Recommended Posts


Howdy Pat and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Do Not Remove anything or run any tools/programs until advised to do so !


Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  



===================================



AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the "Cleaning" button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!



NEXT



    Download Malwarebytes' Anti-Malware (save it to your desktop).  >>>   http://api.viglink.com/api/click?format=go&jsonp=vglnk_142716402237113&key=9b4efad421c8b103b2c94b796db973b0&libId=i7moiq1n01002u9u000DAjanrgva6&subId=ada8cd58e448a82cf9bb2f2782266d43&loc=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fshowtopic%3D129391%26page%3D1&v=1&out=http%3A%2F%2Fwww.malwarebytes.org%2Fmwb-download%2Fconfirm%2F%3Futm_source%3Dfacebook%26utm_medium%3Dsocial&ref=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fs%3D49c36eb57530cd237bc7129892da2191%26showforum%3D27&title=can%27t%20download%20or%20run%20malwarebyts%20%5BSolved%5D%20-%20What%20the%20Tech&txt=http%3A%2F%2Fwww.malwareby...m_medium%3Dsocial

      * Windows XP : Double click on the icon to run it.
      *  Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
      *  Select Scan tab.

Malwarebytes.png

* Select type of scan to perform:

MBAMScanTab_zps2c5e74bd.gif
   
  * Threat Scan < --- Select this type of scan
  * Custom Scan
  * Hyper Scan

Next click the Scan button.

When the scan is complete, if no malicious items are found you can close the program.

If malicious items are found be sure that everything is checked, and click Quarantine .

When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
 
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
 

 

So run these 1 at a time & post the logs that will be produced by some !

 

Thanks Chuck

Link to post
Share on other sites
# AdwCleaner v4.207 - Logfile created 29/06/2015 at 20:11:40

# Updated 21/06/2015 by Xplode

# Database : 2015-06-29.1 [server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : winland - WINLAND-PC

# Running from : C:\Users\winland\AppData\Local\Temp\3dlqibjv.tmp\adwcleaner_4.207.exe

# Option : Cleaning

 

***** [ Services ] *****

 

[#] Service Deleted : globalUpdate

[#] Service Deleted : globalUpdatem

[#] Service Deleted : servervo

[#] Service Deleted : YahooAUService

[#] Service Deleted : vToolbarUpdater18.5.0

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\Free Ride Games

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\ProgramData\Trymedia

Folder Deleted : C:\ProgramData\WeCareReminder

Folder Deleted : C:\ProgramData\zoomify2

Folder Deleted : C:\ProgramData\Yahoo! Companion

Folder Deleted : C:\ProgramData\bbqleads

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

Folder Deleted : C:\Program Files (x86)\Ask.com

Folder Deleted : C:\Program Files (x86)\AVG Secure Search

Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar

Folder Deleted : C:\Program Files (x86)\BlitzMediaPlayer

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\DealPly

Folder Deleted : C:\Program Files (x86)\Free Ride Games

Folder Deleted : C:\Program Files (x86)\globalUpdate

Folder Deleted : C:\Program Files (x86)\SelectRebates

Folder Deleted : C:\Program Files (x86)\Yontoo

Folder Deleted : C:\Program Files (x86)\Search Extensions

Folder Deleted : C:\Program Files (x86)\Coupons

Folder Deleted : C:\Program Files (x86)\bbqleads

Folder Deleted : C:\Program Files (x86)\kong games

Folder Deleted : C:\Program Files (x86)\Coupons.com

Folder Deleted : C:\Program Files (x86)\HQ-Video-Pro-2.1cV04.12

Folder Deleted : C:\Program Files (x86)\ver0CheckMeUp

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

Folder Deleted : C:\Users\winland\AppData\Local\apn

Folder Deleted : C:\Users\winland\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\winland\AppData\Local\BlitzMediaPlayer

Folder Deleted : C:\Users\winland\AppData\Local\Conduit

Folder Deleted : C:\Users\winland\AppData\Local\globalUpdate

Folder Deleted : C:\Users\winland\AppData\Local\SevereWeatherAlerts

Folder Deleted : C:\Users\winland\AppData\Local\visi_coupon

Folder Deleted : C:\Users\winland\AppData\Local\Weather_Notifications,_LL

Folder Deleted : C:\Users\winland\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\winland\AppData\LocalLow\AVG Secure Search

Folder Deleted : C:\Users\winland\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\winland\AppData\LocalLow\zoomify

Folder Deleted : C:\Users\winland\AppData\LocalLow\YahooCouponAddOn

Folder Deleted : C:\Users\winland\AppData\LocalLow\Yahoo! Companion

Folder Deleted : C:\Users\winland\AppData\LocalLow\Coupons.com

Folder Deleted : C:\Users\winland\AppData\Roaming\DealPly

Folder Deleted : C:\Users\winland\AppData\Roaming\OpenCandy

Folder Deleted : C:\Users\winland\AppData\Roaming\VOPackage

Folder Deleted : C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlitzMediaPlayer

Folder Deleted : C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games

Folder Deleted : C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts

Folder Deleted : C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage

Folder Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Folder Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm

Folder Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Folder Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe

Folder Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjfnhemcmjbjgbhngpabpfdkifonajj

Folder Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaiilaahiahdejapggenmdmafpmbipje_0.localstorage

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaiilaahiahdejapggenmdmafpmbipje_0.localstorage-journal

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippkomaaonokjnfjoikaemidanojkfmm_0.localstorage

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eagomcfjiefffhpaejnlpjccikpipdoe_0.localstorage

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eagomcfjiefffhpaejnlpjccikpipdoe_0.localstorage-journal

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_eagomcfjiefffhpaejnlpjccikpipdoe_0

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eagomcfjiefffhpaejnlpjccikpipdoe

File Deleted : C:\Windows\shost.bin

File Deleted : C:\Windows\System32\drivers\webinstrNewH.sys

File Deleted : C:\Users\winland\AppData\Roaming\XQWGX.exe

File Deleted : C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BlitzMediaPlayer.lnk

File Deleted : C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk

File Deleted : C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk

File Deleted : C:\Users\winland\Desktop\BlitzMediaPlayer.lnk

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage-journal

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_isearch.avg.com_0.localstorage

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_isearch.avg.com_0.localstorage-journal

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage-journal

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage

File Deleted : C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal

 

***** [ Scheduled tasks ] *****

 

Task Deleted : Dealply

Task Deleted : DealPlyUpdate

Task Deleted : globalUpdateUpdateTaskMachineCore

Task Deleted : globalUpdateUpdateTaskMachineUA

Task Deleted : RocketTab

Task Deleted : RocketTab Update Task

Task Deleted : Scheduled Update for Ask Toolbar

Task Deleted : kong_games_notification_service

Task Deleted : kong_games_updating_service

Task Deleted : RunTool

Task Deleted : 18441d63-81cc-4c06-91dd-f46b395711ed

Task Deleted : 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-1

Task Deleted : 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-10_user

Task Deleted : 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-11

Task Deleted : 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-3

Task Deleted : 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-4

Task Deleted : 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-5

Task Deleted : 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-5_user

Task Deleted : 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-6

Task Deleted : 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-7

Task Deleted : 6b602663-0d80-4c8f-92ce-7efe20874629

Task Deleted : CheckMeUp Update

Task Deleted : AVG-Secure-Search-Update_JUNE2013_TB_rmv

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}

Key Deleted : HKLM\SOFTWARE\840314d0-0272-4978-9a48-9af785777bdb

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37153479-1976-43C3-A1EE-557513977B64}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9071FEA3-4D79-496A-A471-C709B4ABD184}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611571181}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622572281}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655575581}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666576681}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644574481}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37153479-1976-43C3-A1EE-557513977B64}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37153479-1976-43C3-A1EE-557513977B64}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9071FEA3-4D79-496A-A471-C709B4ABD184}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38A2C51F-19B2-4A79-A1C9-9837BE6D0EC3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DC3179AF-FBB9-4CD3-8EB7-0DF43B0F73A6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8fe92b89-7488-4ee8-9d0a-5481b32e584b}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611571181}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622572281}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655575581}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666576681}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8fe92b89-7488-4ee8-9d0a-5481b32e584b}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\DealPly

Key Deleted : HKCU\Software\GlobalUpdate

Key Deleted : HKCU\Software\Microsoft\KanarCore

Key Deleted : HKCU\Software\RocketTabInstalled

Key Deleted : HKCU\Software\Wajam

Key Deleted : HKCU\Software\wecarereminder

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\WajIEnhance

Key Deleted : HKCU\Software\Avg Secure Update

Key Deleted : HKCU\Software\SevereWeatherAlerts

Key Deleted : HKCU\Software\HQ-Video-Pro-2.1cV04.12

Key Deleted : HKCU\Software\HQ-Video-Pro-2.1cV04.12-nv

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Software\zoomify

Key Deleted : HKCU\Software\AppDataLow\Software\CheckMeUp

Key Deleted : HKCU\Software\AppDataLow\Software\Coupons.com

Key Deleted : HKCU\Software\AppDataLow\Software\HQ-Video-Pro-2.1cV04.12

Key Deleted : HKLM\SOFTWARE\APN

Key Deleted : HKLM\SOFTWARE\AskToolbar

Key Deleted : HKLM\SOFTWARE\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\DealPly

Key Deleted : HKLM\SOFTWARE\Freeze.com

Key Deleted : HKLM\SOFTWARE\GlobalUpdate

Key Deleted : HKLM\SOFTWARE\InstallIQ

Key Deleted : HKLM\SOFTWARE\NpApp

Key Deleted : HKLM\SOFTWARE\RocketTab

Key Deleted : HKLM\SOFTWARE\Trymedia Systems

Key Deleted : HKLM\SOFTWARE\zoomify

Key Deleted : HKLM\SOFTWARE\Coupons.com

Key Deleted : HKLM\SOFTWARE\HQ-Video-Pro-2.1cV04.12

Key Deleted : HKLM\SOFTWARE\HQ-Video-Pro-2.1cV04.12-nv

Key Deleted : HKU\.DEFAULT\Software\AskToolbar

Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update

Key Deleted : HKU\.DEFAULT\Software\HQ-Video-Pro-2.1cV04.12-nv

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Severe Weather Alerts

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zoomify

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupons.com Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQ-Video-Pro-2.1cV04.12

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mmotraffic.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\powerwebsearch.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yourstartsearch.com

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49592;hxxps=127.0.0.1:49592

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17801

 

 

-\\ Google Chrome v43.0.2357.130

 

[C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://isearch.avg.com/search?cid={54A3066F-7B5D-4234-9C87-32BBBE0198C1}&mid=51f74b19328747d0825a294607e95833-709e819115f0ac25e6f2c1d1acb3886f436c7384〈=en&ds=ft011&pr=sa&d=2012-09-11 19:56:30&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}

[C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=C681B66C-D13A-4DBF-9DFA-4E98863C4EDD&apn_ptnrs=TV&apn_sauid=E46B3B05-7CF6-4F16-BAEF-886727BC8D03&apn_dtid=OSJ000YYUS&q={searchTerms}

[C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : gaiilaahiahdejapggenmdmafpmbipje

[C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ippkomaaonokjnfjoikaemidanojkfmm

