Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Arcardfrontier.com? [Solved]


  • This topic is locked This topic is locked

#1
pcnoob

pcnoob

    Member

  • Member
  • PipPipPip
  • 120 posts

Hi, recently I noticed a little video plating on the bottom right hand corner of my moniter when i was on certin website for instance jcpennies.com. I clicked on it and Arcadefrontier.com popped up. 

It said i could disable it from showing but if i deleted cookies it would reappear. so I clicked it and no more video BUT..... now survey pages are popping up. I have crome and explore because bing would freeze on search so i got crome.  Also I went to add and remove programs and arcadefrontier isnt there. nothing out of the ordinary there.

 

Windows 8.1

Norton Securty

 

OTL logfile created on: 4/11/2014 11:39:50 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jaclyn\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.45 Gb Total Physical Memory | 3.32 Gb Available Physical Memory | 60.84% Memory free
6.32 Gb Paging File | 3.57 Gb Available in Paging File | 56.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.15 Gb Total Space | 371.69 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Drive D: | 19.79 Gb Total Space | 2.43 Gb Free Space | 12.28% Space Free | Partition Type: NTFS
 
Computer Name: MICHELE | User Name: jaclyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/11 11:39:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jaclyn\Downloads\OTL.exe
PRC - [2014/03/18 18:28:48 | 000,194,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
PRC - [2014/03/14 17:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/03/12 01:29:49 | 000,276,376 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/27 19:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/06/13 14:55:12 | 002,101,248 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
PRC - [2012/06/07 20:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2011/12/14 14:58:36 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
PRC - [2010/07/23 11:48:06 | 000,557,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/14 17:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/14 17:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/14 17:50:35 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
MOD - [2014/03/14 17:50:34 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
MOD - [2014/03/14 17:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/14 17:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2013/11/13 08:02:59 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2012/06/08 12:34:06 | 000,016,400 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 20:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2009/02/19 18:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\WMINPUT.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/01 04:16:08 | 002,169,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/02/06 03:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/27 08:36:30 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/11/27 02:17:40 | 000,263,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/11/26 12:08:07 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/11/26 12:08:07 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/11/26 12:04:26 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013/11/22 21:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/11/07 20:41:17 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/10/30 17:29:53 | 000,348,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/10/30 17:29:53 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/09/29 21:03:28 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/09/29 21:03:28 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/09/29 21:03:27 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/09/17 07:02:26 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/08/22 05:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 04:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 04:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 04:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 04:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 04:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 03:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 03:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 03:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 02:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 02:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 02:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 02:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 02:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 02:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 02:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 02:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 02:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 02:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 02:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/03/12 01:29:49 | 000,276,376 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe -- (NIS)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/26 12:04:27 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2013/11/26 12:04:26 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2013/11/26 12:04:26 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013/09/29 21:03:26 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/08/22 05:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 20:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 19:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/01/10 14:38:00 | 000,038,712 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe -- (HPConnectedRemote)
SRV - [2012/08/15 14:29:52 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 18:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/12 13:02:02 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/03/10 03:35:53 | 000,377,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/03 21:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/17 18:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/11 11:33:43 | 000,875,736 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/02/11 11:33:43 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2014/01/07 18:46:27 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/11/26 12:08:07 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/11/26 12:06:37 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/11/10 19:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/01 04:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/30 17:58:59 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/30 17:29:36 | 000,236,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/10/30 17:29:36 | 000,124,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/10/30 17:28:47 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/10/25 18:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/09/29 21:03:25 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/29 21:03:25 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/09/29 21:03:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/29 20:51:06 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/09/29 20:51:01 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/09/26 19:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/25 19:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/09/17 07:02:28 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/09/17 07:02:26 | 012,526,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/09/09 19:47:38 | 000,023,568 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\symelam.sys -- (SymELAM)
DRV:64bit: - [2013/09/09 19:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\symds64.sys -- (SymDS)
DRV:64bit: - [2013/08/22 06:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 06:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 05:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 05:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 05:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 05:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 05:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 05:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 05:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 05:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 05:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 05:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 05:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 05:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 05:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 05:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 05:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 05:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 05:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 05:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 05:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 05:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 05:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 05:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 05:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 05:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 05:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 05:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 05:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 05:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 05:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 05:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 05:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 05:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 04:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 04:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 04:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 04:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 04:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 04:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 04:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 04:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 04:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 04:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 04:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 04:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 04:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 04:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 04:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 04:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 04:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 04:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 04:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 04:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 04:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 04:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 04:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 01:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 16:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 17:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 11:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 12:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/25 12:05:37 | 002,607,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/03/31 19:52:04 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 19:52:04 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/07/04 11:41:58 | 000,339,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/06/25 11:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/12 22:41:22 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/05/29 16:53:30 | 000,027,456 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpqdfw.sys -- (CpqDfw)
DRV:64bit: - [2012/03/30 23:49:08 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2014/04/09 20:01:43 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140411.001\ex64.sys -- (NAVEX15)
DRV - [2014/04/09 20:01:43 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140411.001\eng64.sys -- (NAVENG)
DRV - [2014/03/25 15:25:47 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140410.003\IDSviA64.sys -- (IDSVia64)
DRV - [2014/03/18 18:24:11 | 001,525,976 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140319.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/03/12 01:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{CE9B7BBE-35A4-4395-AA80-237BB1C62B2C}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{CE9B7BBE-35A4-4395-AA80-237BB1C62B2C}: "URL" = http://www.amazon.co...s={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{CE9B7BBE-35A4-4395-AA80-237BB1C62B2C}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\jaclyn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\jaclyn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\ [2014/04/09 18:17:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF [2014/03/12 18:05:43 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
CHR - Extension: Google Docs = C:\Users\jaclyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\jaclyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\jaclyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\jaclyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\jaclyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.43_0\
CHR - Extension: Google Wallet = C:\Users\jaclyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\jaclyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/08/22 06:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [BATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe (Hewlett-Packard)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [OSDTool] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\jaclyn\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\jaclyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA34DC4C-8647-41F7-A084-E59983B1A613}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/09 19:11:29 | 000,000,000 | ---D | C] -- C:\699374419bbeb5bb37af
[2014/03/12 18:04:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/11 11:25:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/11 11:20:00 | 000,000,948 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1440428649-3833106650-1877091346-1001UA.job
[2014/04/11 10:08:47 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/11 07:11:47 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/11 07:11:45 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/09 18:21:54 | 000,956,476 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/04/09 18:21:54 | 000,794,884 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/04/09 18:21:54 | 000,161,140 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/04/09 18:16:07 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/04/09 18:16:01 | 385,912,831 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/09 14:58:04 | 002,120,023 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1502000.026\Cat.DB
[2014/04/09 14:40:03 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForjaclyn.job
[2014/04/08 17:20:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1440428649-3833106650-1877091346-1001Core.job
[2014/03/27 01:26:27 | 000,030,711 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1502000.026\VT20140327.005
[2014/03/26 13:30:11 | 000,002,523 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2014/03/12 13:02:02 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS
[2014/03/12 13:02:02 | 000,008,222 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT
[2014/03/12 13:02:02 | 000,000,854 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF
 
