Sponsored By

nbrecke

Members
  • Content Count

    10
  • Joined

  • Last visited

About nbrecke

  • Rank
    Member
  1. # DelFix v1.011 - Logfile created 01/12/2015 at 10:32:17 # Updated 18/08/2015 by Xplode # Username : kcclick - KC-PC # Operating System : Windows 8 (64 bits) ~ Removing disinfection tools ... Deleted : C:\_OTL Deleted : C:\AdwCleaner Deleted : C:\Users\kcclick\Desktop\adwcleaner_5.022.exe Deleted : C:\Users\kcclick\Desktop\DDS Log.txt Deleted : C:\Users\kcclick\Desktop\dds.txt Deleted : C:\Users\kcclick\Desktop\Extras.Txt Deleted : C:\Users\kcclick\Desktop\JRT.exe Deleted : C:\Users\kcclick\Desktop\JRT.txt Deleted : C:\Users\kcclick\Desktop\OTL.Txt Deleted : HKLM\SOFTWARE\AdwCleaner ########## - EOF - ##########
  2. I believe I have finished all of the steps. I still have all of those logs open on my taskbar I was not sure if it was ok to exit them out yet and was not sure if there was more I needed to do. my computer is doing great though I definitely appreciate the help. Let me know what else I need to do when you have the time thank you
  3. OTL Extras logfile created on: 11/29/2015 5:09:19 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kcclick\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16599) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.46 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 37.62% Memory free 6.71 Gb Paging File | 4.07 Gb Available in Paging File | 60.56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 271.42 Gb Total Space | 175.79 Gb Free Space | 64.77% Space Free | Partition Type: NTFSOTL logfile created on: 11/29/2015 5:09:19 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kcclick\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16599) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.46 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 37.62% Memory free 6.71 Gb Paging File | 4.07 Gb Available in Paging File | 60.56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 271.42 Gb Total Space | 175.79 Gb Free Space | 64.77% Space Free | Partition Type: NTFS Drive D: | 25.46 Gb Total Space | 2.58 Gb Free Space | 10.12% Space Free | Partition Type: NTFS Computer Name: KC-PC | User Name: kcclick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015/11/29 05:06:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kcclick\Desktop\OTL.scr PRC - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2015/10/05 09:48:44 | 001,513,784 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2015/10/05 09:48:42 | 001,947,960 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe PRC - [2015/10/05 09:48:34 | 009,832,760 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe PRC - [2013/04/11 16:23:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe PRC - [2012/07/25 20:20:44 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe PRC - [2012/06/14 13:46:42 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe ========== Modules (No Company Name) ========== MOD - [2012/05/29 23:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\wincfi39.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/09/26 07:33:22 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013/09/26 07:33:21 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2013/09/26 07:26:21 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2013/09/26 07:18:10 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013/09/26 07:18:10 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013/07/16 21:00:43 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013/07/16 21:00:42 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2013/07/16 20:46:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013/07/16 20:00:44 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2013/07/16 19:59:59 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2013/06/20 16:12:32 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2013/06/20 03:53:56 | 000,103,424 | ---- | M] () [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe -- (AdaptiveSleepService) SRV:64bit: - [2013/06/20 03:53:04 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2013/05/10 14:16:10 | 000,224,840 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService) SRV:64bit: - [2013/03/01 16:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2012/12/07 08:05:16 | 001,854,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc) SRV:64bit: - [2012/07/25 20:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012/07/25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012/07/25 20:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012/07/25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012/07/25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012/07/25 20:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2015/10/05 09:48:44 | 001,513,784 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/04/11 16:23:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC) SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2012/07/25 20:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012/07/25 20:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2012/07/25 20:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2012/06/14 13:46:42 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe -- (NIS) SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2015/11/29 03:07:42 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV:64bit: - [2015/10/05 09:50:22 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mwac.sys -- (MBAMWebAccessControl) DRV:64bit: - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/09/26 08:09:45 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013/09/26 07:33:21 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013/09/26 07:33:21 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013/09/26 07:33:21 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2013/09/26 07:18:10 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013/09/26 07:18:10 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013/09/26 07:18:10 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013/09/26 07:18:10 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013/09/26 07:18:10 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013/07/16 21:10:44 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2013/07/16 21:10:44 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013/07/16 21:00:42 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013/07/16 20:48:52 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2013/07/16 20:46:14 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013/07/16 20:46:14 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013/07/16 20:41:46 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2013/07/16 20:30:07 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2013/07/16 20:30:06 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2013/07/16 20:04:37 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2013/07/16 19:59:52 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2013/07/16 19:59:51 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2013/07/16 19:59:51 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2013/06/20 17:18:08 | 011,661,312 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013/06/20 15:46:26 | 000,581,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013/04/24 02:16:22 | 000,495,856 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2013/04/24 02:16:20 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2013/04/24 02:16:18 | 000,029,424 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv) DRV:64bit: - [2013/04/23 20:38:24 | 000,098,744 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService) DRV:64bit: - [2013/04/09 23:06:12 | 001,552,456 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTWlanE) DRV:64bit: - [2013/03/28 17:13:10 | 000,288,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR) DRV:64bit: - [2013/03/14 18:46:06 | 000,792,648 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2013/03/01 16:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2013/03/01 16:40:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2013/02/08 07:45:32 | 000,017,504 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmdAS4.sys -- (AmdAS4) DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/11/30 15:31:02 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2012/11/30 15:31:00 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2012/08/31 09:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver) DRV:64bit: - [2012/08/28 21:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012/07/25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012/07/25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012/07/25 21:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012/07/25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/07/25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/07/25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012/07/25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012/07/25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012/06/20 14:27:30 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\SymELAM.sys -- (SymELAM) DRV:64bit: - [2012/06/02 07:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012/06/02 07:31:54 | 001,737,760 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2012/05/25 08:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\ccSetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012/05/24 17:23:10 | 000,485,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\SymDS64.sys -- (SymDS) DRV:64bit: - [2012/05/24 17:01:16 | 000,222,368 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\Ironx64.sys -- (SymIRON) DRV:64bit: - [2012/05/24 16:54:58 | 000,753,312 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012/05/21 10:25:20 | 001,129,120 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\SymEFA64.sys -- (SymEFA) DRV:64bit: - [2012/05/09 11:04:26 | 000,431,224 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\symnets.sys -- (SymNetS) DRV:64bit: - [2012/01/11 11:11:54 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\srtspx64.sys -- (SRTSPX) DRV - [2015/11/27 20:59:02 | 000,498,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2015/11/27 20:59:02 | 000,157,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2015/11/27 20:59:02 | 000,138,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20151127.022\eng64.sys -- (NAVENG) DRV - [2015/11/27 20:59:01 | 002,148,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20151127.022\ex64.sys -- (NAVEX15) DRV - [2015/11/26 10:00:20 | 000,767,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20151126.001\IDSviA64.sys -- (IDSVia64) DRV - [2015/11/13 15:44:10 | 001,665,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20151113.001\BHDrvx64.sys -- (BHDrvx64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{E240D9A9-C6CD-4DAA-ACCC-A226F9060FD4}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2522190925-4094293654-1769919326-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE - HKU\S-1-5-21-2522190925-4094293654-1769919326-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 IE - HKU\S-1-5-21-2522190925-4094293654-1769919326-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2522190925-4094293654-1769919326-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE - HKU\S-1-5-21-2522190925-4094293654-1769919326-1002\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKU\S-1-5-21-2522190925-4094293654-1769919326-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.72.