[C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

[C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : niapdbllcanepiiimjjndipklodoedlc

[C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : eagomcfjiefffhpaejnlpjccikpipdoe

[C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : fdjfnhemcmjbjgbhngpabpfdkifonajj

[C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lccekmodgklaepjeofjdjpbminllajkg

 

*************************

 

AdwCleaner[R0].txt - [42337 bytes] - [29/06/2015 20:10:19]

AdwCleaner[s0].txt - [39303 bytes] - [29/06/2015 20:11:40]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [39363  bytes] ##########
Link to post
Share on other sites
Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.2.2 (06.29.2015:1)

OS: Windows 7 Home Premium x64

Ran by winland on Mon 06/29/2015 at 20:22:05.96

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Tasks

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\exetender

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-756214247-1336522751-3168458980-1001\Software\Microsoft\Internet Explorer\Main\\Start Page

 

 

 

~~~ Registry Keys

 

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bbqleads.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bbqleadsapplication.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bbqleadsservice.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bbqquotes.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\contentexplorer.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\donutleads.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\donutquotes.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\internetenhancer.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\internetenhancerservice.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pastaleads.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pastaquotes.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\theanswerfinder.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancer.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancerapp.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancerappservice.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancerservice.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bbqleads.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bbqleadsapplication.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bbqleadsservice.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bbqquotes.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\contentexplorer.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\donutleads.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\donutquotes.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\internetenhancer.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\internetenhancerservice.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pastaleads.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pastaquotes.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\theanswerfinder.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancer.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancerapp.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancerappservice.exe

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancerservice.exe

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxp_f.dealply.com_0.localstorage

Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxp_f.dealply.com_0.localstorage-journal

Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage

Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage-journal

Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage

Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage-journal

Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxps_static.boostsaves.com_0.localstorage

Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxps_static.boostsaves.com_0.localstorage-journal

Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxps_www.superfish.com_0.localstorage

Successfully deleted: [File] C:\Users\winland\appdata\local\google\chrome\user data\default\local storage\hxxps_www.superfish.com_0.localstorage-journal

 

 

 

~~~ Folders

 

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{03BA5389-B06B-4A43-876D-BC2B7ABC787C}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{0C75FF8B-FBC1-419D-94E2-54DD9D6F2285}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{0C85858F-22AD-45C5-A8A2-953004E826F7}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{0D71C6B7-E717-4F84-9443-2925F45BB783}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{19600C0B-07C3-41DF-8E69-97AF2EB22426}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{1A3A9665-A50F-419D-BF13-C7094235956D}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{1B96D60F-C9F1-4CAF-AA70-45DB0213FD5B}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{2488F9C4-804E-45D7-BE4F-4189BB60BC06}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{26C26460-DE2A-41E2-87CB-4B45A66C67DD}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{28F379F2-CD90-4406-B03D-98CC4EA1D2F9}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{2A2E20DF-D860-4D58-B992-76FF303EEC5D}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{2B0FBFC1-B32E-4EC6-B531-88A47F8E4EB4}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{3C6E1028-C5F7-4817-A27B-7B250492B8E3}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{439796ED-B1CC-4F20-A2F2-1DA07112A86A}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{4BCE3014-99C7-44A7-BAD4-541C72D8F981}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{4DB2D65F-FCAC-4402-AA67-6E0DD30621BD}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{4F25AEB2-4810-422F-95DB-B31DB42D408F}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{4FA5C3A2-24AD-4EAE-867F-5182009A3F6D}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{4FD72EC0-CF2A-43CA-A828-039FE84E0D7E}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{548AD7E8-FA41-47E7-A5C2-8CE8D3C65484}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{58CDA70F-EB34-462D-9DEB-D4417D00C944}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{5AEA869E-08F9-42D3-916D-4E68006FE485}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{67F41BD6-7061-432F-8295-5F724DF86AE7}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{6F9A0D8B-95D8-4BD1-9EC8-7BE5BE9C2988}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{70ACA22F-1940-489D-B6EA-BF9F95D838D1}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{7CE57511-8FB2-4E9C-8076-8D49A8F3E84C}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{7D3A456F-309E-44A2-BD33-98CE9438D4B5}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{8533A2D6-A97B-4BC8-B833-B51564FE5065}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{9405E005-2119-49CA-AFA2-8477E64D330F}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{953F1349-5797-4805-95D1-E7CB1F51F88C}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{97B2C9C5-1EDE-460A-9EDC-29DA521D2260}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{A2787A47-302B-445A-95B2-B30974C2B3F6}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{A3FB5BC1-6E63-498C-BCAD-010220CB0A72}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{A6876D93-3156-4DE3-8710-1CDA8BE150CB}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{B39745B0-8AC7-4888-856A-6D7B9FEFFB47}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{BA035CC0-4A13-4806-BAD3-23C2BEA45B45}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{C6EE6DE7-6F1D-448B-B43D-6F392E821C30}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{CBB59747-11AA-4942-A42F-5118E80D7A88}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{CC4A799B-91EF-4E55-90DA-4B68FEF3AFC0}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{D0A727A5-9291-4F9B-91E7-66251EE6B311}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{D55FAA1F-E6FA-4218-A5C3-64DF0DB3BCCB}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{D7C334D3-8AA2-4E9A-B8D2-AADEE520F079}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{D861ABF9-D2C2-4EFC-824D-6B10EDD261D1}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{DAB3DEE6-E238-48B5-AFFB-322924067B8E}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{E4A913DB-37AE-4A3B-A09E-0996145E6238}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{ED803041-C35F-4EC4-9376-C35741567AB5}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{EF6E428B-7118-4A4D-ACA0-1735ECD3294D}

Successfully deleted: [Empty Folder] C:\Users\winland\appdata\local\{F99DF23E-3537-4D16-BB20-DDB8EA7F3229}

Successfully deleted: [Folder] C:\ProgramData\best buy pc app

Successfully deleted: [Folder] C:\Users\winland\appdata\local\best buy pc app

Successfully deleted: [Folder] C:\Users\winland\appdata\local\f189731f-6ce9-4a6b-a412-a3fb1d7e1549

 

 