========== Files Created - No Company Name ==========
 
[2014/03/17 16:42:45 | 000,138,240 | ---- | C] () -- C:\WINDOWS\SysNative\OEMLicense.dll
[2014/03/17 16:42:45 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/11/26 12:16:11 | 000,930,400 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/11/26 12:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/09/17 07:02:36 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013/09/17 07:02:36 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013/09/17 07:02:32 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013/09/17 07:02:20 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013/09/17 07:02:18 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013/09/17 07:02:14 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013/08/22 08:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 08:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 07:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 00:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 20:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 16:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 16:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/02/24 17:44:44 | 000,000,770 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2013/02/24 17:04:11 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/07/25 13:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012/07/25 13:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012/07/25 13:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin
 
========== ZeroAccess Check ==========
 
[2013/11/30 12:53:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/12/09 01:05:24 | 021,199,256 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/12/08 21:51:04 | 018,643,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 02:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 19:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 02:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/05/04 08:38:13 | 000,000,000 | ---D | M] -- C:\Users\jaclyn\AppData\Roaming\WildTangent
[2013/02/24 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\jaclyn\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 200 bytes -> C:\Users\jaclyn\SkyDrive:ms-properties
@Alternate Data Stream - 199 bytes -> C:\Users\jaclyn\SkyDrive (2).old:ms-properties
 
< End of report >
 

  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi pcnoob, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
Note: Please, bare in mind that I am still a trainee and my replies need to be reviewed by my teachers before I post them to you which requires time as both teachers and helpers are volunteers here. Take it as a good thing because now you have two people examining your problem. I really hope that we will be able to send you home with a smile on your face. :)

 

Post the Extras.txt located in C:\Users\jaclyn\Downloads

Regards,
Valinorum
  • 0

#3
pcnoob

pcnoob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
OTL Extras logfile created on: 4/11/2014 11:39:50 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jaclyn\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.45 Gb Total Physical Memory | 3.32 Gb Available Physical Memory | 60.84% Memory free
6.32 Gb Paging File | 3.57 Gb Available in Paging File | 56.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.15 Gb Total Space | 371.69 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Drive D: | 19.79 Gb Total Space | 2.43 Gb Free Space | 12.28% Space Free | Partition Type: NTFS
 
