b43c5506ff5ca4], PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E9EBAAC2-660E-4EB5-B8F1-24A02A162134}, Quarantined, [f38788386624a492b496573a7b8a01ff], PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F07C0084-E14C-4EA6-A387-BCB217142457}, Quarantined, [08720bb503874beb2821375a8c79956b], PUP.Optional.SevereWeatherAlerts.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\SevereWeatherAlerts.exe, Quarantined, [3f3b546cf5958caa61a3db9acd3841bf], PUP.Optional.DealPly.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, Quarantined, [44368b35bcced363c6ef9e9270945ca4], Registry Values: 14 PUP.Optional.WeCareReminder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{18753869-2CAE-44DD-B98A-0A8AC24B0D57}|Publisher, We-Care.com, Quarantined, [1d5dfec2e2a83600018844b4f50e8d73] PUP.Optional.WeCareReminder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{18753869-2CAE-44DD-B98A-0A8AC24B0D57}|DisplayName, CWA App by We-Care.com v4.1.29.3, Quarantined, [2357655b7812d3639ced52a63cc7867a] PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B1BC3B1-316E-4EED-8BC3-47CDD6CD224A}|AppName, 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-2.exe-buttonutil.exe, Quarantined, [3d3de0e0880247efa4a57b16768fa25e] PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21722549-9fe8-49f6-830e-a4886162edd4}|AppName, HQ-Video-Pro-2.1cV04.12-codedownloader.exe, Quarantined, [5624625e2862102670da93fe27de619f] PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2DEF6D7D-EEA6-4262-8671-1B12B5652F26}|AppName, 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-2.exe-buttonutil.exe, Quarantined, [98e2c9f7ec9e4beb2e1b39584cb9cc34] PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3675257B-E5F8-425E-B4E0-20F25779D73C}|AppName, 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-2.exe-buttonutil.exe, Quarantined, [98e212ae573350e6f554afe2699c1ae6] PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4C26882B-BC59-46FD-8F61-A8F974ACE643}|AppName, 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-2.exe-codedownloader.exe, Quarantined, [74068d33d9b1201670da5f3258ad3fc1] PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4C68D435-1E69-42D0-9826-464E5D8C41CD}|AppName, 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-2.exe-buttonutil.exe, Quarantined, [344689374644c472a6a35839b94c55ab] PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{653C6B20-A7AE-4B3B-BC67-37AC759C899E}|AppName, 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-2.exe-codedownloader.exe, Quarantined, [4f2b6858e2a872c47cceff92867f47b9] PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8fe92b89-7488-4ee8-9d0a-5481b32e584b}|AppName, HQ-Video-Pro-2.1cV04.12-bg.exe, Quarantined, [ff7b6d5309812e0800483f5230d5c43c] PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BC29DA9F-2AC1-4881-B06D-32FA8CFD1118}|AppName, 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-2.exe-codedownloader.exe, Quarantined, [0d6ddce48bffe84e96b43c5506ff5ca4] PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E9EBAAC2-660E-4EB5-B8F1-24A02A162134}|AppName, 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-2.exe-codedownloader.exe, Quarantined, [f38788386624a492b496573a7b8a01ff] PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F07C0084-E14C-4EA6-A387-BCB217142457}|AppName, 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-2.exe-buttonutil.exe, Quarantined, [08720bb503874beb2821375a8c79956b] PUP.Optional.CheckMeUp.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{B31AC82C-0B0E-2697-3BAD-1593CD310993}, C:\Program Files (x86)\ver0CheckMeUp\184.xpi, Quarantined, [4e2cc5fbccbeda5c88f07a1015f006fa] Registry Data: 0 (No malicious items detected) Folders: 1 PUP.Optional.GlobalUpdate.A, C:\Users\winland\AppData\Local\Temp\comh.446469, Quarantined, [e3978739d9b1e0562a92edeb897a3bc5], Files: 14 PUP.Optional.HQVideo.A, C:\Users\winland\AppData\Roaming\DE.exe, Quarantined, [0f6b3f81ed9dd165c0d83848b3533dc3], PUP.Optional.Nova.A, C:\Program Files (x86)\7-zip\21150fb3-13db-46bb-bc0f-da85cf79935d.dll, Quarantined, [2b4f9f212565ad89ad3d47ce5ca6827e], PUP.Optional.InstallCore.C, C:\Program Files (x86)\7-zip\ee9dae40-7453-4d84-b1c1-a1d583e2dfe6.dll, Quarantined, [6e0ca21e3d4d47ef0fc21a7092742fd1], PUP.Optional.InstallCore.C, C:\Program Files (x86)\ee9dae40-7453-4d84-b1c1-a1d583e2dfe6\aa8ce5ba-54af-4f9f-88ff-7130c97291ed.dll, Quarantined, [9ddd556b0a8065d14d846c1e986e5da3], PUP.Optional.Nova.A, C:\Program Files (x86)\ee9dae40-7453-4d84-b1c1-a1d583e2dfe6\e9e848c4-2a5e-4962-a37c-4726f47fad9d.dll, Quarantined, [c9b1358be6a470c662880b0a32d020e0], PUP.Optional.WinterWeb.A, C:\Users\winland\AppData\Local\Temp\1637452.exe, Quarantined, [4a30516fb1d9e84ec1e859de778fdb25], PUP.Optional.OpenCandy, C:\Users\winland\Downloads\doubleTwistSetup (1).exe, Quarantined, [56244d73454530067a66a3d140c646ba], PUP.Optional.OpenCandy, C:\Users\winland\Downloads\doubleTwistSetup (2).exe, Quarantined, [106acdf3305abf775f817103c73f1ae6], PUP.Optional.OpenCandy, C:\Users\winland\Downloads\doubleTwistSetup.exe, Quarantined, [abcf5e626a200a2c5e82adc71aec9e62], PUP.Optional.WeCare.A, C:\Windows\Installer\165093.msi, Quarantined, [d3a7754b6426f83e22f6bb66b34df60a], Trojan.Agent, C:\Users\winland\AppData\Roaming\DE.exe, Quarantined, [6e0c48785a303ef8c1db5fb408fd916f], Trojan.FakeAlert, C:\Users\winland\AppData\Roaming\Microsoft\Windows\Templates\6o4v7yr6ikfw18072u, Quarantined, [07737f41e5a59c9a791d66ec20e5e818], Trojan.FakeAlert, C:\ProgramData\6o4v7yr6ikfw18072u, Quarantined, [cdad714fadddc96de1b7d18113f25aa6], Trojan.FakeAlert, C:\Users\winland\AppData\Local\6o4v7yr6ikfw18072u, Quarantined, [c6b4912fbdcd3204099082d0ec19e917], Physical Sectors: 0 (No malicious items detected) (end)