 

~~~ Chrome

 

 

[C:\Users\winland\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

 

[C:\Users\winland\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

gaiilaahiahdejapggenmdmafpmbipje

ndibdjnfmopecpmkdieinmbadjfpblof

niapdbllcanepiiimjjndipklodoedlc

 

[C:\Users\winland\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

 

[C:\Users\winland\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 06/29/2015 at 20:30:16.79

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 6/29/2015

Scan Time: 8:40 PM

Logfile:

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.06.29.06

Rootkit Database: v2015.06.26.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: winland

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 379575

Time Elapsed: 24 min, 37 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 24

PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [9cde4878305a82b4dc8097de91724fb1],

PUP.Optional.WeCare, HKLM\SOFTWARE\CLASSES\TYPELIB\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1}, Quarantined, [9cde4878305a82b4dc8097de91724fb1],

PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B60591CD-AA25-4261-B05A-77826471C0A3}, Quarantined, [9cde4878305a82b4dc8097de91724fb1],

PUP.Optional.WeCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B60591CD-AA25-4261-B05A-77826471C0A3}, Quarantined, [9cde4878305a82b4dc8097de91724fb1],

PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1}, Quarantined, [9cde4878305a82b4dc8097de91724fb1],

PUP.Optional.WeCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1}, Quarantined, [9cde4878305a82b4dc8097de91724fb1],

PUP.Optional.WeCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [9cde4878305a82b4dc8097de91724fb1],

PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [a2d8fcc4513968cebbbbae4c49badd23],

PUP.Optional.WeCareReminder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{18753869-2CAE-44DD-B98A-0A8AC24B0D57}, Quarantined, [1d5dfec2e2a83600018844b4f50e8d73],

PUP.Optional.HQVideo.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\HQ-Video-Pro-2.1cV04.12, Quarantined, [f783a7190c7e2115b37d414009fce020],

PUP.Optional.WeCare, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [bdbdb60afe8c0d291645b86b9e66e31d],

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B1BC3B1-316E-4EED-8BC3-47CDD6CD224A}, Quarantined, [3d3de0e0880247efa4a57b16768fa25e],

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21722549-9FE8-49F6-830E-A4886162EDD4}, Quarantined, [5624625e2862102670da93fe27de619f],

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2DEF6D7D-EEA6-4262-8671-1B12B5652F26}, Quarantined, [98e2c9f7ec9e4beb2e1b39584cb9cc34],

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3675257B-E5F8-425E-B4E0-20F25779D73C}, Quarantined, [98e212ae573350e6f554afe2699c1ae6],

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4C26882B-BC59-46FD-8F61-A8F974ACE643}, Quarantined, [74068d33d9b1201670da5f3258ad3fc1],

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4C68D435-1E69-42D0-9826-464E5D8C41CD}, Quarantined, [344689374644c472a6a35839b94c55ab],

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{653C6B20-A7AE-4B3B-BC67-37AC759C899E}, Quarantined, [4f2b6858e2a872c47cceff92867f47b9],

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8FE92B89-7488-4EE8-9D0A-5481B32E584B}, Quarantined, [ff7b6d5309812e0800483f5230d5c43c],

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BC29DA9F-2AC1-4881-B06D-32FA8CFD1118}, Quarantined, [0d6ddce48bffe84e96b43c5506ff5ca4],

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E9EBAAC2-660E-4EB5-B8F1-24A02A162134}, Quarantined, [f38788386624a492b496573a7b8a01ff],

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F07C0084-E14C-4EA6-A387-BCB217142457}, Quarantined, [08720bb503874beb2821375a8c79956b],

PUP.Optional.SevereWeatherAlerts.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\SevereWeatherAlerts.exe, Quarantined, [3f3b546cf5958caa61a3db9acd3841bf],

PUP.Optional.DealPly.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, Quarantined, [44368b35bcced363c6ef9e9270945ca4],

 

Registry Values: 14

PUP.Optional.WeCareReminder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{18753869-2CAE-44DD-B98A-0A8AC24B0D57}|Publisher, We-Care.com, Quarantined, [1d5dfec2e2a83600018844b4f50e8d73]

PUP.Optional.WeCareReminder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{18753869-2CAE-44DD-B98A-0A8AC24B0D57}|DisplayName, CWA App by We-Care.com v4.1.29.3, Quarantined, [2357655b7812d3639ced52a63cc7867a]

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B1BC3B1-316E-4EED-8BC3-47CDD6CD224A}|AppName, 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-2.exe-buttonutil.exe, Quarantined, [3d3de0e0880247efa4a57b16768fa25e]

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21722549-9fe8-49f6-830e-a4886162edd4}|AppName, HQ-Video-Pro-2.1cV04.12-codedownloader.exe, Quarantined, [5624625e2862102670da93fe27de619f]

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2DEF6D7D-EEA6-4262-8671-1B12B5652F26}|AppName, 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-2.exe-buttonutil.exe, Quarantined, [98e2c9f7ec9e4beb2e1b39584cb9cc34]

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3675257B-E5F8-425E-B4E0-20F25779D73C}|AppName, 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-2.exe-buttonutil.exe, Quarantined, [98e212ae573350e6f554afe2699c1ae6]

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4C26882B-BC59-46FD-8F61-A8F974ACE643}|AppName, 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-2.exe-codedownloader.exe, Quarantined, [74068d33d9b1201670da5f3258ad3fc1]

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4C68D435-1E69-42D0-9826-464E5D8C41CD}|AppName, 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-2.exe-buttonutil.exe, Quarantined, [344689374644c472a6a35839b94c55ab]

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{653C6B20-A7AE-4B3B-BC67-37AC759C899E}|AppName, 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-2.exe-codedownloader.exe, Quarantined, [4f2b6858e2a872c47cceff92867f47b9]

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8fe92b89-7488-4ee8-9d0a-5481b32e584b}|AppName, HQ-Video-Pro-2.1cV04.12-bg.exe, Quarantined, [ff7b6d5309812e0800483f5230d5c43c]

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BC29DA9F-2AC1-4881-B06D-32FA8CFD1118}|AppName, 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-2.exe-codedownloader.exe, Quarantined, [0d6ddce48bffe84e96b43c5506ff5ca4]

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E9EBAAC2-660E-4EB5-B8F1-24A02A162134}|AppName, 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-2.exe-codedownloader.exe, Quarantined, [f38788386624a492b496573a7b8a01ff]

PUP.Optional.CrossRider.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F07C0084-E14C-4EA6-A387-BCB217142457}|AppName, 3aadc66a-c1b8-4485-8a7e-60e0f95f50aa-2.exe-buttonutil.exe, Quarantined, [08720bb503874beb2821375a8c79956b]

PUP.Optional.CheckMeUp.A, HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{B31AC82C-0B0E-2697-3BAD-1593CD310993}, C:\Program Files (x86)\ver0CheckMeUp\184.xpi, Quarantined, [4e2cc5fbccbeda5c88f07a1015f006fa]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 1

PUP.Optional.GlobalUpdate.A, C:\Users\winland\AppData\Local\Temp\comh.446469, Quarantined, [e3978739d9b1e0562a92edeb897a3bc5],

 

Files: 14

PUP.Optional.HQVideo.A, C:\Users\winland\AppData\Roaming\DE.exe, Quarantined, [0f6b3f81ed9dd165c0d83848b3533dc3],

PUP.Optional.Nova.A, C:\Program Files (x86)\7-zip\21150fb3-13db-46bb-bc0f-da85cf79935d.dll, Quarantined, [2b4f9f212565ad89ad3d47ce5ca6827e],

PUP.Optional.InstallCore.C, C:\Program Files (x86)\7-zip\ee9dae40-7453-4d84-b1c1-a1d583e2dfe6.dll, Quarantined, [6e0ca21e3d4d47ef0fc21a7092742fd1],

PUP.Optional.InstallCore.C, C:\Program Files (x86)\ee9dae40-7453-4d84-b1c1-a1d583e2dfe6\aa8ce5ba-54af-4f9f-88ff-7130c97291ed.dll, Quarantined, [9ddd556b0a8065d14d846c1e986e5da3],

PUP.Optional.Nova.A, C:\Program Files (x86)\ee9dae40-7453-4d84-b1c1-a1d583e2dfe6\e9e848c4-2a5e-4962-a37c-4726f47fad9d.dll, Quarantined, [c9b1358be6a470c662880b0a32d020e0],

PUP.Optional.WinterWeb.A, C:\Users\winland\AppData\Local\Temp\1637452.exe, Quarantined, [4a30516fb1d9e84ec1e859de778fdb25],

PUP.Optional.OpenCandy, C:\Users\winland\Downloads\doubleTwistSetup (1).exe, Quarantined, [56244d73454530067a66a3d140c646ba],

PUP.Optional.OpenCandy, C:\Users\winland\Downloads\doubleTwistSetup (2).exe, Quarantined, [106acdf3305abf775f817103c73f1ae6],

PUP.Optional.OpenCandy, C:\Users\winland\Downloads\doubleTwistSetup.exe, Quarantined, [abcf5e626a200a2c5e82adc71aec9e62],

PUP.Optional.WeCare.A, C:\Windows\Installer\165093.msi, Quarantined, [d3a7754b6426f83e22f6bb66b34df60a],

Trojan.Agent, C:\Users\winland\AppData\Roaming\DE.exe, Quarantined, [6e0c48785a303ef8c1db5fb408fd916f],

Trojan.FakeAlert, C:\Users\winland\AppData\Roaming\Microsoft\Windows\Templates\6o4v7yr6ikfw18072u, Quarantined, [07737f41e5a59c9a791d66ec20e5e818],

Trojan.FakeAlert, C:\ProgramData\6o4v7yr6ikfw18072u, Quarantined, [cdad714fadddc96de1b7d18113f25aa6],

Trojan.FakeAlert, C:\Users\winland\AppData\Local\6o4v7yr6ikfw18072u, Quarantined, [c6b4912fbdcd3204099082d0ec19e917],

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Great job Pat, we got rid of Open candy & some more bad things !

 

Download DDS and save it to your Desktop.  >>> DDS


    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.


Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.


Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com
 

 

Post the log(s) when done !!

 

 

 

======================

 

 

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.comhttp://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   
 

 

=====================

 

 

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.
 

Post that log !!

 

 

Thanks

Chuck

Link to post
Share on other sites
DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.17801  BrowserJavaVersion: 10.60.2

Run by winland at 21:26:50 on 2015-06-29

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3037.1688 [GMT -6:00]

.

AV: Kaspersky Anti-Virus *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k utcsvc

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\OEM\USBDECTION\USBS3S4Detection.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe

C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe

C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Safari\Safari.exe

C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\splwow64.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW

mWinlogon: Userinit = userinit.exe,

uRun: [EPSON NX420 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_S1E1A.tmp" /EF "HKCU"

uRun: [bBQLeadsApplication] C:\Program Files (x86)\bbqleads\BBQLeadsApplication.exe

mRun: [TouchPortalV3Launcher] C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe na

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [MDS_Menu] "C:\Program Files (x86)\Gateway\Gateway TouchPortal\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Gateway\Gateway TouchPortal\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"

mRun: [TouchMovieService] "C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe"

mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup

StartupFolder: C:\Users\winland\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONO~1.LNK - D:\Common\EpsonReg\EpsonReg.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{3E11211E-856F-467E-A8F2-277339C76536} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{3E11211E-856F-467E-A8F2-277339C76536}\C696E6B6379737 : DHCPNameServer = 192.168.32.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

IFEO: bbqleads.exe - TaskList.exe

IFEO: bbqleadsapplication.exe - TaskList.exe

IFEO: bbqleadsservice.exe - TaskList.exe

IFEO: bbqquotes.exe - TaskList.exe

IFEO: ContentExplorer.exe - TaskList.exe

x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [TouchPortalV3Launcher] C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe na

x64-Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: klogon - C:\Windows\System32\klogon.dll

x64-SSODL: WebCheck - <orphaned>

x64-IFEO: bbqleads.exe - TaskList.exe

x64-IFEO: bbqleadsapplication.exe - TaskList.exe

x64-IFEO: bbqleadsservice.exe - TaskList.exe

x64-IFEO: bbqquotes.exe - TaskList.exe

x64-IFEO: ContentExplorer.exe - TaskList.exe

.

Note: multiple IFEO entries found. Please refer to Attach.txt

.

============= SERVICES / DRIVERS ===============

.

R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2014-7-12 30752]

R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]

R1 RawDisk3;RawDisk3;C:\Windows\System32\drivers\rawdsk3.sys [2014-8-24 32912]

R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -r [?]

R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-3-27 166400]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-3-27 128512]

R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]

R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2014-8-24 4700872]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-6-29 1871160]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-6-29 1133880]

R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2014-7-12 82160]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-8-24 430136]

R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-2-10 65657]

R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-11-8 243232]

R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2010-11-8 76320]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-6-29 25816]

R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-6-29 113880]

R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-6-29 63704]

R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2007-10-10 32344]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-8 690208]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 29488]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]

S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-4-24 227904]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-5-13 114688]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]

S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]

S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]

S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]

S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]

S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-4 42328]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-16 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-28 1255736]

S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344]

S4 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2015-06-30 02:37:55 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2015-06-30 02:37:28 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys

2015-06-30 02:37:28 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

2015-06-30 02:37:28 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2015-06-30 02:37:28 -------- d-----w- C:\ProgramData\Malwarebytes

2015-06-30 02:37:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-06-30 02:22:09 -------- d-----w- C:\RegBackup

2015-06-30 02:09:55 -------- d-----w- C:\AdwCleaner

2015-06-30 00:41:23 12221144 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{95EC2466-DD64-466E-9E87-630295CEA447}\mpengine.dll

.

==================== Find3M  ====================

.

2015-05-05 01:29:39 342016 ----a-w- C:\Windows\System32\schannel.dll