Computer Name: MICHELE | User Name: jaclyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09457CFB-734C-406C-B357-F47FC1474ED4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2799FD9C-38F5-4738-AC72-92B4142A8BF9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{31627755-A9B0-4F24-BDF1-AD35A1525B38}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4E38CCDD-449F-4004-80A6-1AA91EE80565}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4F0C0A4A-ABB3-4E11-8F9B-04710055EAA2}" = lport=55001 | protocol=6 | dir=in | name=hpconnectedremoteuser.exe | 
"{5B094B99-FA41-425D-873A-41F6E98D2735}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{63236D8D-37A2-4282-A60F-D085EAE57DC9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{876B177A-4BD3-4801-8627-1E6982ACF2EB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
"{89586644-F38B-4860-BD23-0EA4DA3BFC9C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9DC4BE5B-BA66-4757-ACB4-35F72CE39DA3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C489D4AC-C666-4ABB-AE52-D1C5DDF055E8}" = lport=53000 | protocol=6 | dir=in | name=hpconnectedremoteservice.exe | 
"{C8716C29-E9AC-4FD0-876D-F1F099DD28DA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E409573A-2733-4DD4-8B3C-6D81BB448F1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F99182A7-8535-4ED5-B352-6D888551A05B}" = lport=52000 | protocol=6 | dir=in | name=hpconnectedremoteuser.exe | 
"{FC6A6CA0-5E94-4416-902C-288BA0DBB6B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FFCCD86C-E065-4312-92C1-D09FDB653D5E}" = lport=54000 | protocol=6 | dir=in | name=hpconnectedremoteuser.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BCF2F6-4D8C-445B-BA43-D2848D90A03A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{0213ABE5-B23F-4FF6-A25B-26BC0C17BFDF}" = dir=in | name=skype | 
"{08EA246A-9DD8-4659-9A9A-B041D7EFB33E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{0A023248-32FC-444E-A936-2C99ADF4A390}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0AF227EA-F008-486E-9ECD-622FD9C76BF4}" = dir=in | name=hp+ | 
"{0CD797E3-851D-4AD8-A6BF-8EBD9C884983}" = dir=in | name=microsoft solitaire collection | 
"{0E903E6E-139B-4635-9F5C-D085DCBBAA81}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{0F9BFF3C-589E-4BBB-B9F3-267943BC4257}" = dir=in | name=getting started with windows 8 | 
"{11A66773-EA93-4D92-89F2-B0DDA0D1618C}" = dir=out | [email protected]{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{11B690F1-4698-4461-8377-0FD343AA41FD}" = dir=in | name=hp connected photo | 
"{1627A2A5-86EC-4712-8D4C-87FECB7BE846}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{18D545E2-AD99-4E9F-B7D5-16BD568399ED}" = dir=in | app=c:\users\jaclyn\appdata\local\microsoft\skydrive\skydrive.exe | 
"{1EFE756C-E87C-41E6-94A2-F893D2467EF8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2305E4CE-3158-4545-81BC-F3BAE64E1840}" = dir=out | [email protected]{microsoft.bingnews_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{2B56291B-1047-4169-BFBB-3650DEC31914}" = dir=in | name=sonicwall mobile connect | 
"{2B9F6DC7-F149-426A-9197-2553582B3E8D}" = dir=out | [email protected]{microsoft.zunemusic_2.2.800.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{2C9627F8-4F31-48E6-AB2F-A4D3FC2CA223}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{2CB38BC8-F515-498E-952B-F116F8F86379}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{2DD52E0C-A990-4D5D-9951-9A0C9E68551E}" = dir=out | name=check point vpn | 
"{2F0904DB-688E-4960-A720-BAFE376361C3}" = dir=out | [email protected]{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{30D6B267-E8A8-4EFB-86B5-02ECB1B423BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{31CEEB19-AA3C-443C-947A-480AFA0F3DAC}" = dir=out | name=netflix | 
"{3377154F-8ED1-44F0-8DE1-C7A4583F24A0}" = dir=in | name=microsoft mahjong | 
"{34C69F55-0422-493F-9DE5-646D19DD29DB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{35514EA6-8AF8-4C49-9D7E-CAC554BEE0AE}" = dir=out | name=windows_ie_ac_001 | 
"{3578F0B2-6B34-47D7-9AD2-D7A191385D62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{37FBBA0D-290E-45F9-A0C2-758EBFFB0B56}" = dir=out | [email protected]{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{38496114-7D07-4A44-9A32-6593FDE38395}" = dir=out | name=microsoft mahjong | 
"{3C5360C7-F3D2-4EFA-9336-8A6B60DEA65E}" = dir=out | name=hp+ | 
"{3C9A28F0-7948-4F9C-BA23-FDED5B65CF71}" = protocol=6 | dir=out | app=system | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{452C6494-4A66-4323-8FA9-A81BEB85FB9E}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{45450800-95B5-4FCF-8DAB-F4111F4139E3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe | 
"{51ECD539-DA92-4AC7-852A-DBE92F96F142}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{52FF1503-3AB5-4C08-BEB3-9685F6753F12}" = dir=out | [email protected]{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{5B04EDF9-8BA4-4F61-BD8B-FDC9C96DF40C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{5B9FAD60-C4EA-4792-A903-8860177F9395}" = dir=out | [email protected]{microsoft.bingfoodanddrink_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{5E04DA57-C5EE-4A4B-9000-E074FA93D1E0}" = dir=out | name=3d marble tracks | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{609C9837-96A8-480F-8AE7-0FEE6152840C}" = dir=out | name=sonicwall mobile connect | 
"{632F10E4-8397-488C-B761-0DC2DA9FA844}" = dir=out | name=windows_ie_ac_001 | 
"{65A1BBB8-61E9-4A17-A3CB-20F3055AE000}" = dir=out | name=iheartradio | 
"{6715FF83-966C-4BB1-AD1B-BF06E728A4AB}" = dir=out | [email protected]{microsoft.binghealthandfitness_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{685E1C03-19AA-4160-B9A9-22D7B897B8D9}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"{68B9D3E0-DA28-4118-ACCB-93A48A85063E}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{6B2CCB6F-9B8D-43C4-95C5-229818A57CD6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe | 
"{6B787490-8C86-431D-BD8E-5C8086B14E9B}" = dir=out | name=ebay | 
"{6BF03C1E-CF52-496B-9061-A71BFF666715}" = dir=out | name=kindle | 
"{6D043F07-28A7-4918-B417-C92815B62AFE}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{6E40A0EF-8119-49A2-AA91-7C0085C2E886}" = dir=out | [email protected]{microsoft.bingmaps_2.0.2530.2317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{71811C94-05BF-48D3-A0CE-67F18842486F}" = dir=out | [email protected]{microsoft.zunemusic_1.5.214.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{726AC700-4F3B-4D31-B289-A03812AB5251}" = dir=out | [email protected]{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{744A29D0-BCEE-4CEB-BE0D-0C85BDD40B94}" = dir=in | [email protected]{microsoft.xboxcompanion_1.4.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} | 
"{77320EDA-DF32-48BE-8460-6BCF4D2C020D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{7B981B9D-10B9-4750-A5DE-7E454FABC28A}" = dir=out | name=aceville minecraft | 
"{7BD6774D-01E2-499E-B0BB-62BC77A9CC3C}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{7CE06E97-8A8E-4978-B606-A29DD8481B84}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{7ECD7F15-AE6F-4CCB-8995-5C00DA8852BC}" = dir=in | [email protected]{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{7F1397AE-5BC9-4750-A105-2C043FDFFB7A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe | 
"{802CA2C1-3811-4A30-B446-13F2C9D24E45}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{807B5009-0294-47FA-B8D4-D7257D4B1167}" = dir=out | [email protected]{microsoft.bingtravel_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{83F4C34A-7B4A-4E2A-A2FB-64032993A249}" = protocol=17 | dir=in | name=hpconnectedremoteservice.exe | 
"{8519458B-6F5B-4FA5-882F-870F68DD5DB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8AF734D1-2BF7-4A2F-8422-1F4790CE2FCF}" = dir=out | name=juniper networks junos pulse | 
"{8C7BDA44-C309-4CB2-B962-75FFEF97A3C7}" = dir=out | [email protected]{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{96C95921-081B-40DE-84D0-77E12596CC3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{986FEBE6-8DB9-49A0-9E55-128C0C4C17B8}" = dir=out | [email protected]{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{99B8729D-1085-4F77-9BA8-AA3A28A79192}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2689\agent.exe | 
"{99D89270-2EB9-4F76-B6E8-4B5E2E71D9F1}" = dir=out | [email protected]{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{9B50FCDA-148D-40F9-97A0-EAD0A54F996A}" = dir=out | [email protected]{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{9B5C72A6-55B8-4BAA-9DF4-7C7E9F53C19F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe | 
"{9BE4C7AC-2254-4B54-914F-228D8D41AD13}" = dir=out | name=microsoft solitaire collection | 
"{9C62C6B3-E27C-46B2-96EB-10FE4BC7CB24}" = dir=in | name=f5 vpn | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{9FAD723A-91AD-4893-9373-D9F415CFF8DB}" = dir=out | name=skype | 
"{A24EBB0D-1E96-450A-B625-45E312C99715}" = dir=out | name=hp registration | 