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.72.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ [2015/11/27 17:38:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2015/11/28 23:18:26 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\ CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\ CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\ CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_1\ CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.12.30_0\ CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\ CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O1 HOSTS File: ([2012/07/25 22:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\CoIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-2522190925-4094293654-1769919326-1002\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\CoIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\RunOnce: [symSilent] C:\Program Files (x86)\SymSilent\SymSilent.exe (Symantec Corporation) O4 - Startup: C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7629888B-0364-4DC9-A817-1C786D1B49C7}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{871B7713-55C3-4148-AB03-2AD632979987}: DhcpNameServer = 100.100.23.24 O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015/11/29 05:06:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\kcclick\Desktop\OTL.scr [2015/11/29 04:17:03 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\kcclick\Desktop\dds.scr [2015/11/29 03:05:05 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys [2015/11/29 02:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2015/11/29 02:15:48 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys [2015/11/29 02:15:48 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys [2015/11/29 02:15:48 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys [2015/11/29 02:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2015/11/29 02:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2015/11/29 02:14:52 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Programs [2015/11/29 02:13:56 | 022,908,888 | ---- | C] (Malwarebytes ) -- C:\Users\kcclick\Desktop\mbam-setup-2.2.0.1024.exe [2015/11/28 23:53:05 | 001,599,336 | ---- | C] (Malwarebytes) -- C:\Users\kcclick\Desktop\JRT.exe [2015/11/28 22:56:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2015/11/28 12:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2015/11/28 12:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Rocket [2015/11/28 12:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2015/11/28 12:24:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2015/11/28 12:24:33 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe [2015/11/28 12:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2015/11/28 12:23:42 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe [2015/11/28 12:23:42 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll [2015/11/28 12:23:41 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe [2015/11/28 12:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2015/11/28 12:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2015/11/28 12:09:11 | 029,471,144 | ---- | C] (Oracle Corporation) -- C:\Users\kcclick\Desktop\jre-7u51-windows-i586.exe [2015/11/28 12:09:06 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Roaming\MP3Rocket [2015/11/28 12:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2015/11/28 12:02:45 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Google [2015/11/28 12:01:56 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Deployment [2015/11/28 12:01:56 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Apps [2015/11/28 00:08:24 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Roaming\Macromedia [2015/11/28 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Roaming\Apple Computer [2015/11/28 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Apple Computer [2015/11/28 00:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2015/11/28 00:02:13 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys [2015/11/28 00:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2015/11/28 00:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2015/11/28 00:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2015/11/28 00:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2015/11/28 00:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2015/11/27 23:58:19 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Apple [2015/11/27 23:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2015/11/27 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2015/11/27 23:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2015/11/27 23:51:50 | 000,000,000 | ---D | C] -- C:\Users\kcclick\Documents\OneNote Notebooks [2015/11/27 21:39:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll [2015/11/27 21:39:29 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll [2015/11/27 21:39:29 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll [2015/11/27 21:39:29 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wups.dll [2015/11/27 21:39:27 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll [2015/11/27 21:39:27 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll [2015/11/27 21:39:25 | 000,253,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll [2015/11/27 21:39:25 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe [2015/11/27 21:39:22 | 000,773,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll [2015/11/27 21:39:22 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll [2015/11/27 21:39:21 | 001,623,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll [2015/11/27 21:38:58 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll [2015/11/27 21:38:58 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll [2015/11/27 21:38:58 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe [2015/11/27 21:38:58 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe [2015/11/27 21:34:21 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Roaming\hpqlog [2015/11/27 18:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2015/11/27 17:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2015/11/27 17:56:09 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Roaming\Hewlett-Packard [2015/11/27 17:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15 [2015/11/27 17:51:07 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\AMD [2015/11/27 17:47:40 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Roaming\ATI [2015/11/27 17:47:40 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\ATI [2015/11/27 17:46:37 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Hewlett-Packard [2015/11/27 17:45:53 | 000,000,000 | R--D | C] -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2015/11/27 17:45:53 | 000,000,000 | R--D | C] -- C:\Users\kcclick\Searches [2015/11/27 17:45:53 | 000,000,000 | R--D | C] -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2015/11/27 17:45:53 | 000,000,000 | -H-D | C] -- C:\Users\kcclick\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2015/11/27 17:45:39 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Roaming\Adobe [2015/11/27 17:45:10 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services [2015/11/27 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\VirtualStore [2015/11/27 17:41:58 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Roaming\Synaptics [2015/11/27 17:41:43 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information [2015/11/27 17:41:42 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Packages [2015/11/27 17:37:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2015/11/27 00:32:18 | 000,000,000 | ---D | C] -- C:\Windows.old [2015/11/27 00:03:39 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT [2015/11/26 23:59:49 | 000,000,000 | -H-D | C] -- C:\$SysReset [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\AppData\Local\Temporary Internet Files [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\Templates [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\Start Menu [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\SendTo [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\Recent [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\PrintHood [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\NetHood [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\Documents\My Videos [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\Documents\My Pictures [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\Documents\My Music [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\My Documents [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\Local Settings [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\AppData\Local\History [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\Cookies [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\Application Data [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\AppData\Local\Application Data [2015/11/26 23:47:09 | 000,000,000 | --SD | C] -- C:\Users\kcclick\AppData\Roaming\Microsoft [2015/11/26 23:47:09 | 000,000,000 | R--D | C] -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2015/11/26 23:47:09 | 000,000,000 | R--D | C] -- C:\Users\kcclick\Links [2015/11/26 23:47:09 | 000,000,000 | R--D | C] -- C:\Users\kcclick\Favorites [2015/11/26 23:47:09 | 000,000,000 | R--D | C] -- C:\Users\kcclick\Documents [2015/11/26 23:47:09 | 000,000,000 | R--D | C] -- C:\Users\kcclick\Desktop [2015/11/26 23:47:09 | 000,000,000 | R--D | C] -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2015/11/26 23:47:09 | 000,000,000 | R--D | C] -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2015/11/26 23:47:09 | 000,000,000 | -H-D | C] -- C:\Users\kcclick\Documents\hp.system.package.metadata [2015/11/26 23:47:09 | 000,000,000 | -H-D | C] -- C:\Users\kcclick\AppData [2015/11/26 23:47:09 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Temp [2015/11/26 23:47:09 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Microsoft [2015/11/26 23:47:09 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance ========== Files - Modified Within 30 Days ========== [2015/11/29 05:08:55 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2015/11/29 05:06:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kcclick\Desktop\OTL.scr [2015/11/29 04:17:09 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\kcclick\Desktop\dds.scr [2015/11/29 03:07:42 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys [2015/11/29 03:03:27 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2015/11/29 02:26:05 | 000,065,536 | ---- | M] () -- C:\WINDOWS\SysNative\spu_storage.bin [2015/11/29 02:15:59 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2015/11/29 02:14:01 | 022,908,888 | ---- | M] (Malwarebytes ) -- C:\Users\kcclick\Desktop\mbam-setup-2.2.0.1024.exe [2015/11/28 23:53:06 | 001,599,336 | ---- | M] (Malwarebytes) -- C:\Users\kcclick\Desktop\JRT.exe [2015/11/28 23:21:00 | 000,002,290 | ---- | M] () -- C:\Users\kcclick\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2015/11/28 23:20:45 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2015/11/28 23:20:12 | 000,941,050 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2015/11/28 23:20:12 | 000,783,894 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2015/11/28 23:20:12 | 000,158,368 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2015/11/28 23:15:24 | 000,432,288 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2015/11/28 23:14:43 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2015/11/28 23:14:42 | 2974,810,112 | -HS- | M] () -- C:\hiberfil.sys [2015/11/28 22:55:16 | 001,733,632 | ---- | M] () -- C:\Users\kcclick\Desktop\adwcleaner_5.022.exe [2015/11/28 12:24:52 | 000,001,141 | ---- | M] () -- C:\Users\kcclick\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.4.6.lnk [2015/11/28 12:23:18 | 000,002,266 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2015/11/28 12:23:09 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll [2015/11/28 12:23:08 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe [2015/11/28 12:23:08 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe [2015/11/28 12:23:08 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe [2015/11/28 12:22:28 | 029,471,144 | ---- | M] (Oracle Corporation) -- C:\Users\kcclick\Desktop\jre-7u51-windows-i586.exe [2015/11/28 00:02:18 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2015/11/27 23:52:14 | 000,001,102 | ---- | M] () -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015/11/27 18:01:34 | 000,002,408 | ---- | M] () -- C:\Users\kcclick\Desktop\Word 2013.lnk [2015/11/27 18:01:12 | 000,002,350 | ---- | M] () -- C:\Users\kcclick\Desktop\OneNote 2013.lnk [2015/11/27 17:48:57 | 000,001,435 | ---- | M] () -- C:\Users\kcclick\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2015/11/27 17:45:30 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\HP Games.lnk [2015/11/26 23:50:10 | 000,017,148 | ---- | M] () -- C:\WINDOWS\diagwrn.xml [2015/11/26 23:50:09 | 000,017,148 | ---- | M] () -- C:\WINDOWS\diagerr.xml ========== Files Created - No Company Name ========== [2015/11/29 02:15:59 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2015/11/28 22:55:15 | 001,733,632 | ---- | C] () -- C:\Users\kcclick\Desktop\adwcleaner_5.022.exe [2015/11/28 12:24:51 | 000,001,141 | ---- | C] () -- C:\Users\kcclick\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.4.6.lnk [2015/11/28 12:23:18 | 000,002,290 | ---- | C] () -- C:\Users\kcclick\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2015/11/28 12:23:18 | 000,002,266 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2015/11/28 12:03:04 | 000,000,912 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2015/11/28 12:03:02 | 000,000,908 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2015/11/28 11:52:58 | 000,001,034 | ---- | C] () -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 Rocket-Installer.lnk [2015/11/28 00:02:17 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2015/11/27 23:58:12 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2015/11/27 23:52:13 | 000,001,102 | ---- | C] () -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015/11/27 17:57:04 | 000,002,408 | ---- | C] () -- C:\Users\kcclick\Desktop\Word 2013.lnk [2015/11/27 17:57:02 | 000,002,350 | ---- | C] () -- C:\Users\kcclick\Desktop\OneNote 2013.lnk [2015/11/27 17:48:57 | 000,001,435 | ---- | C] () -- C:\Users\kcclick\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2015/11/27 17:45:39 | 000,001,441 | ---- | C] () -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2015/11/26 23:47:11 | 000,002,171 | ---- | C] () -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk [2015/11/26 23:47:11 | 000,000,352 | ---- | C] () -- C:\Users\kcclick\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2015/11/26 23:47:11 | 000,000,334 | ---- | C] () -- C:\Users\kcclick\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2015/11/26 23:46:49 | 000,017,148 | ---- | C] () -- C:\WINDOWS\diagwrn.xml [2015/11/26 23:46:49 | 000,017,148 | ---- | C] () -- C:\WINDOWS\diagerr.xml ========== ZeroAccess Check ========== [2013/07/16 21:21:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/09/26 07:10:47 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/09/26 07:10:46 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/09/26 07:11:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Synaptics [2015/11/28 13:08:12 | 000,000,000 | ---D | M] -- C:\Users\kcclick\AppData\Roaming\MP3Rocket [2015/11/27 17:41:58 | 000,000,000 | ---D | M] -- C:\Users\kcclick\AppData\Roaming\Synaptics ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 220 bytes -> C:\Users\kcclick\OneDrive:ms-properties < End of report > Drive D: | 25.46 Gb Total Space | 2.58 Gb Free Space | 10.12% Space Free | Partition Type: NTFS Computer Name: KC-PC | User Name: kcclick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2522190925-4094293654-1769919326-1002\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{108C17E7-73E0-4761-802E-F973EAFE41EF}" = lport=138 | protocol=17 | dir=in | app=system | "{10DCE9DD-2FBF-4E82-9590-6BE1C8FA173A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{185E3753-2613-4D3A-82A8-C8C1500AECBE}" = rport=445 | protocol=6 | dir=out | app=system | "{1EE30E78-539F-4DF3-A164-CB7E8BC52D2A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2566BD1C-6011-4F01-83F9-F27CF40A3E92}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{35D0D35D-422D-4EB6-9B44-9FC68BC4FCC8}" = rport=137 | protocol=17 | dir=out | app=system | "{3D21E68D-6367-4895-B8AF-94AB5C7154C3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{4B123E43-583C-4A25-A6C5-5A05B1A0F091}" = lport=2869 | protocol=6 | dir=in | app=system | "{5D226C7C-428F-4B76-928E-8D4F02112AFD}" = rport=139 | protocol=6 | dir=out | app=system | "{5FDA17BE-47C0-4FBB-8CCC-4BBBE96CB1AC}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{60C58B3A-7D60-476A-9101-C19B85CB1D50}" = lport=445 | protocol=6 | dir=in | app=system | "{6260F441-25C3-4AD0-93FD-92A388ECC759}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7ADAAC3B-22C5-4853-A359-0C1C5D4A714D}" = rport=138 | protocol=17 | dir=out | app=system | "{7B46D673-4486-4EB8-A43A-B7118F31DC62}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{874A39F8-D683-4070-A596-96907813CDF3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | "{8D834398-AEB6-4F9F-BC0A-4D044BE73819}" = lport=139 | protocol=6 | dir=in | app=system | "{A070D175-8E21-4DFA-91B7-6E342E6F34C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{AC9E9AF8-05F6-458F-99AB-F550ACF2332C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B0211FBA-43D9-415B-9776-35F3B31C0B06}" = rport=10243 | protocol=6 | dir=out | app=system | "{B1721C06-3FF8-4D15-B5EB-8A2A0B71B750}" = lport=10243 | protocol=6 | dir=in | app=system | "{B219F42A-66EB-43F4-8D74-EB44C733416E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B6CB2E03-9218-41BF-864B-8444166E68CD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B837386C-BB57-431F-935A-D389800140F2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D996D094-00EB-4D05-9BBE-DB0CDD069058}" = lport=137 | protocol=17 | dir=in | app=system | "{E335B553-87F8-4DC4-A2B0-C374F2B462DA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01DE9B0B-3604-4DFB-B774-D07ABA836FBB}" = dir=out | [email protected]{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{05A911B1-2467-4B71-8AE6-1F455686E07C}" = dir=in | name=savings center featured offers | "{090CA854-F110-496D-93C5-8121D28F2A6A}" = dir=out | name=wordament | "{0D0E6478-08CF-4C6B-BB39-D53A5F6075E3}" = dir=out | name=taptiles | "{0F811B79-6267-4906-A190-6FA5553E11E0}" = dir=in | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe | "{14C32865-DB8A-4271-84D6-BAC3CF7ABCA1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1538D038-A679-4271-A740-AE2DD41B8C32}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{16B42ECD-B599-4822-9CBB-2F6A2A5C8A11}" = dir=out | [email protected]{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 | "{1C06AD2C-1E9F-4A9F-B78E-2A42AFF6F55E}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe | "{1DB5B235-972A-41BD-8171-CCE2EEAF0876}" = dir=out | name=savings center featured offers | "{22FA7035-1DF6-4EC5-A002-AA9ECC4082E6}" = dir=out | [email protected]{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | "{24B81EB7-8653-4267-BFD9-242BFC9DFD49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{24BAA55F-BA3B-4337-9B2E-8FA43A3A3443}" = dir=out | name=fresh paint | "{291E86E9-241C-4500-8044-78CD0736AC87}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{29218823-BCBB-438B-9F78-1EABC01B9696}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2BABA2E6-DBFB-45CE-A5ED-D1EEB32ED9EF}" = dir=out | [email protected]{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{2C40EA70-28A5-429B-A7C6-86EE7AEDFEED}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{31F1F30F-82B1-4EBD-9A47-4E71DE8C5EEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{39FC369A-B9F9-4B05-AD58-D48F207CDBB9}" = dir=out | name=hp connected photo powered by snapfish | "{3C1AD3D3-C674-4B22-97E9-5029C8BB9196}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3E44B783-1A0D-4C86-A0C1-762A86FAA27F}" = dir=out | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe | "{42949D1D-B54E-4418-AAE5-9DBA600FCB47}" = protocol=58 | dir=in | [email protected],-28545 | "{46577969-D6DA-4542-A11E-04C4FD4968D5}" = protocol=1 | dir=in | [email protected],-28543 | "{4927AAA6-4774-4E50-81E7-AA5CD367BF2E}" = dir=in | [email protected]{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{4BBD33AD-F7E6-4656-814E-7B2AB2C57681}" = dir=out | name=ebay | "{4CD98F73-6B64-4597-849A-C8CE6E7AC130}" = dir=out | name=hp games | "{5067901C-27AB-4A82-A107-AE2D4F83AE5B}" = dir=out | [email protected]{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{55003179-988E-4F48-AA20-44AE62919038}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5588C8BA-BF8E-4CD0-A3B1-A6D81B3ECB55}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{5BD3C812-B80E-45E3-8C2C-C05459473308}" = dir=out | name=microsoft mahjong | "{5F386813-296E-4BB7-8E0E-D1E504CA7547}" = dir=out | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe | "{60C60A7D-5CE4-4CD1-9D98-AAE83C0E8A10}" = dir=out | [email protected]{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{6170D96B-4EF7-4661-92C5-77E3AE1AC5BB}" = dir=out | [email protected]{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{6B1484B9-6DDF-49C4-B3B3-7FB52F3C372B}" = dir=in | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe | "{717ACD8C-7010-48A1-B354-5422D83E90F3}" = dir=out | [email