  11. Winland

    Need Help

    Junkware Removal Tool (JRT) by Malwarebytes Version: 7.2.2 (06.29.2015:1) OS: Windows 7 Home Premium x64 Ran by winland on Mon 06/29/2015 at 20:22:05.96 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\exetender Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-756214247-1336522751-3168458980-1001\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bbqleads.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bbqleadsapplication.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bbqleadsservice.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bbqquotes.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\contentexplorer.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\donutleads.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\donutquotes.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\internetenhancer.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\internetenhancerservice.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pastaleads.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pastaquotes.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\theanswerfinder.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancer.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancerapp.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancerappservice.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancerservice.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bbqleads.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bbqleadsapplication.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bbqleadsservice.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bbqquotes.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\contentexplorer.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\donutleads.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\donutquotes.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\internetenhancer.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\internetenhancerservice.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pastaleads.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pastaquotes.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\theanswerfinder.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancer.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancerapp.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancerappservice.exe Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancerservice.exe Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 ~~~ Files Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxp_f.dealply.com_0.localstorage Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxp_f.dealply.com_0.localstorage-journal Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage-journal Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage-journal Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxps_static.boostsaves.com_0.localstorage Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxps_static.boostsaves.com_0.localstorage-journal Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxps_www.superfish.com_0.localstorage Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxps_www.superfish.com_0.localstorage-journal ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{03BA5389-B06B-4A43-876D-BC2B7ABC787C} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{0C75FF8B-FBC1-419D-94E2-54DD9D6F2285} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{0C85858F-22AD-45C5-A8A2-953004E826F7} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{0D71C6B7-E717-4F84-9443-2925F45BB783} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{19600C0B-07C3-41DF-8E69-97AF2EB22426} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{1A3A9665-A50F-419D-BF13-C7094235956D} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{1B96D60F-C9F1-4CAF-AA70-45DB0213FD5B} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{2488F9C4-804E-45D7-BE4F-4189BB60BC06} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{26C26460-DE2A-41E2-87CB-4B45A66C67DD} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{28F379F2-CD90-4406-B03D-98CC4EA1D2F9} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{2A2E20DF-D860-4D58-B992-76FF303EEC5D} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{2B0FBFC1-B32E-4EC6-B531-88A47F8E4EB4} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{3C6E1028-C5F7-4817-A27B-7B250492B8E3} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{439796ED-B1CC-4F20-A2F2-1DA07112A86A} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{4BCE3014-99C7-44A7-BAD4-541C72D8F981} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