"{AF8A31A8-8B96-47A7-BFDF-0B2418C8BFD2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{B74C3C2A-0F24-445B-B7C4-7088043FCFA6}" = dir=out | [email protected]{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{B97A99B4-C258-40A3-9FA4-F86B2C44229B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BA676A2D-BAB1-4AB7-B1FD-C5B4751661C6}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"{BD3C183C-898B-4E8D-B10D-F636278E94A0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{C66FFD80-5DB9-44B4-92D3-787715EE41F4}" = dir=out | [email protected]{microsoft.zunevideo_2.2.802.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{C6A20C0F-DFCE-478D-A48F-6D931BEAD22A}" = dir=in | name=check point vpn | 
"{C8D1389B-6631-4085-B3BA-7BFCFBFCE8F8}" = dir=in | [email protected]{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{D2EFAC90-6EA3-4BA9-98CB-6ECE1B0183B3}" = dir=out | [email protected]{microsoft.bingfinance_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{D419B786-7E64-436E-BFE2-8F21EB148900}" = dir=out | [email protected]{microsoft.xboxcompanion_1.4.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} | 
"{D61D6E4C-D3EE-4C73-A612-23EFBD2BD2EC}" = dir=in | app=c:\users\jaclyn\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DC5B00BF-DA55-45CA-9D9B-63A87E8D920D}" = dir=out | name=facebook | 
"{DF1EA7D0-3347-44CB-A367-4FE29262852B}" = dir=out | name=getting started with windows 8 | 
"{E172182A-DC84-4A16-97F3-9ED15452D9EC}" = dir=in | name=juniper networks junos pulse | 
"{E28BB61D-6CDA-43D7-96E4-FD4692088A71}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe | 
"{E43F42D9-D830-43F3-8C7C-A7CC5A293CB2}" = dir=out | [email protected]{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{E4F9D87A-306B-4E55-8DB7-1FA7A645ACCC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{EC98A37D-5426-453C-93B1-327EDFA90DDB}" = dir=out | name=f5 vpn | 
"{F054E3D0-CD7C-4DB5-826E-A9C8EC02107F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{F0E40F3E-B78F-4AE2-A428-E55D87AD49C8}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe | 
"{F13B0873-D549-4A38-8593-410902DA3C6F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F1B5E933-3A05-4DAC-B9ED-B157671E8FDF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{F365475E-6EA4-4873-BAC6-E3DBDC993FC9}" = dir=out | name=norton studio | 
"{F5BDB963-4EAE-477E-8A60-8BA17E35500A}" = dir=out | [email protected]{microsoft.bingsports_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F78E351B-09CB-4909-8D72-3101825E83DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F821787C-7854-4923-A7F3-2E9272328D82}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F894196A-D3BB-49FE-A27E-1F35E622B323}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{FBC3C4F5-84B8-4A31-BE6E-CD57149170C6}" = dir=out | [email protected]{microsoft.bingweather_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{FC01555A-D9BE-42CF-8649-4530B8D893A6}" = dir=out | name=hp connected photo | 
"{FF5913FC-5D1C-44B6-B5B9-494449B4C5AD}" = dir=out | [email protected]{artifexmundi.darkarcanathecarnival_2.1.0.2_x86__xmkq9zz36w32m?ms-resource://artifexmundi.darkarcanathecarnival/resources/packagedisplayname} | 
"TCP Query User{BFF4A3E7-0B1F-4384-B2E8-941AEDEF8815}C:\program files (x86)\soldier of fortune ii - double helix gold\sof2mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soldier of fortune ii - double helix gold\sof2mp.exe | 
"UDP Query User{E75A48FA-4AFA-445C-A3DC-B30C9BB65C4A}C:\program files (x86)\soldier of fortune ii - double helix gold\sof2mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soldier of fortune ii - double helix gold\sof2mp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2E58F5E0-B5EF-844C-5B18-4C21F800CAD6}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}" = AMD Catalyst Install Manager
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"O365HomePremRetail - en-us" = Microsoft Office 365 Home Premium - en-us
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{09BE17DC-59D2-FD28-371D-DCE0AE76CE75}" = CCC Help Korean
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{104D7F23-A414-EE6D-315E-A07CB75ADEEE}" = CCC Help English
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A7CF3BE-0D4A-33DF-DFD9-824487726365}" = CCC Help German
"{1BC4C58D-D726-172B-DA2C-BBE6AE5DEB76}" = CCC Help Finnish
"{1E6AF4B4-0910-4821-CB20-F8FD7AA09CCB}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2E2526C8-51A8-F6EB-8289-6787E880CE27}" = Catalyst Control Center Localization All
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"{574F0207-8E98-46CD-8F79-318348C98C46}" = HP Quick Start
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AD25D5C-C813-146B-4FB0-76561F7875B7}" = CCC Help Hungarian
"{5B4886EE-5A95-C257-A68F-2DCADE47A273}" = CCC Help Norwegian
"{5DB58618-7021-C650-EE8A-58CD1FAA95F9}" = CCC Help Thai
"{5F5ACD0C-A454-32A7-E206-EE89B1510128}" = CCC Help Danish
"{67087BB4-19B4-C169-3E52-2BED796D8AB3}" = CCC Help Swedish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AE04BB9-A455-16ED-5806-DCFBB14505D6}" = CCC Help Dutch
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7474548C-E456-4818-8ED0-4A1F00EF77A1}" = Catalyst Control Center - Branding
"{76DFBEB9-9E55-8CC6-B99A-9CEFAC573A1F}" = CCC Help Spanish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{839D1577-5415-6C89-6642-515DFFE6432F}" = CCC Help Czech
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84B13BF6-F7AF-198E-0E77-DCA4027B9D19}" = CCC Help Japanese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390R 802.11bgn Wi-Fi Adapter
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{A666A6E7-3A51-E289-559B-BF3486036ABF}" = CCC Help Turkish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABA39912-380C-0EF3-C820-868115EB1DAC}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AC7A441A-353F-75F6-6ABA-3BF98161B530}" = CCC Help Greek
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP Keyboard
"{B6480ED1-448E-813B-4FE0-BED811D1C01F}" = CCC Help French
"{BDBF9803-B57C-AB2A-8830-CBED34703840}" = Catalyst Control Center Graphics Previews Common
"{BFB6DE5F-9BEA-1FBB-3584-2C78639CE59A}" = CCC Help Polish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD35ECFB-5C95-398B-CAFA-B5E8881363C3}" = CCC Help Italian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E8406BA9-5D47-4A62-08C3-759EA677229A}" = AMD VISION Engine Control Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193812F-83C0-3CED-1EDE-BE2525267303}" = CCC Help Chinese Traditional
"{F243A34B-AB7F-4065-B770-B85B767C247C}" = HP Connected Remote
"{F754BC24-2C04-F76E-C403-0175F0954560}" = CCC Help Chinese Standard
"{FC62C740-2339-618C-467B-36CE6D409E5F}" = CCC Help Portuguese
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF27F674-821E-4BA2-985B-DDF539C2CD03}" = HP Support Assistant
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"NIS" = Norton Internet Security
"Soldier of Fortune II - Double Helix GOLD" = Soldier of Fortune II - Double Helix GOLD
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"WTA-0fe0d029-3a7c-4e89-8a53-6beea59a721f" = Hoyle Card Games
"WTA-16c85942-485b-4445-a4d3-4f0a6eec1fdb" = Governor of Poker 2 Premium Edition
"WTA-2118661c-69e4-47e0-a0c3-f976fc9b6918" = FATE: The Cursed King
"WTA-21a37b5a-e0f1-4b7a-8b78-b78afd38ab39" = FlatOut 2
"WTA-2c42e82e-6244-473a-b415-8fe388750318" = Zuma's Revenge
"WTA-43034e59-db8b-406f-ba86-c1232d9426e1" = Mahjongg Dimensions Deluxe: Tiles in Time
"WTA-4d13cb16-eac8-4e99-8fda-37f6fbbbaa5e" = Polar Bowler
"WTA-5357a370-8649-4f46-84df-287a53c50ec5" = Bejeweled 3
"WTA-5eeacc88-cbac-460c-b214-1b5f37b7f733" = Mortimer Beckett and the Crimson Thief Premium Edition
"WTA-5f50d100-bf21-48a0-bc5d-a52bb9d1ac16" = Roads of Rome 3
"WTA-6c60a1da-0f5c-473e-9af7-2e651d6a459e" = Tales of Lagoona
"WTA-8a6abfa4-fc2e-4020-90b6-a4d0f11a1cd6" = Cradle Of Egypt Collector's Edition
"WTA-91f2424c-fe46-4408-a085-e2f95ad78dda" = Jewel Match 3
"WTA-93be74a9-8184-4f4f-b7f9-385a425920ad" = Polar Golfer
"WTA-a8e9b636-cbca-4895-8d59-468e9d4eb335" = Cradle of Rome 2
"WTA-a90e8cc8-c32b-4f0c-96c7-3d944c9830f3" = Vacation Quest™ - Australia
"WTA-ac0eb313-eef6-4a4f-96a1-fd4856ddb030" = 4 Elements II
"WTA-b2a28b00-6799-4c00-a0bb-f3f93363fef9" = Luxor Evolved
"WTA-ce7556e7-aa50-493a-a3ff-f62dde24772b" = John Deere Drive Green
"WTA-e218ef17-30af-436c-ace4-b99e0f86547b" = Penguins!
"WTA-e43a6c83-ea40-4ab4-9396-8dee320a6566" = Build-a-lot 4 - Power Source
"WTA-e66044f2-73d2-4002-b4fd-73714f9417aa" = Chuzzle Deluxe
"WTA-ed5d6d40-57da-430f-a8ab-29cd5d727bc7" = Farm Frenzy
"WTA-f891759c-6b48-48ca-b0bc-ae6524b15856" = Peggle Nights
"WTA-fe22b2d4-157a-434f-a538-955ae2c20fb4" = Final Drive Fury
"WTA-ff2fd767-64d1-415c-8131-bad9d60021cb" = Mystery P.I. - Curious Case of Counterfeit Cove
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HPConnectedMusic" = HP Connected Music (Meridian - player)
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/4/2013 8:36:18 PM | Computer Name = Michele | Source = Office 2013 Licensing Service | ID = 0
Description = 
 