protected]{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{7A8FC908-D1F7-4030-83A6-B42DF615F040}" = dir=in | [email protected]{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | "{7DBDB513-9E99-4F93-9762-0CCBB9394B14}" = dir=out | name=netflix | "{7F3C6AD6-1EF0-4D29-AE82-31BE19629D2D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{895B9661-C369-4C99-AB8E-BEF24F0D1CF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8A481BED-C621-4252-9FBC-CA4BDBFED745}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{918EBE2B-FA8D-47DD-BF99-5B15282AA686}" = dir=out | [email protected]{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{94D74BA3-D00A-464C-B8EC-37FD125185FB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9B1B1758-359B-48DF-B674-C9E25DE1F3DD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A1491B12-9D97-4D3B-BBAA-184C8895D0D2}" = protocol=1 | dir=out | [email protected],-28544 | "{A213C07E-3576-47EA-8A47-8B6C02B8F85E}" = dir=in | name=ebay | "{A3CF74CB-025A-4253-85E3-6C4619A6D554}" = dir=out | [email protected]{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{A54B963B-34FA-4101-8B71-8DAB82877453}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A8010AD4-11A4-41D5-81A6-902263115074}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe | "{A810C2FB-29A8-4F2B-A21F-56B5858604E1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{AA1DD7CD-13A1-4C1B-84C5-36B29D90F090}" = dir=out | name=getting started with windows 8 | "{AADDCA70-37B0-4B09-B242-84A26F355FDF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AB8C0FFC-32A9-40A8-B789-8ECAF2086A75}" = protocol=6 | dir=out | app=system | "{ABB93CE7-A8AA-43AE-B136-01E962108F76}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AD6E0FBF-E8E7-4093-BF14-474028A41E30}" = dir=in | name=hp connected photo powered by snapfish | "{B91B6C68-6A54-461A-8BEB-FBACD53F31BB}" = dir=out | [email protected]{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{BE21880B-78EA-4A48-931E-C01770C83BDC}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{C00AF349-6A23-451B-B1C8-918D5DF11A3D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{C08BA873-D5AC-44ED-B836-728E1A1FC12A}" = dir=in | name=hp+ | "{D31AE96F-A330-48FC-97A7-39B0782C5E65}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{DA78FCF9-EBE5-47D9-89EB-AEB5DAD0A5DB}" = dir=out | name=hp+ | "{DBAA21D0-2098-416F-8B9B-1BC78E5AA148}" = dir=out | name=microsoft solitaire collection | "{DC5836CF-6B3D-473D-932D-24B106E66448}" = dir=out | [email protected]{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{DC633BE7-A8C3-4201-BA56-FBA04F6C89D9}" = dir=out | name=norton studio | "{DFB0665E-E712-4068-B4ED-A8246EE3974B}" = dir=out | name=kindle | "{E00B1EE5-840B-47DA-86CE-47A8EBBA6A04}" = dir=out | name=box | "{E3B67158-A680-419E-AF65-F19AB4CAB3FD}" = dir=out | name=hp registration | "{E7188FDB-A0E7-4C06-AA88-E37275BEFC1C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{EA34F23A-CB8B-448E-9166-6FA690F6B25F}" = dir=in | name=box | "{ED9F1975-4C11-49FD-9044-9D479CDD9A09}" = dir=out | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe | "{F63776D8-59F3-496A-97B8-212FBE189698}" = dir=out | [email protected]{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{F72ECE8E-6652-4112-B736-752E905F8F74}" = dir=out | name=youcam for hp | "{FB6A32D6-32B9-4C97-9464-3FE5EADB9E4A}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{FC88A156-2532-418D-B952-EE987FF0AFF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FF5DEEB9-D724-4A67-9554-62E81BDD7DF0}" = dir=in | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe | "{FF60AE30-B2E9-4B72-AC32-A3A2BB320FE0}" = protocol=58 | dir=out | [email protected],-28546 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{13487447-8399-6D86-284D-8B922CDD2AEF}" = AMD Start Now "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{2AFEFC93-F0C7-4390-BB51-F914EC546B30}" = HP Utility Center "{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support "{3595CF58-8BB2-48E9-DFD6-1460AD37B5CD}" = AMD Fuel "{399CF2C5-569E-98B2-8823-073041A3F9F5}" = AMD Catalyst Install Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component "{9413F581-6B8F-63D1-AF5A-AD4CC17405D4}" = ccc-utility64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9955594A-BBEC-6C52-DAA6-BEB0FEA4C952}" = AMD Accelerated Video Transcoding "{A04DCB25-7040-4935-A30D-8E0A893ABF2D}" = iTunes "{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 "{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 "{D1E8F2D7-7794-4245-B286-87ED86C1893C}" = HP Registration Service "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "O365HomePremRetail - en-us" = Microsoft Office 365 Home Premium - en-us "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0382CD5B-85CE-C3A0-B1D6-C39B023218AD}" = CCC Help Korean "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{10D11B1C-ABD4-40E4-45C9-96573852AD76}" = Catalyst Control Center - Branding "{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}" = HP CoolSense "{12582DD1-3893-4C24-8D0A-F605EB096003}" = HP Recovery Manager "{150E8099-529B-9DBE-3FDF-BDD8DB136295}" = CCC Help Japanese "{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F03217072FF}" = Java 7 Update 72 "{282C39E7-7553-E545-95E5-4EDB02635CFA}" = CCC Help Russian "{2F4B62EF-B5D3-425F-E13C-2FB294FE6BE0}" = CCC Help Swedish "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{39337565-330E-4ab6-A9AE-AC81E0720B10}" = Cyberlink PhotoDirector "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{59C405A7-9264-A6F0-FDED-1C8605601821}" = CCC Help Chinese Traditional "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker "{5DF8FD56-ED1C-EDAF-4D66-77B1D6871100}" = CCC Help German "{6003A960-04E4-59CE-29D7-D9159AAB9DEB}" = Catalyst Control Center InstallProxy "{601C09D4-BF57-E432-C354-274DA5AA19B1}" = CCC Help Finnish "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6500D9AC-994E-C3A7-C467-ECACFFD692EC}" = CCC Help Turkish "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6E2E1F29-A4EF-CFC1-D0C2-D8790D868C7B}" = CCC Help Hungarian "{6E8009FC-F085-C8F4-A5FC-677E13B3F1BC}" = CCC Help Spanish "{6E911CA1-BBF7-838A-DEF2-761D0421A92B}" = CCC Help Thai "{6EC9C50D-7F1F-0465-F4E5-378EDC17FCC5}" = Catalyst Control Center Localization All "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}" = OEM Application Profile "{744D6F43-B97D-2437-8C80-4EEDAE206F28}" = CCC Help Danish "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84D3B128-9631-D57E-7B22-A349223E65F8}" = AMD VISION Engine Control Center "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component "{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component "{90EB00F7-A0D2-419B-82DE-59AADCA11790}" = HP System Event Utility "{92D6563B-F3CE-5CE7-57BE-4B40612AB028}" = CCC Help Italian "{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver "{950B9201-3D85-346B-8F1B-54F982F75D48}" = CCC Help French "{95813DD1-FCD0-810C-9C5D-79002BC55882}" = CCC Help Polish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom "{9DFB5B15-718C-8A62-B8A7-7E2C25DA7A18}" = Catalyst Control Center Graphics Previews Common "{9F901612-E86F-11BA-CA3D-7252E9BD1F8E}" = CCC Help Czech "{A5107464-AA9B-4177-8129-5FF2F42DD322}" = REALTEK Wireless LAN Driver "{A9C7F4B6-D277-872E-49A7-DB65831C2759}" = CCC Help Greek "{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}" = HP 3D DriveGuard "{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10 "{B60AEFAD-EEB2-0729-C7F2-A396A4308940}" = CCC Help Norwegian "{B60D03A2-C738-6250-DBE0-909F719D372E}" = CCC Help Dutch "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common "{DDFDEE9C-96F4-DCEC-85C1-69FEEF25D348}" = CCC Help English "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EB6440BE-7CD5-BF13-A3DB-FF647A3F9574}" = CCC Help Portuguese "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant "{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}" = Realtek Card Reader "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F85D8DF0-2603-53BF-2CDF-9BC0666BC60A}" = CCC Help Chinese Standard "{F86C62DC-1600-426B-981C-F398EF7CCB24}" = HP Documentation "{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Google Chrome" = Google Chrome "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = Cyberlink PhotoDirector "InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10 "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.0.1024 "MP3 Rocket" = MP3 Rocket "NIS" = Norton Internet Security "StartHPConnectedMusic" = HP Connected Music (Meridian - installer) "WildTangent wildgames Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials "WTA-003f4549-3c82-4d77-a495-d6e42ec0b5c3" = Jewel Match 3 "WTA-0dee7e6b-04bb-4a18-83ba-0bf9731f750a" = 4 Elements II "WTA-1f9736f7-e659-4552-85f7-a5a825f6a676" = Luxor Evolved "WTA-2f1e502c-8bf6-49ea-8a2c-043c5808fcea" = Azteca "WTA-302b3225-87a3-4e78-973e-f864a7a68be0" = Cradle of Rome 2 "WTA-3d025fcb-b3c5-4554-bdd3-f9df8d71d744" = Delicious: Emily's Childhood Memories Premium Edition "WTA-3fdf1781-a8e9-47c7-a553-a53d1dc740cc" = Peggle Nights "WTA-440a0624-09e0-42a9-a702-9c0912c7d45c" = Curse at Twilight "WTA-4689c1e6-cfcd-4b3a-87d7-59857a1a0bb0" = Zuma's Revenge "WTA-4e95b9c1-7886-4d05-97db-62e037b5e171" = House of 1000 Doors: Family Secrets "WTA-5d31632f-1b64-44f1-85b1-25fe6888a6b6" = Youda Jewel Shop "WTA-68e8bd2e-4f65-40a9-9ef9-1eb1ef6186f0" = Bounce Symphony "WTA-730aea6e-01f2-4b1d-bd84-566263d1ccd1" = Royal Envoy 2 Collector's Edition "WTA-7494c04c-0142-4fdc-9437-3a24b671745e" = Governor of Poker 2 Premium Edition "WTA-924f9103-03bb-41ad-9b4f-1f1a0f06afb3" = Polar Bowler "WTA-9accda0d-ba36-4023-8743-aed48c7aeb79" = Farm Frenzy "WTA-a6fe1221-d60d-4758-9d13-8180582d70ba" = Airport Mania "WTA-ac2aeda6-8676-4d26-9897-da9af70be0b3" = Cradle Of Egypt Collector's Edition "WTA-b1eafe32-d5ee-4f18-be48-a4fc80dff0b2" = Tales of Lagoona "WTA-b30f9057-1ba9-45cd-bf1f-323f61ae4615" = Mahjongg Dimensions Deluxe: Tiles in Time "WTA-c5a50a44-d669-4e04-9ebd-293a1e3cab5b" = Mah Jong Medley "WTA-d281efa6-6367-4156-a237-444a1b6bb9ec" = Roads of Rome 3 "WTA-d6b10bdb-cb16-4919-b0ef-0e69f10abec2" = Plants vs. Zombies - Game of the Year "WTA-e3087327-d3f2-4c66-a54b-526fa5f1fca9" = Build-a-lot "WTA-e3dddf1f-dd75-4c17-a54e-bcb4ea522717" = Mystery P.I. - Curious Case of Counterfeit Cove "WTA-e6db2296-66a6-4299-8579-dc3ee9d7bfb0" = Vacation Questâ„¢ - Australia "WTA-f3d129ee-7bbb-4b9f-9dbc-e41b0aced18d" = Bejeweled 3 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2522190925-4094293654-1769919326-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "SkyDriveSetup.exe" = Microsoft SkyDrive ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/28/2015 7:38:54 PM | Computer Name = KC-pc | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/28/2015 7:38:54 PM | Computer Name = KC-pc | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 13291 Error - 11/28/2015 7:38:54 PM | Computer Name = KC-pc | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 13291 Error - 11/29/2015 1:34:29 AM | Computer Name = KC-pc | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/29/2015 1:34:29 AM | Computer Name = KC-pc | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 21341014 Error - 11/29/2015 1:34:29 AM | Computer Name = KC-pc | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 21341014 Error - 11/29/2015 1:34:31 AM | Computer Name = KC-pc | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/29/2015 1:34:31 AM | Computer Name = KC-pc | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 21342418 Error - 11/29/2015 1:34:31 AM | Computer Name = KC-pc | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 21342418 Error - 11/29/2015 5:08:16 AM | Computer Name = KC-pc | Source = ESENT | ID = 489 Description = taskhostex (5244) An attempt to open the file "C:\Users\kcclick\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). [ System Events ] Error - 11/29/2015 2:10:46 AM | Computer Name = KC-pc | Source = Service Control Manager | ID = 7031 Description = The Microsoft Office Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 11/29/2015 2:10:47 AM | Computer Name = KC-pc | Source = Service Control Manager | ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 11/29/2015 2:10:47 AM | Computer Name = KC-pc | Source = Service Control Manager | ID = 7034 Description = The iPod Service service terminated unexpectedly. It has done this 1 time(s). Error - 11/29/2015 2:10:47 AM | Computer Name = KC-pc | Source = Service Control Manager | ID = 7031 Description = The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 11/29/2015 2:10:47 AM | Computer Name = KC-pc | Source = Service Control Manager | ID = 7031 Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 11/29/2015 2:11:17 AM | Computer Name = KC-pc | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056 Error - 11/29/2015 2:11:31 AM | Computer Name = KC-pc | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003 Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error - 11/29/2015 2:13:33 AM | Computer Name = KC-pc | Source = Service Control Manager | ID = 7043 Description = The Windows Update service did not shut down properly after receiving a preshutdown control. Error - 11/29/2015 2:13:49 AM | Computer Name = KC-pc | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003 Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error - 11/29/2015 2:13:49 AM | Computer Name = KC-pc | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003 Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\Rtlihvs.dll < End of report >
  4. OTL logfile created on: 11/29/2015 5:09:19 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kcclick\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16599) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.46 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 37.62% Memory free 6.71 Gb Paging File | 4.07 Gb Available in Paging File | 60.56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 271.42 Gb Total Space | 175.79 Gb Free Space | 64.77% Space Free | Partition Type: NTFS Drive D: | 25.46 Gb Total Space | 2.58 Gb Free Space | 10.12% Space Free | Partition Type: NTFS Computer Name: KC-PC | User Name: kcclick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015/11/29 05:06:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kcclick\Desktop\OTL.scr PRC - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2015/10/05 09:48:44 | 001,513,784 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2015/10/05 09:48:42 | 001,947,960 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe PRC - [2015/10/05 09:48:34 | 009,832,760 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe PRC - [2013/04/11 16:23:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe PRC - [2012/07/25 20:20:44 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe PRC - [2012/06/14 13:46:42 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe ========== Modules (No Company Name) ========== MOD - [2012/05/29 23:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\wincfi39.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/09/26 07:33:22 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013/09/26 07:33:21 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2013/09/26 07:26:21 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2013/09/26 07:18:10 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013/09/26 07:18:10 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013/07/16 21:00:43 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013/07/16 21:00:42 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2013/07/16 20:46:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013/07/16 20:00:44 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2013/07/16 19:59:59 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2013/06/20 16:12:32 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2013/06/20 03:53:56 | 000,103,424 | ---- | M] () [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe -- (AdaptiveSleepService) SRV:64bit: - [2013/06/20 03:53:04 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2013/05/10 14:16:10 | 000,224,840 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService) SRV:64bit: - [2013/03/01 16:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2012/12/07 08:05:16 | 001,854,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc) SRV:64bit: - [2012/07/25 20:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012/07/25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012/07/25 20:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012/07/25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012/07/25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012/07/25 20:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2015/10/05 09:48:44 | 001,513,784 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/04/11 16:23:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC) SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2012/07/25 20:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012/07/25 20:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2012/07/25 20:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2012/06/14 13:46:42 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe -- (NIS) SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2015/11/29 03:07:42 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV:64bit: - [2015/10/05 09:50:22 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mwac.sys -- (MBAMWebAccessControl) DRV:64bit: - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/09/26 08:09:45 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013/09/26 07:33:21 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013/09/26 07:33:21 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013/09/26 07:33:21 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2013/09/26 07:18:10 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013/09/26 07:18:10 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013/09/26 07:18:10 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013/09/26 07:18:10 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013/09/26 07:18:10 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013/07/16 21:10:44 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2013/07/16 21:10:44 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013/07/16 21:00:42 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013/07/16 20:48:52 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2013/07/16 20:46:14 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013/07/16 20:46:14 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013/07/16 20:41:46 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2013/07/16 20:30:07 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2013/07/16 20:30:06 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2013/07/16 20:04:37 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2013/07/16 19:59:52 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2013/07/16 19:59:51 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2013/07/16 19:59:51 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2013/06/20 17:18:08 | 011,661,312 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013/06/20 15:46:26 | 000,581,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013/04/24 02:16:22 | 000,495,856 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2013/04/24 02:16:20 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2013/04/24 02:16:18 | 000,029,424 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv) DRV:64bit: - [2013/04/23 20:38:24 | 000,098,744 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService) DRV:64bit: - [2013/04/09 23:06:12 | 001,552,456 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTWlanE) DRV:64bit: - [2013/03/28 17:13:10 | 000,288,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR) DRV:64bit: - [2013/03/14 18:46:06 | 000,792,648 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2013/03/01 16:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2013/03/01 16:40:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2013/02/08 07:45:32 | 000,017,504 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmdAS4.sys -- (AmdAS4) DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/11/30 15:31:02 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2012/11/30 15:31:00 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2012/08/31 09:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver) DRV:64bit: - [2012/08/28 21:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012/07/25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012/07/25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012/07/25 21:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012/07/25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/07/25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/07/25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012/07/25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012/07/25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012/06/20 14:27:30 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\SymELAM.sys -- (SymELAM) DRV:64bit: - [2012/06/02 07:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012/06/02 07:31:54 | 001,737,760 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2012/05/25 08:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\ccSetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012/05/24 17:23:10 | 000,485,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\SymDS64.sys -- (SymDS) DRV:64bit: - [2012/05/24 17:01:16 | 000,222,368 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\Ironx64.sys -- (SymIRON) DRV:64bit: - [2012/05/24 16:54:58 | 000,753,312 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012/05/21 10:25:20 | 001,129,120 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\SymEFA64.sys -- (SymEFA) DRV:64bit: - [2012/05/09 11:04:26 | 000,431,224 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\symnets.sys -- (SymNetS) DRV:64bit: - [2012/01/11 11:11:54 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\srtspx64.sys -- (SRTSPX) DRV - [2015/11/27 20:59:02 | 000,498,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2015/11/27 20:59:02 | 000,157,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2015/11/27 20:59:02 | 000,138,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20151127.022\eng64.sys -- (NAVENG) DRV - [2015/11/27 20:59:01 | 002,148,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20151127.022\ex64.sys -- (NAVEX15) DRV - [2015/11/26 10:00:20 | 000,767,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20151126.001\IDSviA64.sys -- (IDSVia64) DRV - [2015/11/13 15:44:10 | 001,665,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20151113.001\BHDrvx64.sys -- (BHDrvx64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{E240D9A9-C6CD-4DAA-ACCC-A226F9060FD4}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2522190925-4094293654-1769919326-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE - HKU\S-1-5-21-2522190925-4094293654-1769919326-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 IE - HKU\S-1-5-21-2522190925-4094293654-1769919326-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2522190925-4094293654-1769919326-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE - HKU\S-1-5-21-2522190925-4094293654-1769919326-1002\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKU\S-1-5-21-2522190925-4094293654-1769919326-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.72.