{4DB2D65F-FCAC-4402-AA67-6E0DD30621BD} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{4F25AEB2-4810-422F-95DB-B31DB42D408F} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{4FA5C3A2-24AD-4EAE-867F-5182009A3F6D} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{4FD72EC0-CF2A-43CA-A828-039FE84E0D7E} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{548AD7E8-FA41-47E7-A5C2-8CE8D3C65484} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{58CDA70F-EB34-462D-9DEB-D4417D00C944} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{5AEA869E-08F9-42D3-916D-4E68006FE485} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{67F41BD6-7061-432F-8295-5F724DF86AE7} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{6F9A0D8B-95D8-4BD1-9EC8-7BE5BE9C2988} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{70ACA22F-1940-489D-B6EA-BF9F95D838D1} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{7CE57511-8FB2-4E9C-8076-8D49A8F3E84C} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{7D3A456F-309E-44A2-BD33-98CE9438D4B5} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{8533A2D6-A97B-4BC8-B833-B51564FE5065} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{9405E005-2119-49CA-AFA2-8477E64D330F} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{953F1349-5797-4805-95D1-E7CB1F51F88C} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{97B2C9C5-1EDE-460A-9EDC-29DA521D2260} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{A2787A47-302B-445A-95B2-B30974C2B3F6} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{A3FB5BC1-6E63-498C-BCAD-010220CB0A72} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{A6876D93-3156-4DE3-8710-1CDA8BE150CB} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{B39745B0-8AC7-4888-856A-6D7B9FEFFB47} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{BA035CC0-4A13-4806-BAD3-23C2BEA45B45} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{C6EE6DE7-6F1D-448B-B43D-6F392E821C30} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{CBB59747-11AA-4942-A42F-5118E80D7A88} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{CC4A799B-91EF-4E55-90DA-4B68FEF3AFC0} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{D0A727A5-9291-4F9B-91E7-66251EE6B311} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{D55FAA1F-E6FA-4218-A5C3-64DF0DB3BCCB} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{D7C334D3-8AA2-4E9A-B8D2-AADEE520F079} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{D861ABF9-D2C2-4EFC-824D-6B10EDD261D1} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{DAB3DEE6-E238-48B5-AFFB-322924067B8E} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{E4A913DB-37AE-4A3B-A09E-0996145E6238} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{ED803041-C35F-4EC4-9376-C35741567AB5} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{EF6E428B-7118-4A4D-ACA0-1735ECD3294D} Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{F99DF23E-3537-4D16-BB20-DDB8EA7F3229} Successfully deleted: [Folder] C:\ProgramData\best buy pc app Successfully deleted: [Folder] C:\Users\winland\appdata\local\best buy pc app Successfully deleted: [Folder] C:\Users\winland\appdata\local\f189731f-6ce9-4a6b-a412-a3fb1d7e1549 ~~~ Chrome [C:\Users\winland\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\winland\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: gaiilaahiahdejapggenmdmafpmbipje ndibdjnfmopecpmkdieinmbadjfpblof niapdbllcanepiiimjjndipklodoedlc [C:\Users\winland\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\winland\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 06/29/2015 at 20:30:16.79 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  12. Winland

    Need Help

    # AdwCleaner v4.207 - Logfile created 29/06/2015 at 20:11:40 # Updated 21/06/2015 by Xplode # Database : 2015-06-29.1 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : winland - WINLAND-PC # Running from : C:\Users\winland\AppData\Local\Temp\3dlqibjv.tmp\adwcleaner_4.207.exe # Option : Cleaning ***** [ Services ] ***** [#] Service Deleted : globalUpdate [#] Service Deleted : globalUpdatem [#] Service Deleted : servervo [#] Service Deleted : YahooAUService [#] Service Deleted : vToolbarUpdater18.5.0 ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\ProgramData\Free Ride Games Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\ProgramData\Trymedia Folder Deleted : C:\ProgramData\WeCareReminder Folder Deleted : C:\ProgramData\zoomify2 Folder Deleted : C:\ProgramData\Yahoo! Companion Folder Deleted : C:\ProgramData\bbqleads Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\Program Files (x86)\AVG Secure Search Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar Folder Deleted : C:\Program Files (x86)\BlitzMediaPlayer Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\DealPly Folder Deleted : C:\Program Files (x86)\Free Ride Games Folder Deleted : C:\Program Files (x86)\globalUpdate Folder Deleted : C:\Program Files (x86)\SelectRebates Folder Deleted : C:\Program Files (x86)\Yontoo Folder Deleted : C:\Program Files (x86)\Search Extensions Folder Deleted : C:\Program Files (x86)\Coupons Folder Deleted : C:\Program Files (x86)\bbqleads Folder Deleted : C:\Program