Error - 9/5/2013 8:36:18 PM | Computer Name = Michele | Source = Office 2013 Licensing Service | ID = 0
Description = 
 
Error - 9/6/2013 8:36:38 PM | Computer Name = Michele | Source = Office 2013 Licensing Service | ID = 0
Description = 
 
Error - 9/6/2013 9:41:24 PM | Computer Name = Michele | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.2.9200.16628, 
time stamp: 0x51a94434  Faulting module name: twinui.dll, version: 6.2.9200.16604,
 time stamp: 0x5184a60b  Exception code: 0xc0000005  Fault offset: 0x00000000000a43e6
Faulting
 process id: 0x5078  Faulting application start time: 0x01ceab580595bd71  Faulting application
 path: C:\windows\Explorer.EXE  Faulting module path: C:\Windows\System32\twinui.dll
Report
 Id: 9a4f2519-175e-11e3-be88-7054d23ac7c0  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 9/7/2013 8:36:18 PM | Computer Name = Michele | Source = Office 2013 Licensing Service | ID = 0
Description = 
 
Error - 9/8/2013 3:12:47 PM | Computer Name = Michele | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail
 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log
 for additional information.
 
Error - 9/8/2013 8:36:18 PM | Computer Name = Michele | Source = Office 2013 Licensing Service | ID = 0
Description = 
 
Error - 9/9/2013 8:36:18 PM | Computer Name = Michele | Source = Office 2013 Licensing Service | ID = 0
Description = 
 
Error - 9/9/2013 9:03:22 PM | Computer Name = Michele | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16660,
 time stamp: 0x51f1c5f3  Faulting module name: atidxx32.dll, version: 8.17.10.451,
 time stamp: 0x50227b09  Exception code: 0xc0000005  Fault offset: 0x000624f2  Faulting
 process id: 0x5948  Faulting application start time: 0x01ceada3801f3d88  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\windows\SYSTEM32\atidxx32.dll  Report Id: c9613644-19b4-11e3-be88-7054d23ac7c0
Faulting
 package full name:   Faulting package-relative application ID: 
 
Error - 9/10/2013 8:36:18 PM | Computer Name = Michele | Source = Office 2013 Licensing Service | ID = 0
Description = 
 
[ System Events ]
Error - 4/6/2014 1:27:36 PM | Computer Name = Michele | Source = Service Control Manager | ID = 7031
Description = The HP Connected Remote Service service terminated unexpectedly.  
It has done this 1 time(s).  The following corrective action will be taken in 5000
 milliseconds: Restart the service.
 
Error - 4/6/2014 1:40:49 PM | Computer Name = Michele | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 10. The Windows SChannel error state is 1203.
 
Error - 4/6/2014 1:41:18 PM | Computer Name = Michele | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 10. The Windows SChannel error state is 1203.
 
Error - 4/6/2014 1:41:48 PM | Computer Name = Michele | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 10. The Windows SChannel error state is 1203.
 
Error - 4/6/2014 1:59:58 PM | Computer Name = Michele | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 10. The Windows SChannel error state is 1203.
 
Error - 4/6/2014 2:00:28 PM | Computer Name = Michele | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 10. The Windows SChannel error state is 1203.
 
Error - 4/6/2014 2:00:58 PM | Computer Name = Michele | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 10. The Windows SChannel error state is 1203.
 
Error - 4/6/2014 2:21:32 PM | Computer Name = Michele | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 10. The Windows SChannel error state is 1203.
 
Error - 4/6/2014 2:22:02 PM | Computer Name = Michele | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 10. The Windows SChannel error state is 1203.
 
Error - 4/6/2014 2:22:32 PM | Computer Name = Michele | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 10. The Windows SChannel error state is 1203.
 
 
< End of report >

Edited by pcnoob, 11 April 2014 - 03:38 PM.

  • 0

#4
pcnoob

pcnoob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts

spelled the title wrong sorry its Arcadefrontier...