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.72.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ [2015/11/27 17:38:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2015/11/28 23:18:26 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\ CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\ CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\ CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_1\ CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.12.30_0\ CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\ CHR - Extension: No name found = C:\Users\kcclick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O1 HOSTS File: ([2012/07/25 22:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\CoIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-2522190925-4094293654-1769919326-1002\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\CoIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\RunOnce: [symSilent] C:\Program Files (x86)\SymSilent\SymSilent.exe (Symantec Corporation) O4 - Startup: C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7629888B-0364-4DC9-A817-1C786D1B49C7}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{871B7713-55C3-4148-AB03-2AD632979987}: DhcpNameServer = 100.100.23.24 O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015/11/29 05:06:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\kcclick\Desktop\OTL.scr [2015/11/29 04:17:03 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\kcclick\Desktop\dds.scr [2015/11/29 03:05:05 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys [2015/11/29 02:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2015/11/29 02:15:48 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys [2015/11/29 02:15:48 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys [2015/11/29 02:15:48 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys [2015/11/29 02:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2015/11/29 02:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2015/11/29 02:14:52 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Programs [2015/11/29 02:13:56 | 022,908,888 | ---- | C] (Malwarebytes ) -- C:\Users\kcclick\Desktop\mbam-setup-2.2.0.1024.exe [2015/11/28 23:53:05 | 001,599,336 | ---- | C] (Malwarebytes) -- C:\Users\kcclick\Desktop\JRT.exe [2015/11/28 22:56:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2015/11/28 12:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2015/11/28 12:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Rocket [2015/11/28 12:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2015/11/28 12:24:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2015/11/28 12:24:33 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe [2015/11/28 12:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2015/11/28 12:23:42 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe [2015/11/28 12:23:42 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll [2015/11/28 12:23:41 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe [2015/11/28 12:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2015/11/28 12:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2015/11/28 12:09:11 | 029,471,144 | ---- | C] (Oracle Corporation) -- C:\Users\kcclick\Desktop\jre-7u51-windows-i586.exe [2015/11/28 12:09:06 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Roaming\MP3Rocket [2015/11/28 12:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2015/11/28 12:02:45 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Google [2015/11/28 12:01:56 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Deployment [2015/11/28 12:01:56 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Apps [2015/11/28 00:08:24 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Roaming\Macromedia [2015/11/28 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Roaming\Apple Computer [2015/11/28 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Apple Computer [2015/11/28 00:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2015/11/28 00:02:13 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys [2015/11/28 00:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2015/11/28 00:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2015/11/28 00:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2015/11/28 00:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2015/11/28 00:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2015/11/27 23:58:19 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Apple [2015/11/27 23:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2015/11/27 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2015/11/27 23:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2015/11/27 23:51:50 | 000,000,000 | ---D | C] -- C:\Users\kcclick\Documents\OneNote Notebooks [2015/11/27 21:39:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll [2015/11/27 21:39:29 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll [2015/11/27 21:39:29 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll [2015/11/27 21:39:29 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wups.dll [2015/11/27 21:39:27 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll [2015/11/27 21:39:27 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll [2015/11/27 21:39:25 | 000,253,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll [2015/11/27 21:39:25 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe [2015/11/27 21:39:22 | 000,773,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll [2015/11/27 21:39:22 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll [2015/11/27 21:39:21 | 001,623,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll [2015/11/27 21:38:58 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll [2015/11/27 21:38:58 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll [2015/11/27 21:38:58 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe [2015/11/27 21:38:58 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe [2015/11/27 21:34:21 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Roaming\hpqlog [2015/11/27 18:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2015/11/27 17:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2015/11/27 17:56:09 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Roaming\Hewlett-Packard [2015/11/27 17:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15 [2015/11/27 17:51:07 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\AMD [2015/11/27 17:47:40 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Roaming\ATI [2015/11/27 17:47:40 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\ATI [2015/11/27 17:46:37 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Hewlett-Packard [2015/11/27 17:45:53 | 000,000,000 | R--D | C] -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2015/11/27 17:45:53 | 000,000,000 | R--D | C] -- C:\Users\kcclick\Searches [2015/11/27 17:45:53 | 000,000,000 | R--D | C] -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2015/11/27 17:45:53 | 000,000,000 | -H-D | C] -- C:\Users\kcclick\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2015/11/27 17:45:39 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Roaming\Adobe [2015/11/27 17:45:10 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services [2015/11/27 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\VirtualStore [2015/11/27 17:41:58 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Roaming\Synaptics [2015/11/27 17:41:43 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information [2015/11/27 17:41:42 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Packages [2015/11/27 17:37:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2015/11/27 00:32:18 | 000,000,000 | ---D | C] -- C:\Windows.old [2015/11/27 00:03:39 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT [2015/11/26 23:59:49 | 000,000,000 | -H-D | C] -- C:\$SysReset [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\AppData\Local\Temporary Internet Files [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\Templates [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\Start Menu [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\SendTo [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\Recent [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\PrintHood [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\NetHood [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\Documents\My Videos [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\Documents\My Pictures [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\Documents\My Music [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\My Documents [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\Local Settings [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\AppData\Local\History [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\Cookies [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\Application Data [2015/11/26 23:47:11 | 000,000,000 | -HSD | C] -- C:\Users\kcclick\AppData\Local\Application Data [2015/11/26 23:47:09 | 000,000,000 | --SD | C] -- C:\Users\kcclick\AppData\Roaming\Microsoft [2015/11/26 23:47:09 | 000,000,000 | R--D | C] -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2015/11/26 23:47:09 | 000,000,000 | R--D | C] -- C:\Users\kcclick\Links [2015/11/26 23:47:09 | 000,000,000 | R--D | C] -- C:\Users\kcclick\Favorites [2015/11/26 23:47:09 | 000,000,000 | R--D | C] -- C:\Users\kcclick\Documents [2015/11/26 23:47:09 | 000,000,000 | R--D | C] -- C:\Users\kcclick\Desktop [2015/11/26 23:47:09 | 000,000,000 | R--D | C] -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2015/11/26 23:47:09 | 000,000,000 | R--D | C] -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2015/11/26 