2015-05-05 01:12:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll

2015-05-01 13:17:03 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

2015-05-01 13:16:41 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

2015-04-27 19:28:36 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe

2015-04-27 19:28:35 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2015-04-27 19:28:35 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2015-04-27 19:26:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll

2015-04-27 19:22:57 47104 ----a-w- C:\Windows\System32\typeperf.exe

2015-04-27 19:22:57 404992 ----a-w- C:\Windows\System32\tracerpt.exe

2015-04-27 19:22:53 112640 ----a-w- C:\Windows\System32\smss.exe

2015-04-27 19:22:47 296960 ----a-w- C:\Windows\System32\rstrui.exe

2015-04-27 19:22:46 43008 ----a-w- C:\Windows\System32\relog.exe

2015-04-27 19:22:35 31232 ----a-w- C:\Windows\System32\lsass.exe

2015-04-27 19:22:34 104448 ----a-w- C:\Windows\System32\logman.exe

2015-04-27 19:22:26 19456 ----a-w- C:\Windows\System32\diskperf.exe

2015-04-27 19:22:08 338432 ----a-w- C:\Windows\System32\conhost.exe

2015-04-27 19:21:37 64000 ----a-w- C:\Windows\System32\auditpol.exe

2015-04-27 19:18:37 60416 ----a-w- C:\Windows\System32\msobjs.dll

2015-04-27 19:18:25 146432 ----a-w- C:\Windows\System32\msaudite.dll

2015-04-27 19:11:55 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2015-04-27 19:11:54 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2015-04-27 19:08:02 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll

2015-04-27 19:05:40 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll

2015-04-27 19:05:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll

2015-04-27 19:05:34 635392 ----a-w- C:\Windows\SysWow64\tdh.dll

2015-04-27 19:05:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2015-04-27 19:05:29 92160 ----a-w- C:\Windows\SysWow64\sechost.dll

2015-04-27 19:05:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2015-04-27 19:05:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2015-04-27 19:05:17 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2015-04-27 19:05:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll

2015-04-27 19:04:45 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll

2015-04-27 19:04:37 17408 ----a-w- C:\Windows\SysWow64\credssp.dll

2015-04-27 19:04:33 641536 ----a-w- C:\Windows\SysWow64\advapi32.dll

2015-04-27 19:04:33 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2015-04-27 19:04:24 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe

2015-04-27 19:04:24 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe

2015-04-27 19:04:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2015-04-27 19:04:12 37888 ----a-w- C:\Windows\SysWow64\relog.exe

2015-04-27 19:04:04 82944 ----a-w- C:\Windows\SysWow64\logman.exe

2015-04-27 19:03:58 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe

2015-04-27 19:03:52 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe

2015-04-27 19:03:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2015-04-27 19:03:36 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2015-04-27 19:03:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2015-04-27 19:01:33 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll

2015-04-27 19:01:22 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll

2015-04-27 18:06:48 36864 ----a-w- C:\Windows\System32\UtcResources.dll

2015-04-27 17:57:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2015-04-27 17:57:31 2048 ----a-w- C:\Windows\SysWow64\user.exe

2015-04-27 17:55:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2015-04-27 17:55:03 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2015-04-27 17:55:03 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2015-04-27 17:55:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2015-04-21 17:08:08 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2015-04-21 17:07:54 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2015-04-21 16:51:08 66560 ----a-w- C:\Windows\System32\iesetup.dll

2015-04-21 16:50:14 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2015-04-21 16:50:12 584192 ----a-w- C:\Windows\System32\vbscript.dll

2015-04-21 16:50:03 417792 ----a-w- C:\Windows\System32\html.iec

2015-04-21 16:48:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll

2015-04-21 16:35:51 144384 ----a-w- C:\Windows\System32\ieUnatt.exe

2015-04-21 16:35:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe

2015-04-21 16:34:59 814080 ----a-w- C:\Windows\System32\jscript9diag.dll

2015-04-21 16:31:56 6025728 ----a-w- C:\Windows\System32\jscript9.dll

2015-04-21 16:26:35 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2015-04-21 16:25:34 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2015-04-21 16:14:33 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll

2015-04-21 16:11:10 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll

2015-04-21 16:11:07 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll

2015-04-21 16:10:12 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2015-04-21 16:09:57 341504 ----a-w- C:\Windows\SysWow64\html.iec

2015-04-21 16:08:41 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll

2015-04-21 15:58:45 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2015-04-21 15:57:57 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2015-04-21 15:47:04 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll

2015-04-21 15:46:50 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl

2015-04-21 15:43:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

2015-04-21 15:31:13 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll

2015-04-21 15:27:25 2352128 ----a-w- C:\Windows\System32\wininet.dll

2015-04-21 15:25:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2015-04-21 15:24:48 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll

2015-04-21 15:02:00 1882112 ----a-w- C:\Windows\SysWow64\wininet.dll

2015-04-20 03:17:07 1647104 ----a-w- C:\Windows\System32\DWrite.dll

2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll

2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll

2015-04-20 02:11:23 3204608 ----a-w- C:\Windows\System32\win32k.sys

2015-04-18 03:10:57 460800 ----a-w- C:\Windows\System32\certcli.dll

2015-04-18 02:56:57 342016 ----a-w- C:\Windows\SysWow64\certcli.dll

2015-04-13 03:28:33 328704 ----a-w- C:\Windows\System32\services.exe

2015-04-08 03:29:07 275456 ----a-w- C:\Windows\System32\InkEd.dll

2015-04-08 03:29:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll

2015-04-08 03:14:07 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll

.

============= FINISH: 21:29:52.63 ===============
Link to post
Share on other sites
.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume2

Install Date: 3/27/2011 4:34:00 PM

System Uptime: 6/29/2015 9:08:17 PM (0 hours ago)

.

Motherboard: Gateway |  | ZX4931

Processor: Pentium® Dual-Core  CPU      E5800  @ 3.20GHz | CPU 1 | 1185/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 450 GiB total, 333.554 GiB free.

D: is CDROM (UDF)

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: X5XSEx_Pr143

Device ID: ROOT\LEGACY_X5XSEX_PR143\0000

Manufacturer: 

Name: X5XSEx_Pr143

PNP Device ID: ROOT\LEGACY_X5XSEX_PR143\0000

Service: X5XSEx_Pr143

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&15F6138A&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&15F6138A&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP387: 12/30/2014 3:54:47 PM - Windows Update

RP388: 1/11/2015 10:24:36 AM - Windows Update

RP390: 1/11/2015 10:36:34 AM - Windows Defender Checkpoint

RP391: 1/16/2015 4:40:32 PM - Windows Update

RP392: 1/25/2015 1:53:27 PM - Windows Update

RP393: 1/30/2015 4:14:06 PM - Windows Update

RP394: 2/5/2015 7:43:34 PM - Windows Update

RP396: 2/5/2015 8:06:22 PM - Windows Defender Checkpoint

RP397: 3/9/2015 5:51:00 PM - Windows Update

RP398: 3/10/2015 2:01:22 AM - Windows Update

RP399: 3/15/2015 10:42:21 AM - Windows Update

RP400: 3/17/2015 3:00:47 AM - Windows Update

RP401: 3/19/2015 3:00:31 AM - Windows Update

RP402: 3/29/2015 3:25:30 PM - Windows Update

RP403: 5/1/2015 3:00:46 AM - Windows Update

RP404: 5/9/2015 8:27:07 PM - Windows Update

RP405: 5/10/2015 7:38:10 PM - Windows Update

RP406: 5/13/2015 3:01:43 AM - Windows Update

RP407: 5/16/2015 11:13:19 AM - Windows Update

RP408: 6/6/2015 11:50:02 PM - Windows Update

RP409: 6/7/2015 3:00:24 AM - Windows Update

RP410: 6/29/2015 6:39:09 PM - Windows Update

.

==== Image File Execution Options =============

.

IFEO: bbqleads.exe - TaskList.exe

IFEO: bbqleadsapplication.exe - TaskList.exe

IFEO: bbqleadsservice.exe - TaskList.exe

IFEO: bbqquotes.exe - TaskList.exe

IFEO: ContentExplorer.exe - TaskList.exe

IFEO: donutleads.exe - TaskList.exe

IFEO: donutquotes.exe - TaskList.exe

IFEO: internetenhancer.exe - TaskList.exe

IFEO: internetenhancerservice.exe - TaskList.exe

IFEO: pastaleads.exe - TaskList.exe

IFEO: pastaquotes.exe - TaskList.exe

IFEO: theanswerfinder.exe - TaskList.exe

IFEO: wajaminternetenhancer.exe - TaskList.exe

IFEO: WajamInternetEnhancerApp.exe - TaskList.exe

IFEO: WajamInternetEnhancerAppservice.exe - TaskList.exe

IFEO: wajaminternetenhancerservice.exe - TaskList.exe

x64-IFEO: bbqleads.exe - TaskList.exe

x64-IFEO: bbqleadsapplication.exe - TaskList.exe

x64-IFEO: bbqleadsservice.exe - TaskList.exe

x64-IFEO: bbqquotes.exe - TaskList.exe

x64-IFEO: ContentExplorer.exe - TaskList.exe

x64-IFEO: donutleads.exe - TaskList.exe

x64-IFEO: donutquotes.exe - TaskList.exe

x64-IFEO: internetenhancer.exe - TaskList.exe

x64-IFEO: internetenhancerservice.exe - TaskList.exe

x64-IFEO: pastaleads.exe - TaskList.exe

x64-IFEO: pastaquotes.exe - TaskList.exe

x64-IFEO: theanswerfinder.exe - TaskList.exe

x64-IFEO: wajaminternetenhancer.exe - TaskList.exe

x64-IFEO: WajamInternetEnhancerApp.exe - TaskList.exe

x64-IFEO: WajamInternetEnhancerAppservice.exe - TaskList.exe

x64-IFEO: wajaminternetenhancerservice.exe - TaskList.exe

.

==== Installed Programs ======================

.

 Update for Microsoft Office 2007 (KB2508958)

18 Wheels of Steel - American Long Haul

18 Wheels of Steel Extreme Trucker

18 Wheels of Steel: American Long Haul 

7-zip v9.20

7 Wonders II

Acrobat.com

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Flash Player 13 ActiveX

Adobe Reader 9.5.5 MUI

Advertising Center

Agatha Christie - Death on the Nile

Apple Application Support

Apple Mobile Device Support

Apple Software Update

BBQLeads

Bejeweled 2 Deluxe

Best Buy pc app

Big Fish Games: Game Manager

Blackhawk Striker 2

Blitz Media Player

Bonjour

Build-a-lot 2

Bus Driver 1.0

Chuzzle Deluxe

CoachYouths On-Demand 2011

Cooliris for Internet Explorer

D3DX10

Diner Dash 2 Restaurant Rescue

Dora's Carnival Adventure

Eighteen Wheels of Steel: Extreme Trucker 2

Epson CreativeZone

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Event Manager

EPSON NX420 Series Printer Uninstall

EPSON Scan

FATE

ffdshow [rev 2527] [2008-12-19]

FUJIFILM MyFinePix Studio 2.0

Game Channels

Gateway Games

Gateway InfoCentre

Gateway Recovery Management

Gateway Registration

Gateway ScreenSaver

Gateway TouchPortal

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hell's Kitchen

Hotkey Utility

Identity Card

ImagXpress

Inspiration 9

Inspiration 9 PDF Driver (novaPDF 7.0 printer)

Intel® Control Center

Intel® Graphics Media Accelerator Driver

iolo technologies' System Mechanic

iTunes

Java 7 Update 60

Java Auto Updater

Jewel Quest - Heritage

Jewel Quest Solitaire 2

John Deere Drive Green

Junk Mail filter update

Kaspersky Anti-Virus 2012

Malwarebytes Anti-Malware version 2.1.8.1057

McAfee Security Scan Plus

MediaShow Espresso

Mesh Runtime

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Primary Interoperability Assemblies 2005

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Touch Pack for Windows 7

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft XNA Framework Redistributable 3.0

Motorola Device Manager

Motorola Device Software Update

Motorola Mobile Drivers Installation 5.9.0

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

Nero 9 Essentials

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

Octoshape add-in for Adobe Flash Player

Penguins!

Plants vs. Zombies

PMB

Polar Bowler

Polar Golfer

QuickTime 7

RAF

Realtek High Definition Audio Driver

Roads of Rome

Safari

Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)

Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)

Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)

Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)

Security Update for Microsoft .NET Framework 4.5.1 (KB3023224)

Security Update for Microsoft .NET Framework 4.5.1 (KB3035490)

Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2883029) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2965282) 32-Bit Edition 

Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956106) 32-Bit Edition 

Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2965210) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2956103) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2899580) 32-Bit Edition 

Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition 

Security Update for Microsoft Office Word 2007 (KB2965284) 32-Bit Edition 

ShopAtHome.com Toolbar

The Treasures of Montezuma

THX TruStudio Pro

Touch Movie

Touch MVP

TouchCam

TouchSettings

Unlikely Suspects

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2920794) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2986252) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update Installer for WildTangent Games App

Virtual Earth 3D (Beta)

Virtual Villagers 4 - The Tree of Life

Welcome Center

WildTangent Games

WildTangent Games App

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Word Up

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

6/29/2015 9:08:57 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  KLIM6

6/29/2015 9:08:56 PM, Error: Service Control Manager [7000]  - The X5XSEx_Pr143 service failed to start due to the following error:  The system cannot find the path specified.

6/29/2015 8:23:45 PM, Error: Service Control Manager [7031]  - The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/29/2015 8:23:44 PM, Error: Service Control Manager [7034]  - The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

6/29/2015 8:23:44 PM, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

6/29/2015 8:23:40 PM, Error: Service Control Manager [7034]  - The USBS3S4Detection service terminated unexpectedly.  It has done this 1 time(s).

6/29/2015 8:23:40 PM, Error: Service Control Manager [7034]  - The Updater Service service terminated unexpectedly.  It has done this 1 time(s).

6/29/2015 8:23:40 PM, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

6/29/2015 8:23:39 PM, Error: Service Control Manager [7034]  - The PMBDeviceInfoProvider service terminated unexpectedly.  It has done this 1 time(s).

6/29/2015 8:23:39 PM, Error: Service Control Manager [7034]  - The iolo System Service service terminated unexpectedly.  It has done this 1 time(s).

6/29/2015 8:23:39 PM, Error: Service Control Manager [7034]  - The GREGService service terminated unexpectedly.  It has done this 1 time(s).

6/29/2015 8:23:39 PM, Error: Service Control Manager [7031]  - The PST Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.