  • 0

#5
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi pcnoob, :)
  • Step #1 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
    • Update Installer for WildTangent Games App
    • WildTangent Games App
    • WildTangent Games
 
  • Step #2
    Temporary disable your security software i.e. anti-virus, anti-malware. Peruse this if you are unsure. Download Zoek.exe by smeenk from one of the following locations listed below --
    Download Link #1
    Download Link #2
    • Right-click and choose Run as administrator to run the program.
      • Note: The program may not appear instantaneously. Await few minutes for the program to start if that happens
    • Copy and Paste the following content inside the code box into Zoek's box --
      process;
      filesrcm;
      startupall;
      hijackthis;
      shortcutfix;
      iedefaults;
      resethosts;
      autoclean;
      emptyalltemp;
      
    • Close all open Windows including your web-browser.
    • Click on Run Script.
    • Your system may reboot and a log file will open which is also located in your systemdrive.
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • Zoek Log
Regards,
Valinorum
  • 0

#6
pcnoob

pcnoob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts

Hi, 

  • Update Installer for WildTangent Games App
  • WildTangent Games App
  • WildTangent Games

I only saw WildTangent games the other 2 were not there. I hit uninstall and a pop came up and asked what games to uninstall and i choose every game. 

 

 
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by jaclyn on Sat 04/12/2014 at 14:54:31.08.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jaclyn\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
4/12/2014 2:55:53 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Reset Hosts File ======================
 
# Copyright © 1993-2006 Microsoft Corp. 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# For example: 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
127.0.0.1       localhost 
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-1440428649-3833106650-1877091346-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} deleted successfully
HKEY_USERS\S-1-5-21-1440428649-3833106650-1877091346-1001\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully
HKEY_USERS\S-1-5-21-1440428649-3833106650-1877091346-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CE9B7BBE-35A4-4395-AA80-237BB1C62B2C} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\jaclyn\Downloads\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\APN deleted
 
==== Files Recently Created / Modified ======================
 
====== C:\WINDOWS ====
====== C:\Users\jaclyn\AppData\Local\Temp ====
2014-04-12 21:48:56 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-2c42e82e-6244-473a-b415-8fe388750318\Uninstaller.exe
2014-04-12 21:48:54 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-a90e8cc8-c32b-4f0c-96c7-3d944c9830f3\Uninstaller.exe
2014-04-12 21:48:53 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-6c60a1da-0f5c-473e-9af7-2e651d6a459e\Uninstaller.exe
2014-04-12 21:48:51 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-5f50d100-bf21-48a0-bc5d-a52bb9d1ac16\Uninstaller.exe
2014-04-12 21:48:49 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-93be74a9-8184-4f4f-b7f9-385a425920ad\Uninstaller.exe
2014-04-12 21:48:47 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-4d13cb16-eac8-4e99-8fda-37f6fbbbaa5e\Uninstaller.exe
2014-04-12 21:48:46 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-e218ef17-30af-436c-ace4-b99e0f86547b\Uninstaller.exe
2014-04-12 21:48:44 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-f891759c-6b48-48ca-b0bc-ae6524b15856\Uninstaller.exe
2014-04-12 21:48:42 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-ff2fd767-64d1-415c-8131-bad9d60021cb\Uninstaller.exe
2014-04-12 21:48:40 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-5eeacc88-cbac-460c-b214-1b5f37b7f733\Uninstaller.exe
2014-04-12 21:48:38 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-43034e59-db8b-406f-ba86-c1232d9426e1\Uninstaller.exe
2014-04-12 21:48:36 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-b2a28b00-6799-4c00-a0bb-f3f93363fef9\Uninstaller.exe
2014-04-12 21:48:34 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-ce7556e7-aa50-493a-a3ff-f62dde24772b\Uninstaller.exe
2014-04-12 21:48:32 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-91f2424c-fe46-4408-a085-e2f95ad78dda\Uninstaller.exe
2014-04-12 21:48:30 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-0fe0d029-3a7c-4e89-8a53-6beea59a721f\Uninstaller.exe
2014-04-12 21:48:28 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-16c85942-485b-4445-a4d3-4f0a6eec1fdb\Uninstaller.exe
2014-04-12 21:48:25 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-21a37b5a-e0f1-4b7a-8b78-b78afd38ab39\Uninstaller.exe
2014-04-12 21:48:23 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-fe22b2d4-157a-434f-a538-955ae2c20fb4\Uninstaller.exe
2014-04-12 21:48:21 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-ed5d6d40-57da-430f-a8ab-29cd5d727bc7\Uninstaller.exe
2014-04-12 21:48:19 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-2118661c-69e4-47e0-a0c3-f976fc9b6918\Uninstaller.exe
2014-04-12 21:48:17 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-a8e9b636-cbca-4895-8d59-468e9d4eb335\Uninstaller.exe
2014-04-12 21:48:15 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-8a6abfa4-fc2e-4020-90b6-a4d0f11a1cd6\Uninstaller.exe
2014-04-12 21:48:14 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-e66044f2-73d2-4002-b4fd-73714f9417aa\Uninstaller.exe
2014-04-12 21:48:12 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-e43a6c83-ea40-4ab4-9396-8dee320a6566\Uninstaller.exe
2014-04-12 21:48:08 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-5357a370-8649-4f46-84df-287a53c50ec5\Uninstaller.exe
2014-04-12 21:48:04 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-ac0eb313-eef6-4a4f-96a1-fd4856ddb030\Uninstaller.exe
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2014-04-09 21:30:52 7F1FC7E98B7DD19BDBB4B2424F93DA8B 1036288 ----a-w- C:\WINDOWS\SysWOW64\kernel32.dll
2014-04-09 21:30:51 AFA852563F2145C26B34F939487A86E9 835584 ----a-w- C:\WINDOWS\SysWOW64\KernelBase.dll
2014-04-09 21:30:47 CCF19C82F6145E4A467F7CB9AF82026C 17073152 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2014-04-09 21:27:57 BF576E866F0C70F0A6C7CA5BF28EC89A 2724864 ----a-w- C:\WINDOWS\SysWOW64\mshtml.tlb
2014-03-31 21:37:54 07B5CC5559ED3F55A3F940B3211D89C2 124416 ----a-w- C:\WINDOWS\SysWOW64\poqexec.exe
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2014-04-09 21:30:51 AAC770C00645F25A6CE9CCB711F8E7ED 1287576 ----a-w- C:\WINDOWS\Sysnative\kernel32.dll
2014-04-09 21:30:51 82580BA9C29F7553FBB4FF6A80664157 1109424 ----a-w- C:\WINDOWS\Sysnative\KernelBase.dll
2014-04-09 21:30:48 C3E3EFD320D0000BE6F9CDB00CD6086F 23134208 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2014-04-09 21:27:52 C56EF94A5E1C20BF4B8AA6698642886F 2724864 ----a-w- C:\WINDOWS\Sysnative\mshtml.tlb
2014-03-31 21:37:55 4A8D40E38BC2C57E5D630AD6994A85CB 139776 ----a-w- C:\WINDOWS\Sysnative\poqexec.exe
====== C:\WINDOWS\Sysnative\drivers =====
2014-04-09 21:30:54 B8B663BE41827211737F627473D6D192 377176 ----a-w- C:\WINDOWS\Sysnative\drivers\clfs.sys
2014-04-09 21:30:54 725EF69B2DBEB7B33280019A556201BC 2008408 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys
2014-03-17 23:42:43 13B160C1913F012BD1615EB1398D3779 1530712 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2014-03-17 23:42:41 22EDC0DE06A0272DFA4C7B47B5D8E377 382808 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys
2014-03-17 23:42:40 D22EB844EB57D016CC34178AC86456DF 325464 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS
2014-03-17 23:42:40 A1A5E79C0D1352AFDC08328A623DA051 408576 ----a-w- C:\WINDOWS\Sysnative\drivers\rdbss.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\jaclyn\AppData\Roaming ======
====== C:\Users\jaclyn ======
2014-04-12 17:28:13 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp
2014-04-11 18:39:11 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\jaclyn\Downloads\OTL.exe
 