Files (x86)\kong games Folder Deleted : C:\Program Files (x86)\Coupons.com Folder Deleted : C:\Program Files (x86)\HQ-Video-Pro-2.1cV04.12 Folder Deleted : C:\Program Files (x86)\ver0CheckMeUp Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe} Folder Deleted : C:\Users\winland\AppData\Local\apn Folder Deleted : C:\Users\winland\AppData\Local\AVG Secure Search Folder Deleted : C:\Users\winland\AppData\Local\BlitzMediaPlayer Folder Deleted : C:\Users\winland\AppData\Local\Conduit Folder Deleted : C:\Users\winland\AppData\Local\globalUpdate Folder Deleted : C:\Users\winland\AppData\Local\SevereWeatherAlerts Folder Deleted : C:\Users\winland\AppData\Local\visi_coupon Folder Deleted : C:\Users\winland\AppData\Local\Weather_Notifications,_LL Folder Deleted : C:\Users\winland\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\winland\AppData\LocalLow\AVG Secure Search Folder Deleted : C:\Users\winland\AppData\LocalLow\Conduit Folder Deleted : C:\Users\winland\AppData\LocalLow\zoomify Folder Deleted : C:\Users\winland\AppData\LocalLow\YahooCouponAddOn Folder Deleted : C:\Users\winland\AppData\LocalLow\Yahoo! Companion Folder Deleted : C:\Users\winland\AppData\LocalLow\Coupons.com Folder Deleted : C:\Users\winland\AppData\Roaming\DealPly Folder Deleted : C:\Users\winland\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\winland\AppData\Roaming\VOPackage Folder Deleted : C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlitzMediaPlayer Folder Deleted : C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games Folder Deleted : C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts Folder Deleted : C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage Folder Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje Folder Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm Folder Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Folder Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe Folder Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjfnhemcmjbjgbhngpabpfdkifonajj Folder Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaiilaahiahdejapggenmdmafpmbipje_0.localstorage File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaiilaahiahdejapggenmdmafpmbipje_0.localstorage-journal File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippkomaaonokjnfjoikaemidanojkfmm_0.localstorage File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eagomcfjiefffhpaejnlpjccikpipdoe_0.localstorage File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eagomcfjiefffhpaejnlpjccikpipdoe_0.localstorage-journal File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_eagomcfjiefffhpaejnlpjccikpipdoe_0 File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eagomcfjiefffhpaejnlpjccikpipdoe File Deleted : C:\Windows\shost.bin File Deleted : C:\Windows\System32\drivers\webinstrNewH.sys File Deleted : C:\Users\winland\AppData\Roaming\XQWGX.exe File Deleted : C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BlitzMediaPlayer.lnk File Deleted : C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk File Deleted : C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk File Deleted : C:\Users\winland\Desktop\BlitzMediaPlayer.lnk File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage-journal File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_isearch.avg.com_0.localstorage File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_isearch.avg.com_0.localstorage-journal File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage-journal File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal ***** [ Scheduled tasks ] ***** Task Deleted : Dealply Task Deleted : DealPlyUpdate Task Deleted : globalUpdateUpdateTaskMachineCore Task Deleted : globalUpdateUpdateTaskMachineUA Task Deleted : RocketTab Task Deleted : RocketTab Update Task Task Deleted : Scheduled Update for Ask Toolbar Task Deleted : kong_games_notification_service Task Deleted : kong_games_updating_service Task Deleted : RunTool Task Deleted : 18441d63-81cc-4c06-91dd-f46b395711ed Task Deleted : 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-1 Task Deleted : 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-10_user Task Deleted : 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-11 Task Deleted : 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-3 Task Deleted : 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-4 Task Deleted : 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-5 Task Deleted : 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-5_user Task Deleted : 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-6 Task Deleted : 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-7 Task Deleted : 6b602663-0d80-4c8f-92ce-7efe20874629 Task Deleted : CheckMeUp Update Task Deleted : AVG-Secure-Search-Update_JUNE2013_TB_rmv ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Key Deleted : HKLM\SOFTWARE\840314d0-0272-4978-9a48-9af785777bdb Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\ Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37153479-1976-43C3-A1EE-557513977B64} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\ Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9071FEA3-4D79-496A-A471-C709B4ABD184} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611571181} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622572281} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\ Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655575581} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666576681} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\ Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644574481} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37153479-1976-43C3-A1EE-557513977B64} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37153479-1976-43C3-A1EE-557513977B64} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\ Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9071FEA3-4D79-496A-A471-C709B4ABD184} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38A2C51F-19B2-4A79-A1C9-9837BE6D0EC3} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DC3179AF-FBB9-4CD3-8EB7-0DF43B0F73A6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8fe92b89-7488-4ee8-9d0a-5481b32e584b} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\ Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611571181} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622572281} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\ Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655575581} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666576681} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\ Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8fe92b89-7488-4ee8-9d0a-5481b32e584b} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\DealPly Key Deleted : HKCU\Software\GlobalUpdate Key Deleted : HKCU\Software\Microsoft\KanarCore Key Deleted : HKCU\Software\RocketTabInstalled Key Deleted : HKCU\Software\Wajam Key Deleted : HKCU\Software\wecarereminder Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\WajIEnhance Key Deleted : HKCU\Software\Avg Secure Update Key Deleted : HKCU\Software\SevereWeatherAlerts Key Deleted : HKCU\Software\HQ-Video-Pro-2.1cV04.12 Key Deleted : HKCU\Software\HQ-Video-Pro-2.1cV04.12-nv Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\zoomify Key Deleted : HKCU\Software\AppDataLow\Software\CheckMeUp Key Deleted : HKCU\Software\AppDataLow\Software\Coupons.com Key Deleted : HKCU\Software\AppDataLow\Software\HQ-Video-Pro-2.1cV04.12 Key Deleted : HKLM\SOFTWARE\APN Key Deleted : HKLM\SOFTWARE\AskToolbar Key Deleted : HKLM\SOFTWARE\AVG Secure Search Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\DealPly Key Deleted : HKLM\SOFTWARE\Freeze.com Key Deleted : HKLM\SOFTWARE\GlobalUpdate Key Deleted : HKLM\SOFTWARE\InstallIQ Key Deleted : HKLM\SOFTWARE\NpApp Key Deleted : HKLM\SOFTWARE\RocketTab Key Deleted : HKLM\SOFTWARE\Trymedia Systems Key Deleted : HKLM\SOFTWARE\zoomify Key Deleted : HKLM\SOFTWARE\Coupons.com Key Deleted : HKLM\SOFTWARE\HQ-Video-Pro-2.1cV04.12 Key Deleted : HKLM\SOFTWARE\HQ-Video-Pro-2.1cV04.12-nv Key Deleted : HKU\.DEFAULT\Software\AskToolbar Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update Key Deleted : HKU\.DEFAULT\Software\HQ-Video-Pro-2.1cV04.12-nv Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Severe Weather Alerts Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zoomify Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupons.com Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQ-Video-Pro-2.1cV04.12 Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mmotraffic.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\powerwebsearch.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yourstartsearch.com Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49592;hxxps=127.0.0.1:49592 Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1 Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback> ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17801 -\\ Google Chrome v43.0.2357.130 [C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://isearch.avg.com/search?cid={54A3066F-7B5D-4234-9C87-32BBBE0198C1}&mid=51f74b19328747d0825a294607e95833-709e819115f0ac25e6f2c1d1acb3886f436c7384〈=en&ds=ft011&pr=sa&d=2012-09-11 19:56:30&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} [C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=C681B66C-D13A-4DBF-9DFA-4E98863C4EDD&apn_ptnrs=TV&apn_sauid=E46B3B05-7CF6-4F16-BAEF-886727BC8D03&apn_dtid=OSJ000YYUS&q={searchTerms} [C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : gaiilaahiahdejapggenmdmafpmbipje [C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ippkomaaonokjnfjoikaemidanojkfmm [C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof [C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : niapdbllcanepiiimjjndipklodoedlc [C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : eagomcfjiefffhpaejnlpjccikpipdoe [C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : fdjfnhemcmjbjgbhngpabpfdkifonajj [C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lccekmodgklaepjeofjdjpbminllajkg ************************* AdwCleaner[R0].txt - [42337 bytes] - [29/06/2015 20:10:19] AdwCleaner[s0].txt - [39303 bytes] - [29/06/2015 20:11:40] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [39363 bytes] ##########