6/29/2015 8:23:38 PM, Error: Service Control Manager [7034]  - The EPSON V5 Service4(04) service terminated unexpectedly.  It has done this 1 time(s).

6/29/2015 8:23:38 PM, Error: Service Control Manager [7034]  - The EPSON V3 Service4(04) service terminated unexpectedly.  It has done this 1 time(s).

6/29/2015 8:23:38 PM, Error: Service Control Manager [7034]  - The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

6/29/2015 8:23:37 PM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/29/2015 8:12:41 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

6/29/2015 8:12:41 PM, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

6/29/2015 8:12:41 PM, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

6/29/2015 8:12:41 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/29/2015 8:12:41 PM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/29/2015 8:12:09 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.

6/29/2015 8:11:39 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

6/29/2015 8:11:38 PM, Error: Service Control Manager [7034]  - The vToolbarUpdater18.5.0 service terminated unexpectedly.  It has done this 1 time(s).

6/29/2015 8:11:38 PM, Error: Service Control Manager [7034]  - The VO Service component service terminated unexpectedly.  It has done this 1 time(s).

6/29/2015 8:11:37 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/29/2015 7:03:46 PM, Error: Schannel [36887]  - The following fatal alert was received: 40.

.

==== End Of File ===========================
Link to post
Share on other sites
OTL logfile created on: 6/29/2015 9:43:35 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\winland\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17801)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.97 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 49.33% Memory free

5.93 Gb Paging File | 3.66 Gb Available in Paging File | 61.67% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450.04 Gb Total Space | 333.56 Gb Free Space | 74.12% Space Free | Partition Type: NTFS

Drive D: | 2.19 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

 

Computer Name: WINLAND-PC | User Name: winland | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2015/06/29 21:40:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\winland\Downloads\OTL-1.com

PRC - [2015/06/18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

PRC - [2015/06/18 08:39:46 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

PRC - [2015/06/18 08:39:34 | 006,554,424 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

PRC - [2014/07/13 14:04:06 | 005,386,320 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe

PRC - [2014/07/13 13:35:34 | 004,700,872 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe

PRC - [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe

PRC - [2012/05/30 20:06:40 | 000,014,224 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe

PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe

PRC - [2011/08/24 17:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

PRC - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe

PRC - [2010/12/03 00:00:42 | 000,618,600 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

PRC - [2010/11/30 11:11:00 | 000,438,376 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe

PRC - [2010/11/12 16:21:30 | 000,155,752 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe

PRC - [2010/09/27 15:49:38 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe

PRC - [2010/08/06 14:57:50 | 001,370,624 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe

PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

PRC - [2009/12/09 03:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2015/05/13 03:52:58 | 001,669,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5911ca2046a5590ccd2af3eb029f572b\Microsoft.VisualBasic.ni.dll

MOD - [2015/05/13 03:46:35 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c02c8e7414b69eab34c019a9ab3ec85f\PresentationFramework.ni.dll

MOD - [2015/05/13 03:46:22 | 012,438,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f6ef958493f4280fb56201ddf37a546b\System.Windows.Forms.ni.dll

MOD - [2015/05/13 03:46:16 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b0a82d399e3786dd19b06e094cdb7d9e\System.Drawing.ni.dll

MOD - [2015/05/13 03:46:12 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\6b1d0aa3de627ea4a2c51e993c20adce\System.Configuration.ni.dll

MOD - [2015/05/13 03:46:05 | 012,254,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\fe7835eea5e5436f9eba9b5410081b50\PresentationCore.ni.dll

MOD - [2015/05/13 03:45:54 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\be3938e3f098b367f389fe9d95908c19\WindowsBase.ni.dll

MOD - [2015/05/05 08:06:10 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2a251c78b1ae72c36cc6c3e6131efcff\System.Runtime.Remoting.ni.dll

MOD - [2014/10/26 03:34:48 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7a042b46130d9b9c7498bf10af0cb036\System.Xml.ni.dll

MOD - [2014/10/26 03:34:27 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ea649d6e9b7c95482ec8f75ba544ae5a\System.ni.dll

MOD - [2014/10/11 14:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2014/09/20 03:37:42 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll

MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/03/22 11:40:50 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll

MOD - [2012/03/22 11:40:28 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll

MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll

MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll

MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll

MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll

MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll

MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll

MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll

MOD - [2010/12/03 00:00:42 | 000,618,600 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

MOD - [2010/12/02 21:44:54 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll

MOD - [2010/08/13 13:00:24 | 000,014,368 | ---- | M] () -- C:\Program Files (x86)\Gateway\Gateway TouchPortal\LanguageDll\TouchPortalLauncher-en.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2015/04/27 13:23:32 | 001,254,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)

SRV:64bit: - [2015/04/21 10:35:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/09/06 11:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)

SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)

SRV:64bit: - [2009/09/13 23:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)

SRV:64bit: - [2009/09/13 23:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)

SRV - [2015/06/18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2015/06/18 08:39:46 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2014/07/13 13:35:34 | 004,700,872 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)

SRV - [2014/06/07 09:43:54 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/06/05 16:10:46 | 000,203,344 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2014/04/24 15:04:16 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)

SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2012/10/23 16:58:52 | 000,120,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)

SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)

SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)

SRV - [2010/01/15 16:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)

SRV - [2009/12/09 03:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2015/06/29 21:36:24 | 000,113,880 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV:64bit: - [2015/06/18 08:41:56 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)

DRV:64bit: - [2015/06/18 08:41:40 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2014/08/16 00:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2014/07/13 13:33:58 | 000,032,912 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\rawdsk3.sys -- (RawDisk3)

DRV:64bit: - [2014/04/30 10:03:26 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)

DRV:64bit: - [2014/04/30 10:03:24 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)

DRV:64bit: - [2013/01/04 21:48:36 | 000,042,328 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)

DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/08/01 12:13:40 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)

DRV:64bit: - [2012/06/11 12:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)

DRV:64bit: - [2012/06/08 17:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)

DRV:64bit: - [2012/06/08 17:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/25 15:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)

DRV:64bit: - [2011/11/08 14:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)

DRV:64bit: - [2011/04/20 15:50:08 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2011/03/04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)

DRV:64bit: - [2011/03/04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/02/06 01:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)

DRV:64bit: - [2009/12/09 03:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/11/17 17:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)

DRV:64bit: - [2009/11/02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 14:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/01/29 19:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW

IE - HKU\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-756214247-1336522751-3168458980-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-756214247-1336522751-3168458980-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-756214247-1336522751-3168458980-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/11/08 06:52:26 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found

FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/11/08 06:52:26 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget:  File not found

FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast:  File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/02/21 18:52:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/02/21 18:52:34 | 000,000,000 | ---D | M]

 

 

========== Chrome  ==========

 

CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\

CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\

CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednfpjleaanokkjcgljbmamhlbkddcgh\12768.4517.4046_0\

CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag\1.0.1.450_0\

CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\

CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\

CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1\

 

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)

O4:64bit: - HKLM..\Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe (Acer Corp.)

O4:64bit: - HKLM..\Run: [TouchPortalV3Launcher] C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe (Acer Corp.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()

O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Gateway\Gateway TouchPortal\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [TouchMovieService] C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [TouchPortalV3Launcher] C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe (Acer Corp.)

O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)

O4 - HKU\.DEFAULT..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found

O4 - HKU\S-1-5-18..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found

O4 - HKU\S-1-5-19..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-756214247-1336522751-3168458980-1001..\Run: [bBQLeadsApplication] C:\Program Files (x86)\bbqleads\BBQLeadsApplication.exe File not found

O4 - HKU\S-1-5-21-756214247-1336522751-3168458980-1001..\Run: [EPSON NX420 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_S1E1A.tmp" /EF "HKCU" File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk =  File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk =  File not found

O4 - Startup: C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson Other Registration.lnk =  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E11211E-856F-467E-A8F2-277339C76536}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O27:64bit: - HKLM IFEO\bbqleads.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\bbqleadsapplication.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\bbqleadsservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\bbqquotes.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\ContentExplorer.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\donutleads.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\donutquotes.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\internetenhancer.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\internetenhancerservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\pastaleads.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\pastaquotes.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\theanswerfinder.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\wajaminternetenhancer.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\WajamInternetEnhancerApp.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\WajamInternetEnhancerAppservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\wajaminternetenhancerservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\bbqleads.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\bbqleadsapplication.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\bbqleadsservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\bbqquotes.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\ContentExplorer.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\donutleads.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\donutquotes.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\internetenhancer.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\internetenhancerservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\pastaleads.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\pastaquotes.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\theanswerfinder.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\wajaminternetenhancer.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\WajamInternetEnhancerApp.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\WajamInternetEnhancerAppservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)

O27 - HKLM IFEO\wajaminternetenhancerservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{ebc117e7-637a-11e2-b2aa-f80f410db1c0}\Shell - "" = AutoRun

O33 - MountPoints2\{ebc117e7-637a-11e2-b2aa-f80f410db1c0}\Shell\AutoRun\command - "" = F:\MotorolaDeviceManagerSetup.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2015/06/29 20:37:55 | 000,113,880 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2015/06/29 20:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2015/06/29 20:37:28 | 000,109,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2015/06/29 20:37:28 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2015/06/29 20:37:28 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2015/06/29 20:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2015/06/29 20:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2015/06/29 20:22:09 | 000,000,000 | ---D | C] -- C:\RegBackup

[2015/06/29 20:09:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2011/06/10 13:20:56 | 000,525,856 | ---- | C] (Catalina Marketing Corp. ) -- C:\Users\winland\CouponActivator.exe