====== C: exe-files ==
2014-04-12 21:48:56 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-2c42e82e-6244-473a-b415-8fe388750318\Uninstaller.exe
2014-04-12 21:48:54 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-a90e8cc8-c32b-4f0c-96c7-3d944c9830f3\Uninstaller.exe
2014-04-12 21:48:53 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-6c60a1da-0f5c-473e-9af7-2e651d6a459e\Uninstaller.exe
2014-04-12 21:48:51 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-5f50d100-bf21-48a0-bc5d-a52bb9d1ac16\Uninstaller.exe
2014-04-12 21:48:49 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-93be74a9-8184-4f4f-b7f9-385a425920ad\Uninstaller.exe
2014-04-12 21:48:47 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-4d13cb16-eac8-4e99-8fda-37f6fbbbaa5e\Uninstaller.exe
2014-04-12 21:48:46 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-e218ef17-30af-436c-ace4-b99e0f86547b\Uninstaller.exe
2014-04-12 21:48:44 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-f891759c-6b48-48ca-b0bc-ae6524b15856\Uninstaller.exe
2014-04-12 21:48:42 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-ff2fd767-64d1-415c-8131-bad9d60021cb\Uninstaller.exe
2014-04-12 21:48:40 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-5eeacc88-cbac-460c-b214-1b5f37b7f733\Uninstaller.exe
2014-04-12 21:48:38 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-43034e59-db8b-406f-ba86-c1232d9426e1\Uninstaller.exe
2014-04-12 21:48:36 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-b2a28b00-6799-4c00-a0bb-f3f93363fef9\Uninstaller.exe
2014-04-12 21:48:34 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-ce7556e7-aa50-493a-a3ff-f62dde24772b\Uninstaller.exe
2014-04-12 21:48:32 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-91f2424c-fe46-4408-a085-e2f95ad78dda\Uninstaller.exe
2014-04-12 21:48:30 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-0fe0d029-3a7c-4e89-8a53-6beea59a721f\Uninstaller.exe
2014-04-12 21:48:28 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-16c85942-485b-4445-a4d3-4f0a6eec1fdb\Uninstaller.exe
2014-04-12 21:48:25 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-21a37b5a-e0f1-4b7a-8b78-b78afd38ab39\Uninstaller.exe
2014-04-12 21:48:23 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-fe22b2d4-157a-434f-a538-955ae2c20fb4\Uninstaller.exe
2014-04-12 21:48:21 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-ed5d6d40-57da-430f-a8ab-29cd5d727bc7\Uninstaller.exe
2014-04-12 21:48:19 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-2118661c-69e4-47e0-a0c3-f976fc9b6918\Uninstaller.exe
2014-04-12 21:48:17 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-a8e9b636-cbca-4895-8d59-468e9d4eb335\Uninstaller.exe
2014-04-12 21:48:15 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-8a6abfa4-fc2e-4020-90b6-a4d0f11a1cd6\Uninstaller.exe
2014-04-12 21:48:14 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-e66044f2-73d2-4002-b4fd-73714f9417aa\Uninstaller.exe
2014-04-12 21:48:12 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-e43a6c83-ea40-4ab4-9396-8dee320a6566\Uninstaller.exe
2014-04-12 21:48:08 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-5357a370-8649-4f46-84df-287a53c50ec5\Uninstaller.exe
2014-04-12 21:48:04 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\jaclyn\AppData\Local\Temp\uninstaller-WTA-ac0eb313-eef6-4a4f-96a1-fd4856ddb030\Uninstaller.exe
2014-04-12 02:25:25 5547AB584CA80A42F1A0CFC6405D0EE7 37003992 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.116\34.0.1847.116_chrome_installer.exe
2014-04-11 19:26:52 B97A94D50F797EF00614BE4F25A7A631 548536 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-04-11 19:26:51 D4474A8F1545F5EA8910DF0A0BA3B2AA 840400 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE
2014-04-11 19:26:48 847C42B6D3628881E8DF4B093631519D 78576 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
2014-04-11 19:26:48 49D6E55582897A2D7BE65248603F083E 7129304 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\CMigrate.exe
2014-04-11 19:26:47 1368F38793FD367B450B47FEAEBF2DA2 39584 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\AppSharingHookController64.exe
2014-04-11 19:26:45 C8F675B4F7AC2D31A44501F9939CF80A 5297368 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CMigrate.exe
2014-04-11 19:26:44 55237AB507C8351C2DE903FB42BE82A7 9597104 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\PDFREFLOW.EXE
2014-04-11 19:26:43 FEAEB800E5632437644E9D131B9D6098 871088 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\protocolhandler.exe
2014-04-11 19:26:43 98C21A1E196BBC7DA76B35A8D1DC7B05 471784 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DWTRIG20.EXE
2014-04-11 19:26:35 06F21309A380BC51D5991D3E951DB70A 1054424 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
2014-04-11 19:26:32 D7571FB88C91A05300B1EC1835200C1C 515312 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\IEContentService.exe
2014-04-11 19:26:32 D6628D559F16663F62D2AAA95AC730ED 496320 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSOUC.EXE
2014-04-11 19:26:32 BC0035342F87B6E2B6E2EDEC540B35BF 478936 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\SELFCERT.EXE
2014-04-11 19:26:32 B250D11FFAFDF23DA54C717A05BC6C92 449216 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
2014-04-11 19:26:32 7D36DBF0B4355C4204C94F30C3821ED0 21922464 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\excelcnv.exe
2014-04-11 19:26:32 589AEB7287893196D585A336570F028F 569592 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ORGCHART.EXE
2014-04-11 19:26:32 527428444DDE1288A502182F6B374B17 4522688 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\GRAPH.EXE
2014-04-11 19:26:31 23B85A0F237D3E439F98FA0B73EC490C 526024 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\VPREVIEW.EXE
2014-04-11 19:26:11 F0ECAEDB879431874D2315630BD05502 578256 ----a-w- C:\Program Files\Microsoft Office 15\root\Integration\Integrator.exe
2014-04-11 19:25:49 D31FE31FD11E05A0503B59D694FB65FD 18926248 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
2014-04-11 19:25:46 E7910B535B3F52A0C795DA90626E28E5 1757352 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ONENOTE.EXE
2014-04-11 19:25:45 579ABA2979970978365E7615B593EBEF 15516840 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSACCESS.EXE
2014-04-11 19:25:35 35F84DF8A5B0941D7DE5A8CE1E1D5413 1923232 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
2014-04-11 19:25:34 DD76F47DFAB2AFE63B763B32636B9C60 25701024 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
2014-04-11 19:25:30 DF5AB1C45F8062054E2A9602A274A648 934056 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\FIRSTRUN.EXE
2014-04-11 19:25:14 8FAE9109245E4B4FF42704ECFB86F1B6 8704216 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.116\34.0.1847.116_33.0.1750.154_chrome_updater.exe
2014-04-11 18:39:11 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\jaclyn\Downloads\OTL.exe
=== C: other files ==
2014-04-09 21:30:54 B8B663BE41827211737F627473D6D192 377176 ----a-w- C:\Windows\System32\drivers\clfs.sys
2014-04-09 21:30:54 725EF69B2DBEB7B33280019A556201BC 2008408 ----a-w- C:\Windows\System32\drivers\ntfs.sys
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-1440428649-3833106650-1877091346-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="C:\Users\jaclyn\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"CLMLServer_For_P2G8"="c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"CLVirtualDrive"="c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R"
"BATINDICATOR"="C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe"
"BATINDICATORHL"="C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe"
"OSDTool"="C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="C:\Users\jaclyn\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"
 