23:47:09 | 000,000,000 | -H-D | C] -- C:\Users\kcclick\Documents\hp.system.package.metadata [2015/11/26 23:47:09 | 000,000,000 | -H-D | C] -- C:\Users\kcclick\AppData [2015/11/26 23:47:09 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Temp [2015/11/26 23:47:09 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Local\Microsoft [2015/11/26 23:47:09 | 000,000,000 | ---D | C] -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance ========== Files - Modified Within 30 Days ========== [2015/11/29 05:08:55 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2015/11/29 05:06:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kcclick\Desktop\OTL.scr [2015/11/29 04:17:09 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\kcclick\Desktop\dds.scr [2015/11/29 03:07:42 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys [2015/11/29 03:03:27 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2015/11/29 02:26:05 | 000,065,536 | ---- | M] () -- C:\WINDOWS\SysNative\spu_storage.bin [2015/11/29 02:15:59 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2015/11/29 02:14:01 | 022,908,888 | ---- | M] (Malwarebytes ) -- C:\Users\kcclick\Desktop\mbam-setup-2.2.0.1024.exe [2015/11/28 23:53:06 | 001,599,336 | ---- | M] (Malwarebytes) -- C:\Users\kcclick\Desktop\JRT.exe [2015/11/28 23:21:00 | 000,002,290 | ---- | M] () -- C:\Users\kcclick\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2015/11/28 23:20:45 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2015/11/28 23:20:12 | 000,941,050 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2015/11/28 23:20:12 | 000,783,894 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2015/11/28 23:20:12 | 000,158,368 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2015/11/28 23:15:24 | 000,432,288 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2015/11/28 23:14:43 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2015/11/28 23:14:42 | 2974,810,112 | -HS- | M] () -- C:\hiberfil.sys [2015/11/28 22:55:16 | 001,733,632 | ---- | M] () -- C:\Users\kcclick\Desktop\adwcleaner_5.022.exe [2015/11/28 12:24:52 | 000,001,141 | ---- | M] () -- C:\Users\kcclick\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.4.6.lnk [2015/11/28 12:23:18 | 000,002,266 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2015/11/28 12:23:09 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll [2015/11/28 12:23:08 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe [2015/11/28 12:23:08 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe [2015/11/28 12:23:08 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe [2015/11/28 12:22:28 | 029,471,144 | ---- | M] (Oracle Corporation) -- C:\Users\kcclick\Desktop\jre-7u51-windows-i586.exe [2015/11/28 00:02:18 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2015/11/27 23:52:14 | 000,001,102 | ---- | M] () -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015/11/27 18:01:34 | 000,002,408 | ---- | M] () -- C:\Users\kcclick\Desktop\Word 2013.lnk [2015/11/27 18:01:12 | 000,002,350 | ---- | M] () -- C:\Users\kcclick\Desktop\OneNote 2013.lnk [2015/11/27 17:48:57 | 000,001,435 | ---- | M] () -- C:\Users\kcclick\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2015/11/27 17:45:30 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\HP Games.lnk [2015/11/26 23:50:10 | 000,017,148 | ---- | M] () -- C:\WINDOWS\diagwrn.xml [2015/11/26 23:50:09 | 000,017,148 | ---- | M] () -- C:\WINDOWS\diagerr.xml ========== Files Created - No Company Name ========== [2015/11/29 02:15:59 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2015/11/28 22:55:15 | 001,733,632 | ---- | C] () -- C:\Users\kcclick\Desktop\adwcleaner_5.022.exe [2015/11/28 12:24:51 | 000,001,141 | ---- | C] () -- C:\Users\kcclick\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.4.6.lnk [2015/11/28 12:23:18 | 000,002,290 | ---- | C] () -- C:\Users\kcclick\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2015/11/28 12:23:18 | 000,002,266 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2015/11/28 12:03:04 | 000,000,912 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2015/11/28 12:03:02 | 000,000,908 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2015/11/28 11:52:58 | 000,001,034 | ---- | C] () -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 Rocket-Installer.lnk [2015/11/28 00:02:17 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2015/11/27 23:58:12 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2015/11/27 23:52:13 | 000,001,102 | ---- | C] () -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015/11/27 17:57:04 | 000,002,408 | ---- | C] () -- C:\Users\kcclick\Desktop\Word 2013.lnk [2015/11/27 17:57:02 | 000,002,350 | ---- | C] () -- C:\Users\kcclick\Desktop\OneNote 2013.lnk [2015/11/27 17:48:57 | 000,001,435 | ---- | C] () -- C:\Users\kcclick\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2015/11/27 17:45:39 | 000,001,441 | ---- | C] () -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2015/11/26 23:47:11 | 000,002,171 | ---- | C] () -- C:\Users\kcclick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk [2015/11/26 23:47:11 | 000,000,352 | ---- | C] () -- C:\Users\kcclick\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2015/11/26 23:47:11 | 000,000,334 | ---- | C] () -- C:\Users\kcclick\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2015/11/26 23:46:49 | 000,017,148 | ---- | C] () -- C:\WINDOWS\diagwrn.xml [2015/11/26 23:46:49 | 000,017,148 | ---- | C] () -- C:\WINDOWS\diagerr.xml ========== ZeroAccess Check ========== [2013/07/16 21:21:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/09/26 07:10:47 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/09/26 07:10:46 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/09/26 07:11:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Synaptics [2015/11/28 13:08:12 | 000,000,000 | ---D | M] -- C:\Users\kcclick\AppData\Roaming\MP3Rocket [2015/11/27 17:41:58 | 000,000,000 | ---D | M] -- C:\Users\kcclick\AppData\Roaming\Synaptics ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 220 bytes -> C:\Users\kcclick\OneDrive:ms-properties < End of report >
  5. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.72.2 Run by kcclick at 4:18:18 on 2015-11-29 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3546.1083 [GMT -7:00] . AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k RPCSS C:\WINDOWS\system32\atiesrxx.exe C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\system32\dwm.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted C:\WINDOWS\system32\Hpservice.exe C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\WLANExt.exe C:\WINDOWS\System32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\WINDOWS\system32\svchost.exe -k apphost C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe C:\WINDOWS\system32\dashost.exe C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\taskhost.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\notepad.exe C:\WINDOWS\system32\taskhost.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\WINDOWS\system32\taskhostex.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe C:\WINDOWS\servicing\TrustedInstaller.exe C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16613_none_6273bd8950d6cae2\TiWorker.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe -k swprv C:\WINDOWS\system32\vssvc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\CoIEPlg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\CoIEPlg.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\CoIEPlg.dll mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe mRun: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [symSilent] "C:\Program Files (x86)\SymSilent\SymSilent.exe" /_spawn /service StartupFolder: C:\Users\kcclick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{7629888B-0364-4DC9-A817-1C786D1B49C7} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{871B7713-55C3-4148-AB03-2AD632979987} : DHCPNameServer = 100.100.23.24 Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\WINDOWS\System32\Drivers\amd_sata.sys [2012-11-30 80552] R0 amd_xata;amd_xata;C:\WINDOWS\System32\Drivers\amd_xata.sys [2012-11-30 26280] R2 AdaptiveSleepService;AdaptiveSleepService;C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe [2013-6-20 103424] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-9-26 98208] R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2013-6-20 241152] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-6-20 361984] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 hpsrv;HP Service;C:\WINDOWS\System32\hpservice.exe [2013-3-1 43320] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2013-4-11 1039160] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe [2013-9-26 143928] R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2015-11-27 1854056] R3 AmdAS4;AmdAS4 service;C:\WINDOWS\System32\Drivers\AmdAS4.sys [2013-2-8 17504] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\Drivers\AtihdW86.sys [2013-4-23 98744] R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20151113.001\BHDrvx64.sys [2015-11-13 1665608] R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\ccSetx64.sys [2013-9-26 168608] R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20151126.001\IDSviA64.sys [2015-11-26 767224] R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2015-11-29 25816] R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\Drivers\MBAMSwissArmy.sys [2015-11-29 192216] R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\Drivers\mwac.sys [2015-11-29 64216] R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\WINDOWS\System32\Drivers\RtsP2Stor.sys [2013-9-26 288840] R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2013-9-26 792648] R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\WINDOWS\System32\Drivers\rtwlane.sys [2013-9-26 1552456] R3 SymDS;Symantec Data Store;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\SymDS64.sys [2013-9-26 485024] R3 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\SymEFA64.sys [2013-9-26 1129120] R3 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\Ironx64.sys [2013-9-26 222368] R3 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\symnets.sys [2013-9-26 431224] R3 usbfilter;AMD USB Filter Driver;C:\WINDOWS\System32\Drivers\usbfilter.sys [2013-9-26 58536] R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\WINDOWS\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800] S0 SymELAM;Symantec ELAM Driver;C:\WINDOWS\System32\Drivers\NISx64\1400000.088\SymELAM.sys [2013-9-26 23448] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\WINDOWS\System32\Drivers\netr28x.sys [2012-6-2 1737760] S3 SmbDrv;SmbDrv;C:\WINDOWS\System32\Drivers\Smb_driver_AMDASF.sys [2013-4-24 29424] S3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\Drivers\Smb_driver_Intel.sys [2013-4-24 33008] S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\Drivers\usbaapl64.sys [2012-12-13 54784] SUnknown EraserUtilDrv11520;EraserUtilDrv11520; [x] . =============== Created Last 30 ================ . 