[2011/06/09 15:48:03 | 081,614,632 | ---- | C] (Apple Inc.) -- C:\Users\winland\iTunes64Setup.exe

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2015/06/29 21:38:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2015/06/29 21:36:24 | 000,113,880 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2015/06/29 21:17:31 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2015/06/29 21:17:31 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2015/06/29 21:09:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2015/06/29 21:08:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2015/06/29 21:08:27 | 2388,529,152 | -HS- | M] () -- C:\hiberfil.sys

[2015/06/29 20:37:50 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2015/06/29 20:22:13 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-WINLAND-PC-Windows-7-Home-Premium-(64-bit).dat

[2015/06/29 19:59:01 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\029B560A371F4E00AB32838EBC01B9E7

[2015/06/29 19:56:49 | 000,000,188 | ---- | M] () -- C:\Users\winland\AppData\Roaming\WB.CFG

[2015/06/29 19:44:50 | 000,002,304 | ---- | M] () -- C:\Users\winland\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2015/06/29 18:54:27 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2015/06/18 08:41:56 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2015/06/18 08:41:44 | 000,109,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2015/06/18 08:41:40 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2015/06/29 20:37:50 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2015/06/29 20:22:13 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-WINLAND-PC-Windows-7-Home-Premium-(64-bit).dat

[2014/07/12 09:40:42 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat

[2014/02/15 08:29:36 | 000,000,083 | ---- | C] () -- C:\ProgramData\SAH_Install.ini

[2013/12/18 17:02:44 | 000,000,188 | ---- | C] () -- C:\Users\winland\AppData\Roaming\WB.CFG

[2012/04/28 08:38:08 | 000,017,408 | ---- | C] () -- C:\Users\winland\AppData\Local\WebpageIcons.db

[2012/02/05 12:17:35 | 000,003,584 | ---- | C] () -- C:\Users\winland\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== ZeroAccess Check ==========

 

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2015/02/12 23:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2015/02/12 23:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013/04/01 12:07:36 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\.minecraft

[2012/03/03 08:00:45 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Big Fish Games

[2011/06/10 13:21:33 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Catalina Marketing Corp

[2011/08/21 10:20:41 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\EPSON

[2011/07/06 18:24:06 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Inspiration Software

[2014/08/24 10:33:02 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\iolo

[2014/07/12 10:14:14 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\ioloGovernor

[2011/03/27 17:23:47 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Leadertech

[2012/02/26 12:09:11 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Ludia

[2013/02/10 18:15:44 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Motorola

[2013/02/10 18:17:18 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Motorola Mobility

[2011/03/27 16:35:58 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\OEM

[2012/02/26 21:07:57 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Packard Bell

[2011/03/27 16:39:51 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\PowerCinema

[2011/07/06 18:23:49 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Softland

[2012/05/26 18:16:24 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\Super-Cow

[2012/04/09 15:21:33 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\tabagames

[2014/12/07 20:34:44 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\TouchGadget

[2011/04/22 22:08:55 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\TouchPortalV3

[2012/05/21 16:21:17 | 000,000,000 | ---D | M] -- C:\Users\winland\AppData\Roaming\WildTangent

 

========== Purity Check ==========

 

 

 

========== Files - Unicode (All) ==========

[2012/02/19 17:32:07 | 000,000,244 | ---- | M] ()(C:\Users\winland\Desktop\1003i.pdf?(661KB)?.url) -- C:\Users\winland\Desktop\1003i.pdf‎(661KB)‎.url

[2012/02/19 17:32:07 | 000,000,244 | ---- | C] ()(C:\Users\winland\Desktop\1003i.pdf?(661KB)?.url) -- C:\Users\winland\Desktop\1003i.pdf‎(661KB)‎.url

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9D6EAEC3

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:98CD9221

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5F1019FF

@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:E5496666

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:FBFC061F

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:1663E41B

 

< End of report >
Link to post
Share on other sites
OTL Extras logfile created on: 6/29/2015 9:43:35 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\winland\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17801)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.97 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 49.33% Memory free

5.93 Gb Paging File | 3.66 Gb Available in Paging File | 61.67% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450.04 Gb Total Space | 333.56 Gb Free Space | 74.12% Space Free | Partition Type: NTFS

Drive D: | 2.19 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

 

Computer Name: WINLAND-PC | User Name: winland | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{15F77064-A8C8-41C7-A39C-644586896249}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{1A63A3D9-5C6F-4CBB-AAD4-1B4234791989}" = rport=137 | protocol=17 | dir=out | app=system | 

"{3814EA2C-727C-40DA-8AC3-948BD90808BE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"{3E825AFD-F0ED-42A1-B7F2-B3F2B2F5A903}" = lport=138 | protocol=17 | dir=in | app=system | 

"{40107E6B-183A-4F25-B08F-DE82CD799605}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{420FA269-4BF0-488C-8B9F-249CC7EE150C}" = rport=138 | protocol=17 | dir=out | app=system | 

"{4A944DF8-1F9B-48DB-9DAE-0576424EA527}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{58E26DF1-345C-4B5C-BF82-2DBB888581A8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{5E78C295-CD3F-4956-BFE7-3A16548441CD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 

"{5EDFB865-DF4B-44AD-A748-02C5213188ED}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{6316E4BA-1EEB-4A5E-A1BA-DFE51D9890CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{63841B59-898D-4B27-B82E-1591B13C1DBC}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{70034F3D-DAFC-4486-BEC0-0C122E17B3D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{754C1CA7-9735-46BA-92C1-11B119FC0E54}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 

"{7EAE286B-C1E5-4309-8F44-2751D1AF3A77}" = lport=139 | protocol=6 | dir=in | app=system | 

"{8B334D28-6D04-4E04-965A-F031496F3FEA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{9C301049-8E76-43E6-87E9-7F791D989CB9}" = rport=445 | protocol=6 | dir=out | app=system | 

"{A8C6F9A9-DF48-4C68-98CC-482640BBDB74}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{AE04CBDF-1E7F-4BDC-9B7E-6DDD880A96A8}" = lport=445 | protocol=6 | dir=in | app=system | 

"{B21B6C43-0123-4F0F-A595-7C44288532A7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{B42F43A1-95EF-43D5-96AF-2D9F0E08ED07}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{C3F28A11-63D0-41CA-BD42-176C0D0FC1E2}" = lport=137 | protocol=17 | dir=in | app=system | 

"{C6CF57BE-9249-42BE-9196-721060A49C22}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{E2F424D9-4A4C-4F98-AC17-DC1A7921574C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{E4916E69-00B8-449C-BFD6-0E918693CA97}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{E764230C-07F9-4CF0-8BB8-1FF6EBB497AC}" = rport=139 | protocol=6 | dir=out | app=system | 

"{FB2493D8-B27D-4749-8305-58E65ACCCEBC}" = lport=2869 | protocol=6 | dir=in | app=system | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02854A9F-EEF3-4393-A63B-2591D53E10A2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{0303AE19-BCF3-42B1-A8DB-A300A8184C15}" = dir=in | app=c:\programdata\zoomify2\1.1.0.27\cozhost.exe | 

"{19D6DA09-83F6-4400-A71A-38684852C31B}" = protocol=6 | dir=in | app=c:\programdata\zoomify2\1.1.0.27\cozhost.exe | 

"{44778854-557A-4FA9-AAD0-0199C3756167}" = dir=in | app=c:\program files (x86)\gateway\gateway touchportal\touch movie\touchmovieservice.exe | 

"{456E7F89-8AF0-4338-BAEB-BD5B3513123B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{4729C31B-A139-403D-8260-EACDD3DA9429}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{4C90D59B-CAB7-4813-B3B4-103E6D741CEB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 

"{4DFDB0F0-6659-4F81-B992-8DFE8A16D347}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{4F555B3F-961A-43B7-B30C-CE837481109F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{5146B551-9B76-483F-AB0B-3E80D8D7279B}" = protocol=6 | dir=out | app=system | 

"{54FEC050-56A5-4D8B-967C-D9F725FBCF16}" = protocol=1 | dir=out | [email protected],-28544 | 

"{56F6894F-688E-4B55-ACE9-EE0FC3581E5A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{58D9C7B9-3FDE-4E43-AF07-6C1622636F4A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{58E51611-68A5-4DA0-9034-B520972A0451}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{5C5EC641-36F8-4E2B-8453-3539A691E536}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 

"{5E8617F8-26D4-488D-862F-8D9D63332FE8}" = protocol=58 | dir=out | [email protected],-28546 | 

"{640FA995-8962-4C60-A3E9-59F6CB5D9D00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{6749E32B-E41D-4A8D-8194-E81076142DF2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{6AFCF9C6-05B9-48E0-933D-5A9EF442D2CA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{71DF4223-92E6-4011-B7B6-BC1183B40BAC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{77293018-D62A-4D00-BB75-0078EA20812A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 

"{7B65D486-1A39-4E8E-BFAD-94662A5E3012}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{813D4CE7-9A7B-4A53-B1D2-67E8E257C5AA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{827024F5-9A20-45AD-B0E6-24A595CE71D5}" = protocol=58 | dir=in | [email protected],-28545 | 

"{89EAF96B-9097-48A6-B634-C5C259CCD705}" = dir=in | app=c:\program files (x86)\gateway\gateway touchportal\touch movie\touchmovie.exe | 

"{8E604430-6FF2-4C8B-963C-390BF071D7FB}" = dir=in | app=c:\program files (x86)\gateway\gateway touchportal\touch mvp\touchphoto.exe | 

"{9B154749-9441-46E0-A182-2F35EC832E0C}" = protocol=17 | dir=in | app=c:\programdata\zoomify2\1.1.0.27\cozhost.exe | 

"{9E75B3CA-98EC-4CBA-8B80-C880D813737D}" = protocol=1 | dir=in | [email protected],-28543 | 

"{A4622239-6738-4B48-9DB5-D410316F3064}" = protocol=17 | dir=in | app=c:\programdata\zoomify2\1.1.0.27\cozhost.exe | 

"{B193A3BB-4FD6-4737-8559-185E021ACC14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{B4420BD6-56F5-424B-8C2F-112A819D0769}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{BA912183-3012-4193-A11D-6893C8570846}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{BB8BFD11-30DA-4B1B-BF84-1EC99729C2D0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{BD90CAA9-D469-49C9-99AF-2C30E0CF5173}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{C0C2B864-DAB0-4277-9CA4-52E0C75CC5F1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{C12FC2E3-67DF-46C8-9670-F2379A271081}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 

"{C5EEC0C9-D156-4497-B7AE-9A002E178928}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{CB744BA4-AE35-4D4E-9FE5-18EE3884287C}" = dir=in | app=c:\program files (x86)\gateway\gateway touchportal\touch mvp\touchvideo.exe | 

"{CEB02D72-9FAE-441D-B165-35FAA87D7689}" = protocol=6 | dir=in | app=c:\programdata\zoomify2\1.1.0.27\cozhost.exe | 

"{CFEA05B1-FA13-4DFF-A49B-ADD06D270C2F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{DDBD8C51-A74A-4328-93D8-E113EE65057B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{DDFFD265-407A-4E11-B684-415BB17AB9C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{E0DA024F-CB73-48D4-A6E0-53818C104057}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{E503EBEF-AA89-4361-AF47-C22CBAAC105F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{E5C9AC8B-6125-4C60-8C56-44C2FDDD5E85}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{EAB4154B-52E1-4DC9-B298-C3A25418A3B4}" = dir=in | app=c:\program files (x86)\gateway\gateway touchportal\touch mvp\touchmusic.exe | 

"{F4ABE971-2492-470B-9683-9C06954B47E0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"TCP Query User{01D6C2CE-986E-47F3-9716-109E9C3F148F}C:\users\winland\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\winland\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 

"TCP Query User{9F0DC80D-6038-48EA-9CAA-EA0BB01B7416}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 

"UDP Query User{AF4973D6-0070-446A-8FB1-16BEA846C78A}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 

"UDP Query User{B1D9331C-EFC5-49AE-A189-6D516D28A0EA}C:\users\winland\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\winland\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}" = iTunes

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4E7CCB76-687B-4C53-9A5E-08780AF3A551}" = Motorola Mobile Drivers Installation 5.9.0

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Virtual Earth 3D (Beta)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall

"Inspiration 9 PDF Driver_is1" = Inspiration 9 PDF Driver (novaPDF 7.0 printer)

"McAfee Security Scan" = McAfee Security Scan Plus

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = TouchCam

"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{14C52FEF-0236-4D8C-BBE2-E6D7C4F2926D}" = Cooliris for Internet Explorer

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Touch MVP

"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 60

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0

"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2

"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7

"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012

"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM

"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{75880CD4-9436-4EDD-B7E7-400EBFD60B2C}" = TouchSettings

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{81DE15C9-5390-4533-81DF-2DC936C1A40C}" = Motorola Device Software Update

"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help

"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8CA345D8-38CF-4450-A98D-934309465C81}" = CoachYouths On-Demand 2011

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{97BE901A-9940-4ACF-9921-A6FAA284AC03}" = THX TruStudio Pro

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI

"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB

"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Touch Movie

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C652F86F-348A-4A65-8BE8-A3F7A6370D98}" = Gateway TouchPortal

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade

"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{e1f93164-faf7-4d1d-98d8-038b45485714}" = Nero 9 Essentials

"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help

"{E6B43401-E818-4961-AFED-118DD8E87642}" = RAF

"{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"18 Wheels of Steel: American Long Haul" = 18 Wheels of Steel: American Long Haul 

"7-zip" = 7-zip v9.20

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"bbqleads" = BBQLeads

"BFGC" = Big Fish Games: Game Manager

"BFG-Hells Kitchen" = Hell's Kitchen

"BlitzMediaPlayer" = Blitz Media Player

"Bus Driver" = Bus Driver 1.0

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EPSON Scanner" = EPSON Scan

"exent_466550" = The Treasures of Montezuma

"exent_586350" = 7 Wonders II

"exent_706250" = Roads of Rome

"exent_708650" = Unlikely Suspects

"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]

"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 2.0

"Gateway InfoCentre" = Gateway InfoCentre

"Gateway Registration" = Gateway Registration

"Gateway Screensaver" = Gateway ScreenSaver

"Gateway Welcome Center" = Welcome Center

"Google Chrome" = Google Chrome

"Hotkey Utility" = Hotkey Utility

"Identity Card" = Identity Card

"Inspiration 9" = Inspiration 9

"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.8.1057

"SelectRebatesUninstall" = ShopAtHome.com Toolbar

"WildTangent gateway Master Uninstall" = Gateway Games

"WildTangent wildgames Master Uninstall" = WildTangent Games

"WildTangentGameProvider-gateway-main" = Game Channels

"WildTangentGameProvider-gateway-touch" = Game Channels

"WinLiveSuite" = Windows Live Essentials

"WT088049" = Agatha Christie - Death on the Nile

"WT088062" = Bejeweled 2 Deluxe

"WT088067" = Build-a-lot 2

"WT088074" = Chuzzle Deluxe

"WT088080" = Diner Dash 2 Restaurant Rescue

"WT088115" = Jewel Quest Solitaire 2

"WT088135" = Plants vs. Zombies

"WT088375" = Blackhawk Striker 2

"WT088395" = Dora's Carnival Adventure

"WT088415" = FATE

"WT088447" = John Deere Drive Green

"WT088451" = Penguins!

"WT088455" = Polar Bowler

"WT088459" = Polar Golfer

"WT088507" = Virtual Villagers 4 - The Tree of Life

"WT088546" = Zuma's Revenge

"WT088651" = 18 Wheels of Steel - American Long Haul

"WT088655" = Jewel Quest - Heritage

"WTA-b10866a3-d59d-435e-ba52-7cf2325c7a63" = Word Up

"WTA-b6f4a261-2599-48fa-b9c3-707bbeac3905" = Eighteen Wheels of Steel: Extreme Trucker 2

"WTA-dce4fd47-f111-43f9-ba54-99dd199c57a5" = 18 Wheels of Steel Extreme Trucker

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-756214247-1336522751-3168458980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"48e4cff94f039634" = Best Buy pc app

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 12/1/2013 4:34:42 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 3120

 

Error - 12/1/2013 4:34:42 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 3120

 

Error - 12/1/2013 4:34:43 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 12/1/2013 4:34:43 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4118

 

Error - 12/1/2013 4:34:43 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4118

 

Error - 12/1/2013 4:34:44 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 12/1/2013 4:34:44 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 5117

 

Error - 12/1/2013 4:34:44 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 5117

 

Error - 12/1/2013 4:34:45 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 12/1/2013 4:34:45 PM | Computer Name = winland-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 6115

 

[ Media Center Events ]

Error - 5/21/2012 8:34:38 AM | Computer Name = winland-PC | Source = MCUpdate | ID = 0

Description = 6:34:37 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 

status 404: The requested URL does not exist on the server.  )  

 

Error - 5/21/2012 8:58:29 PM | Computer Name = winland-PC | Source = MCUpdate | ID = 0

Description = 6:56:49 PM - Failed to retrieve NetTV (Error: The underlying connection

 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 

 

Error - 5/21/2012 9:01:32 PM | Computer Name = winland-PC | Source = MCUpdate | ID = 0

Description = 6:59:52 PM - Failed to retrieve MCESpotlight (Error: The underlying

 connection was closed: Could not establish trust relationship for the SSL/TLS secure

 channel.)  

 

Error - 5/21/2012 9:04:30 PM | Computer Name = winland-PC | Source = MCUpdate | ID = 0

Description = 7:03:14 PM - Failed to retrieve MCEClientUX (Error: Invalid security

 token.)  

 

Error - 5/21/2012 9:04:33 PM | Computer Name = winland-PC | Source = MCUpdate | ID = 0

Description = 7:04:33 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 

status 404: The requested URL does not exist on the server.  )  

 

Error - 5/21/2012 10:05:53 PM | Computer Name = winland-PC | Source = MCUpdate | ID = 0

Description = 8:05:52 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 

status 404: The requested URL does not exist on the server.  )  

 

Error - 5/22/2012 9:00:15 AM | Computer Name = winland-PC | Source = MCUpdate | ID = 0

Description = 7:00:11 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 

status 404: The requested URL does not exist on the server.  )  

 

Error - 5/22/2012 8:17:11 PM | Computer Name = winland-PC | Source = MCUpdate | ID = 0

Description = 6:17:11 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 

status 404: The requested URL does not exist on the server.  )  

 

Error - 5/23/2012 8:46:16 AM | Computer Name = winland-PC | Source = MCUpdate | ID = 0

Description = 6:46:16 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 

status 404: The requested URL does not exist on the server.  )  

 

Error - 6/7/2012 8:36:37 AM | Computer Name = winland-PC | Source = MCUpdate | ID = 0

Description = 6:36:37 AM - Error connecting to the internet.  6:36:37 AM -     Unable

 to contact server..  

 

[ OSession Events ]

Error - 11/5/2011 2:30:11 PM | Computer Name = winland-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3298

 seconds with 240 seconds of active time.  This session ended with a crash.

 

Error - 11/13/2011 12:20:14 PM | Computer Name = winland-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session 

lasted 18 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 11/13/2011 12:20:56 PM | Computer Name = winland-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session 

lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 11/13/2011 1:26:57 PM | Computer Name = winland-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4636

 seconds with 2760 seconds of active time.  This session ended with a crash.

 

Error - 12/23/2011 5:31:17 PM | Computer Name = winland-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7889

 seconds with 1500 seconds of active time.  This session ended with a crash.

 

Error - 5/12/2012 7:03:22 PM | Computer Name = winland-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32190

 seconds with 480 seconds of active time.  This session ended with a crash.

 

Error - 9/28/2013 9:45:07 PM | Computer Name = winland-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 537141

 seconds with 7980 seconds of active time.  This session ended with a crash.

 

Error - 5/5/2014 10:51:30 PM | Computer Name = winland-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2256

 seconds with 840 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 2/21/2013 1:30:57 PM | Computer Name = winland-PC | Source = Service Control Manager | ID = 7034

Description = The Hotspot Shield Routing Service service terminated unexpectedly.

  It has done this 1 time(s).

 

Error - 2/26/2013 11:16:47 PM | Computer Name = winland-PC | Source = Service Control Manager | ID = 7030

Description = The Hotspot Shield Service service is marked as an interactive service.

  However, the system is configured to not allow interactive services.  This service

 may not function properly.

 

Error - 2/26/2013 11:16:49 PM | Computer Name = winland-PC | Source = Service Control Manager | ID = 7034

Description = The Hotspot Shield Routing Service service terminated unexpectedly.

  It has done this 2 time(s).

 

Error - 2/26/2013 11:18:52 PM | Computer Name = winland-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

   KLIM6

 

Error - 2/27/2013 6:19:38 AM | Computer Name = winland-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

   KLIM6

 

Error - 3/10/2013 10:32:01 PM | Computer Name = winland-PC | Source = Service Control Manager | ID = 7031

Description = The Apple Mobile Device service terminated unexpectedly.  It has done

 this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:

 Restart the service.

 

Error - 3/10/2013 10:32:16 PM | Computer Name = winland-PC | Source = Service Control Manager | ID = 7031

Description = The Apple Mobile Device service terminated unexpectedly.  It has done

 this 2 time(s).  The following corrective action will be taken in 60000 milliseconds:

 Restart the service.

 

Error - 3/10/2013 10:33:16 PM | Computer Name = winland-PC | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

 the service) after the unexpected termination of the Apple Mobile Device service,

 but this action failed with the following error:   %%1056

 

Error - 3/14/2013 5:21:50 AM | Computer Name = winland-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 3:20:18 AM on ?3/?14/?2013 was unexpected.

 

Error - 3/14/2013 5:22:12 AM | Computer Name = winland-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

   KLIM6

 

 

< End of report >
Link to post
Share on other sites
Results of screen317's Security Check version 1.004  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Kaspersky Anti-Virus   

 Antivirus out of date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 60  

 Java version 32-bit out of Date! 

  Adobe Flash Player 11.6.602.171 Flash Player out of Date!  

 Adobe Reader 9 Adobe Reader out of Date! 

 Google Chrome (43.0.2357.130) 

 Google Chrome (43.0.2357.81) 

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Kaspersky Lab Kaspersky Anti-Virus 2012 avp.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

 iolo Common Lib ioloServiceManager.exe 

 iolo System Mechanic LiveBoost.exe  

 iolo System Mechanic iologovernor64.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 8% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Ok Lets see if we can get this wrapped up shortly !!

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-756214247-1336522751-3168458980-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-756214247-1336522751-3168458980-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRCFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not foundFF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not foundFF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget:  File not foundFF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast:  File not foundCHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednfpjleaanokkjcgljbmamhlbkddcgh\12768.4517.4046_0\CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag\1.0.1.450_0\CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\CHR - Extension: No name found = C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1\O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4 - HKLM..\Run: []  File not foundO4 - HKU\.DEFAULT..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not foundO4 - HKU\S-1-5-18..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not foundO4 - HKU\S-1-5-19..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not foundO4 - HKU\S-1-5-21-756214247-1336522751-3168458980-1001..\Run: [BBQLeadsApplication] C:\Program Files (x86)\bbqleads\BBQLeadsApplication.exe File not foundO4 - HKU\S-1-5-21-756214247-1336522751-3168458980-1001..\Run: [EPSON NX420 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_S1E1A.tmp" /EF "HKCU" File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk =  File not foundO4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk =  File not foundO4 - Startup: C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson Other Registration.lnk =  File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9D6EAEC3@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:98CD9221@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5F1019FF@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:E5496666@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:FBFC061F@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:1663E41B:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.


===============================

After  you post that log you have some out of date stuff:
Update Java Runtime

Make sure you uncheck any boxes that want you to install tool bars or anything other than Java

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
[*]Please go here to install Java >>> http://www.java.com/en/

  [o]  click on the Free Java Download Button
  [o]  click on Agree and start Free download
  [o]  click on Run
  [o]  click on run again
  [o]  click on install
  [o]  when install is complete click on close
[*]Reboot your computer

======================

Update Adobe Reader

Make sure you uncheck the box to install McAfee Security Scan Plus

  1. Please uninstall unless you already have Adobe Reader XXX XXX xxx before installing the latest version by going to Start > Control Panel and double clicking on Add/Remove Programs. Locate Adobe Reader XX xxx xx and click on Change/Remove to uninstall it.
  2. Click here to download the latest version of Adobe Acrobat Reader.
  3. Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you.

    If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  4. Close your Internet browser and open it again.



========================

Update Flash Player >>>>> https://get.adobe.com/flashplayer/
Unclick the box for the  McAfee Security Scan Plus .................. Do Not let it install anything but FLASH PLAYER !!

 

 

Post any longs that appear !!

 

Thanks

Chuck
 

Link to post
Share on other sites