2015-11-29 10:05:05 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys 2015-11-29 09:15:48 64216 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys 2015-11-29 09:15:48 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys 2015-11-29 09:15:48 109272 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys 2015-11-29 09:15:48 -------- d-----w- C:\ProgramData\Malwarebytes 2015-11-29 09:15:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-11-29 09:14:52 -------- d-----w- C:\Users\kcclick\AppData\Local\Programs 2015-11-29 05:56:31 -------- d-----w- C:\AdwCleaner 2015-11-28 23:38:21 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin 2015-11-28 23:38:19 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2015-11-28 19:36:07 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared 2015-11-28 19:23:42 98216 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll 2015-11-28 19:09:06 -------- d-----w- C:\Users\kcclick\AppData\Roaming\MP3Rocket 2015-11-28 19:02:45 -------- d-----w- C:\Users\kcclick\AppData\Local\Google 2015-11-28 19:01:56 -------- d-----w- C:\Users\kcclick\AppData\Local\Deployment 2015-11-28 19:01:56 -------- d-----w- C:\Users\kcclick\AppData\Local\Apps 2015-11-28 07:02:29 -------- d-----w- C:\Users\kcclick\AppData\Local\Apple Computer 2015-11-28 07:02:13 33240 ----a-w- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys 2015-11-28 07:01:16 -------- d-----w- C:\Program Files\iPod 2015-11-28 07:01:14 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2015-11-28 07:01:14 -------- d-----w- C:\Program Files\iTunes 2015-11-28 07:01:14 -------- d-----w- C:\Program Files (x86)\iTunes 2015-11-28 06:58:19 -------- d-----w- C:\Users\kcclick\AppData\Local\Apple 2015-11-28 04:39:29 86528 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll 2015-11-28 04:39:29 176640 ----a-w- C:\WINDOWS\System32\storewuauth.dll 2015-11-28 04:39:29 100352 ----a-w- C:\WINDOWS\System32\wudriver.dll 2015-11-28 04:39:25 253440 ----a-w- C:\WINDOWS\System32\WUSettingsProvider.dll 2015-11-28 04:39:21 1623040 ----a-w- C:\WINDOWS\System32\wucltux.dll 2015-11-28 04:38:58 40448 ----a-w- C:\WINDOWS\System32\wuapp.exe 2015-11-28 04:38:58 35328 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe 2015-11-28 04:38:58 144384 ----a-w- C:\WINDOWS\System32\wuwebv.dll 2015-11-28 04:38:58 128000 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll 2015-11-28 04:34:21 -------- d-----w- C:\Users\kcclick\AppData\Roaming\hpqlog 2015-11-28 00:59:39 563328 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2015-11-28 00:55:28 -------- d-----w- C:\Program Files\Microsoft Office 15 2015-11-28 00:51:07 -------- d-----w- C:\Users\kcclick\AppData\Local\AMD 2015-11-28 00:47:40 -------- d-----w- C:\Users\kcclick\AppData\Local\ATI 2015-11-28 00:46:37 -------- d-----w- C:\Users\kcclick\AppData\Local\Hewlett-Packard 2015-11-28 00:45:53 -------- d-----r- C:\Users\kcclick\Searches 2015-11-28 00:42:00 -------- d-----w- C:\Users\kcclick\AppData\Local\VirtualStore 2015-11-28 00:41:58 -------- d-----w- C:\Users\kcclick\AppData\Roaming\Synaptics 2015-11-28 00:41:42 -------- d-----w- C:\Users\kcclick\AppData\Local\Packages 2015-11-27 07:32:18 -------- d-----w- C:\Windows.old 2015-11-27 07:03:39 -------- d-----w- C:\$WINDOWS.~BT 2015-11-27 06:59:49 -------- d--h--w- C:\$SysReset . ==================== Find3M ==================== . 2015-11-29 09:26:05 65536 ----a-w- C:\WINDOWS\System32\spu_storage.bin . ============= FINISH: 4:20:58.67 ===============
  6. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 11/27/2015 5:38:43 PM System Uptime: 11/28/2015 11:14:20 PM (5 hours ago) . Motherboard: Hewlett-Packard | | 2178 Processor: AMD A4-1250 APU with Radeon HD Graphics | Socket FT1 | 1000/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 271 GiB total, 176.186 GiB free. D: is FIXED (NTFS) - 25 GiB total, 2.576 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP3: 11/27/2015 9:37:55 PM - Windows Update RP4: 11/28/2015 11:54:13 PM - JRT Pre-Junkware Removal . ==== Installed Programs ====================== . 4 Elements II 7-Zip 9.20 (x64 edition) Adobe Shockwave Player 11.6 Airport Mania AMD Accelerated Video Transcoding AMD Catalyst Install Manager AMD Fuel AMD Start Now AMD VISION Engine Control Center Apple Application Support Apple Mobile Device Support Apple Software Update Azteca Bejeweled 3 Bonjour Bounce Symphony Build-a-lot Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cradle Of Egypt Collector's Edition Cradle of Rome 2 Curse at Twilight Cyberlink PhotoDirector CyberLink PowerDirector 10 CyberLink YouCam D3DX10 Delicious: Emily's Childhood Memories Premium Edition Energy Star Farm Frenzy Google Chrome Google Update Helper Governor of Poker 2 Premium Edition Hewlett-Packard ACLM.NET v1.2.1.1 House of 1000 Doors: Family Secrets HP 3D DriveGuard HP Connected Music (Meridian - installer) HP CoolSense HP Customer Experience Enhancements HP Documentation HP MyRoom HP Postscript Converter HP Recovery Manager HP Registration Service HP Support Assistant HP System Event Utility HP Utility Center HP Wireless Button Driver iTunes Java 7 Update 72 Java Auto Updater Jewel Match 3 Luxor Evolved Mah Jong Medley Mahjongg Dimensions Deluxe: Tiles in Time Malwarebytes Anti-Malware version 2.2.0.1024 Microsoft Application Error Reporting Microsoft Office 365 Home Premium - en-us Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 Movie Maker MP3 Rocket MSVCRT MSVCRT110 MSVCRT110_amd64 Mystery P.I. - Curious Case of Counterfeit Cove Norton Internet Security OEM Application Profile Office 15 Click-to-Run Extensibility Component Office 15 Click-to-Run Licensing Component Office 15 Click-to-Run Localization Component Peggle Nights Photo Common Photo Gallery Plants vs. Zombies - Game of the Year Polar Bowler Realtek Card Reader Realtek Ethernet Controller Driver Realtek High Definition Audio Driver REALTEK Wireless LAN Driver Roads of Rome 3 Royal Envoy 2 Collector's Edition swMSM Synaptics Pointing Device Driver Tales of Lagoona Update Installer for WildTangent Games App Vacation Questâ„¢ - Australia WildTangent Games WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Youda Jewel Shop Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 11/28/2015 12:25:56 AM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10. 11/28/2015 11:13:49 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\Rtlihvs.dll 11/28/2015 11:13:33 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. 11/28/2015 11:11:17 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. 11/28/2015 11:10:47 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 11/28/2015 11:10:47 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 11/28/2015 11:10:47 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 11/28/2015 11:10:47 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 11/28/2015 11:10:46 PM, Error: Service Control Manager [7031] - The Microsoft Office Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 11/28/2015 11:10:30 PM, Error: Service Control Manager [7034] - The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s). 11/28/2015 11:10:30 PM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 11/28/2015 11:10:19 PM, Error: Service Control Manager [7031] - The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 11/28/2015 11:10:17 PM, Error: Service Control Manager [7034] - The HPWMISVC service terminated unexpectedly. It has done this 1 time(s). 11/28/2015 11:10:16 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). 11/28/2015 11:10:16 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). 11/28/2015 11:10:15 PM, Error: Service Control Manager [7034] - The Andrea RT Filters Service service terminated unexpectedly. It has done this 1 time(s). 11/28/2015 11:10:15 PM, Error: Service Control Manager [7034] - The AdaptiveSleepService service terminated unexpectedly. It has done this 1 time(s). 11/28/2015 11:10:15 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 11/28/2015 11:10:14 PM, Error: Service Control Manager [7034] - The Realtek Audio Service service terminated unexpectedly. It has done this 1 time(s). 11/28/2015 11:10:14 PM, Error: Service Control Manager [7034] - The HP Service service terminated unexpectedly. It has done this 1 time(s). 11/28/2015 11:10:14 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s). 11/26/2015 11:51:11 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting. 11/26/2015 11:40:22 PM, Error: Service Control Manager [7022] - The Norton Internet Security service hung on starting. 11/26/2015 11:39:42 PM, Error: Service Control Manager [7023] - The Network List Service service terminated with the following error: The device is not ready. 11/26/2015 11:35:37 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . ==== End Of File ===========================
  7. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/29/2015 Scan Time: 3:07 AM Logfile: scan log for malwarebytes.txt Administrator: Yes Version: 2.2.0.1024 Malware Database: v2015.11.28.05 Rootkit Database: v2015.11.26.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8 CPU: x64 File System: NTFS User: kcclick Scan Type: Threat Scan Result: Completed Objects Scanned: 365326 Time Elapsed: 25 min, 22 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.MP3Rocket, C:\Users\Public\Desktop\MP3 Rocket 6.4.6.lnk, Quarantined, [c79e542fa2e91f17c47f6133c93ad828], Physical Sectors: 0 (No malicious items detected) (end)
  8. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.1 (11.24.2015) Operating System: Windows 8 x64 Ran by kcclick (Administrator) on Sat 11/28/2015 at 23:54:05.67 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 1 Successfully deleted: C:\Program Files (x86)\mp3 rocket (Folder) Registry: 3 Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_95C2DE3AEFF7D061CFC202EAF667743B (Registry Value) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E240D9A9-C6CD-4DAA-ACCC-A226F9060FD4} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{E240D9A9-C6CD-4DAA-ACCC-A226F9060FD4} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 11/29/2015 at 0:02:03.25 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  9. # AdwCleaner v5.022 - Logfile created 28/11/2015 at 23:10:40 # Updated 22/11/2015 by Xplode # Database : 2015-11-22.2 [server] # Operating system : Windows 8 (x64) # Username : kcclick - KC-PC # Running from : C:\Users\kcclick\Desktop\adwcleaner_5.022.exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** [-] File Deleted : C:\Users\Public\Desktop\eBay.lnk ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** [-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Start Now Technology.lnk ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** ************************* :: "Tracing" keys removed :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [817 bytes] ##########
  10. My computer my husband bought for me brand new and I have only used it maybe a hand full of times because for one it runs and loads soooooo slowly, as well as having many many pop-ups. Everytime you try to open the web or even just turning the computer on there are many different junk pop ups