All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-21-756214247-1336522751-3168458980-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-756214247-1336522751-3168458980-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\www.exent.com/GameTreatWidget\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@doubletwist.com/NPPodcast\ deleted successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_metadata folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_TW folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_CN folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\vi folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\uk folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\tr folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\th folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sv folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sr folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sl folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sk folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ru folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ro folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_PT folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_BR folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pl folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\no folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\nl folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ms folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lv folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lt folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ko folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ja folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\it folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\id folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hu folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hr folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hi folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\he folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fr folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fil folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fi folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\eu folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\et folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es_419 folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_US folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_GB folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\el folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\de folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\da folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\cs folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ca folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\bg folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ar folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0 folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\zh-Hant folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\zh folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\vi folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\tr folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\sv folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\sr-Latn folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\sr-Cyrl folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\sr folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\ru folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\ro folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\pt-BR folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\pt folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\pl folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\nl folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\nb folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\lv folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\lt folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\ko folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\kk folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\ja folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\it folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\id folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\hu folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\fr folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\fi folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\fa folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\et folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\es-MX folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\es folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\en folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\el folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\de folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\da folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\cs folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\bg folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales\ar folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\_locales folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\plugin folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\images folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\content_scripts folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1\background folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_1 folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ednfpjleaanokkjcgljbmamhlbkddcgh\12768.4517.4046_0 folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag\1.0.1.450_0\_metadata folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag\1.0.1.450_0\_locales\en folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag\1.0.1.450_0\_locales folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag\1.0.1.450_0 folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\_locales\en folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\_locales folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\plugin folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\images folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\content_scripts folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\browser_action folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1\background folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_1 folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_metadata folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\zh_TW folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\zh_CN folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\vi folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\uk folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\tr folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\th folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sv folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sr folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sl folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sk folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ru folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ro folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pt_PT folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pt_BR folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pl folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\nl folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\nb folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\lv folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\lt folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ko folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ja folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\it folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\id folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hu folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hr folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hi folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fr folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fil folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fi folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\et folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\es_419 folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\es folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\en_GB folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\en folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\el folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\de folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\da folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\cs folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ca folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\bg folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\html folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\css folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0 folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1\_locales\en folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1\_locales folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1\plugin folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1\images folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1\background folder moved successfully.

C:\Users\winland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1 folder moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender deleted successfully.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender not found.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender deleted successfully.

Registry value HKEY_USERS\S-1-5-21-756214247-1336522751-3168458980-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BBQLeadsApplication deleted successfully.

Registry value HKEY_USERS\S-1-5-21-756214247-1336522751-3168458980-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON NX420 Series deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk moved successfully.

File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk scheduled to be moved on reboot.

C:\Users\winland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson Other Registration.lnk moved successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.

File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.

File Protocol\Handler\livecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

File Protocol\Handler\ms-help - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

File Protocol\Handler\msnim - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.

File Protocol\Handler\wlmailhtml - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.

File Protocol\Handler\wlpg - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

ADS C:\ProgramData\Temp:9D6EAEC3 deleted successfully.

ADS C:\ProgramData\Temp:98CD9221 deleted successfully.

ADS C:\ProgramData\Temp:5F1019FF deleted successfully.

ADS C:\ProgramData\Temp:E5496666 deleted successfully.

ADS C:\ProgramData\Temp:FBFC061F deleted successfully.

ADS C:\ProgramData\Temp:1663E41B deleted successfully.

========== COMMANDS ==========

 

[EMPTYJAVA]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Public

 

User: winland

->Java cache emptied: 1441054 bytes

 

Total Java Files Cleaned = 1.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Public

 

User: winland

->Flash cache emptied: 3351734 bytes

 

Total Flash Files Cleaned = 3.00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: winland

->Temp folder emptied: 63414963 bytes

->Temporary Internet Files folder emptied: 727035617 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 14158654 bytes

->Apple Safari cache emptied: 32422912 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 127447889 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42321243 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 960.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.69.0 log created on 06292015_223900

 

Files\Folders moved on Reboot...

File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found!

C:\Users\winland\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Users\winland\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

C:\Windows\temp\fb_132.lck moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...
Link to post
Share on other sites

Sweet !!!!!

 

Clean up of Malware Removal Tools

Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

    Download Delfix to your desktop and double click it to start the program here             
    Ensure Remove disinfection tools is ticked
    Also tick:
    o Create registry backup
    o Purge system restore
    o Reset system settings

    o Click Run
    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

 

 

================

 

 

 
Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Here are some tips to reduce the potential for spyware/malware infection in the future:
 
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    From within Internet Explorer click on the Tools menu and then click onOptions.
    Click once on theSecurity tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox  If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure.
NoScript

adblock plus

 
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
Online Armor Free
Agnitum Outpost Firewall Free
Comodo Firewall Free
 
5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.
 
6.WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
 
7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware .

 
Let me know how it's running ?
Any problems ?
It may run a tad slow until a few normal re-boots, but according to all logs you are clean !!

Thanks
Chuck

 

Free Antivirus AVAST >>>>>>  https://www.avast.com/index<<<< what i use( Avast FREE) & highly recommend !!

 

 

Pass along our site & my work if you are satisfied !

Feel free to post how you thought i handled you & your problem !!!!!

 

Happy Surfing !!!!!!

Link to post
Share on other sites
# DelFix v1.010 - Logfile created 29/06/2015 at 23:07:57

# Updated 26/04/2015 by Xplode

# Username : winland - WINLAND-PC

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

 

~ Removing disinfection tools ...

 

Deleted : C:\_OTL

Deleted : C:\AdwCleaner

Deleted : C:\RegBackup

Deleted : C:\Users\winland\Desktop\dds.txt

Deleted : C:\Users\winland\Desktop\JRT.txt

Deleted : C:\Users\winland\Downloads\Extras.Txt

Deleted : C:\Users\winland\Downloads\OTL.Txt

Deleted : HKLM\SOFTWARE\OldTimer Tools

Deleted : HKLM\SOFTWARE\AdwCleaner

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #388 [Windows Update | 01/11/2015 17:24:36]

Deleted : RP #390 [Windows Defender Checkpoint | 01/11/2015 17:36:34]

Deleted : RP #391 [Windows Update | 01/16/2015 23:40:32]

Deleted : RP #392 [Windows Update | 01/25/2015 20:53:27]

Deleted : RP #393 [Windows Update | 01/30/2015 23:14:06]

Deleted : RP #394 [Windows Update | 02/06/2015 02:43:34]

Deleted : RP #396 [Windows Defender Checkpoint | 02/06/2015 03:06:22]

Deleted : RP #397 [Windows Update | 03/10/2015 00:51:00]

Deleted : RP #398 [Windows Update | 03/10/2015 09:01:22]

Deleted : RP #399 [Windows Update | 03/15/2015 16:42:21]

Deleted : RP #400 [Windows Update | 03/17/2015 09:00:47]

Deleted : RP #401 [Windows Update | 03/19/2015 09:00:31]

Deleted : RP #402 [Windows Update | 03/29/2015 21:25:30]

Deleted : RP #403 [Windows Update | 05/01/2015 09:00:46]

Deleted : RP #404 [Windows Update | 05/10/2015 02:27:07]

Deleted : RP #405 [Windows Update | 05/11/2015 01:38:10]

Deleted : RP #406 [Windows Update | 05/13/2015 09:01:43]

Deleted : RP #407 [Windows Update | 05/16/2015 17:13:19]

Deleted : RP #408 [Windows Update | 06/07/2015 05:50:02]

Deleted : RP #409 [Windows Update | 06/07/2015 09:00:24]

Deleted : RP #410 [Windows Update | 06/30/2015 00:39:09]

Deleted : RP #411 [OTL Restore Point - 6/29/2015 10:41:02 PM | 06/30/2015 04:41:05]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########
Link to post
Share on other sites

That looks real good ! Have the pop-ups gone & any more problems ??

It will run a little faster after a few normal re-boots !!

 

You are Clean as far as i can see !! Congrats ! I will lock this topic in 5 days !

 

Pass along our help & web site to anyone who needs any kind of help !

 

How was my help ???

 

Happy Surfing

Thanks

Chuck

Link to post
Share on other sites

Pat if slow running is the loading/connecting to internet can be the computer itself ! If it searches & loads sites pretty fast then it's fine !

 

Watch for the new Windows 10 coming soon !! I will post when it's available but i would wait to dwnload it so they can work some bugs out !

 

Chuck

Link to post
Share on other sites
  • 2 weeks later...
Guest
This topic is now closed to further replies.