==== Startup Folders ======================
 
2013-03-27 22:47:25 1097 ----a-w- C:\Users\jaclyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
 
==== Task Scheduler Jobs ======================
 
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1440428649-3833106650-1877091346-1001Core.job --a-------- C:\Users\jaclyn\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/12/2013 06:15 PM]
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1440428649-3833106650-1877091346-1001UA.job --a-------- C:\Users\jaclyn\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/12/2013 06:15 PM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/04/2013 05:39 PM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/04/2013 05:39 PM]
C:\WINDOWS\tasks\HPCeeScheduleForjaclyn.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [09/13/2010 11:15 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1440428649-3833106650-1877091346-1001Core" [C:\Users\jaclyn\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1440428649-3833106650-1877091346-1001UA" [C:\Users\jaclyn\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\HPCeeScheduleForjaclyn" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\WINDOWS\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]
"C:\WINDOWS\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{A3D0C9D6-25AC-4E5B-AC2F-908E055EB36C}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No)" [c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes)" [c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe]
"C:\WINDOWS\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF" [03/12/2014 06:05 PM]
 
==== Chrome Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx[03/11/2014 01:44 PM]
 
Norton Identity Protection - jaclyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...TR&pc=HPDTDFJS"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.co...ge={startPage}"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay  Url="http://rover.ebay.co...4371-11896-2/4"
 
==== shortcuts on Users Desktops ======================
 
C:\Users\jaclyn\Desktop\SOF II GOLD Multiplayer.lnk - C:\Program Files (x86)\Soldier of Fortune II - Double Helix GOLD\SoF2MP.exe 
C:\Users\jaclyn\Desktop\SOF II GOLD Single Player.lnk - C:\Program Files (x86)\Soldier of Fortune II - Double Helix GOLD\SoF2.exe +set com_multilingual 2 +set sp_language 0
 
==== shortcuts on All Users Desktop ======================
 
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Connected Music powered by Meridian.lnk - C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe 
C:\Users\Public\Desktop\Connected Remote.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteMgmtUI.exe 
C:\Users\Public\Desktop\CyberLink YouCam.lnk - C:\Program Files (x86)\CyberLink\YouCam\Youcam_webcam_camera_video.exe 
C:\Users\Public\Desktop\eBay.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe http://redirect.hp.c...us&bd=all&c=124
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\HP Games.lnk - C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe /src desktopoem /dp hpcpc3c12
C:\Users\Public\Desktop\HP Quick Start.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe 
C:\Users\Public\Desktop\Norton Internet Security.lnk - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\uistub.exe 
C:\Users\Public\Desktop\Snapfish.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe http://www.snapfish....topicon_2012_us
C:\Users\Public\Desktop\VUDU - Streaming Movies.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe http://redirect.hp.c...4&s=VUDU&TYPE=4
C:\Users\Public\Desktop\World of Warcraft.lnk - C:\Users\Public\Games\World of Warcraft\World of Warcraft Launcher.exe 
 
==== shortcuts in All Users Start Menu ======================
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\Norton Internet Security.lnk - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\uistub.exe /win8
 
==== shortcuts in Quick Launch ======================
 
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\jaclyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\jaclyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\jaclyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\jaclyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\jaclyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CyberLink Media Suite.lnk - C:\Program Files (x86)\CyberLink\Media Suite\PS.exe 
C:\Users\jaclyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
C:\Users\jaclyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\jaclyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Quick Start.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe 
C:\Users\jaclyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
 
==== shortcuts After Repair ======================
 
C:\Users\Public\Desktop\eBay.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe 
C:\Users\Public\Desktop\Snapfish.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe 
C:\Users\Public\Desktop\VUDU - Streaming Movies.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe 
 
==== HijackThis Entries ======================
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
O4 - HKLM\..\Run: [BATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
O4 - HKLM\..\Run: [OSDTool] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\jaclyn\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jaclyn\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\jaclyn\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\jaclyn\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=4 folders=3 229755 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\jaclyn\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\jaclyn\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Sat 04/12/2014 at 15:15:56.20 ======================

  • 0

#7
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi pcnoob, :)
  • Step #2 Zoek Fix
    Re-run Zoek.exe.
    • Copy and Paste the following content inside the code box into Zoek's box --
      installedprogs;
      C:\Program Files (x86)\WildTangent Games;fs
      C:\Users\Public\Desktop\HP Games.lnk;f
      
    • Close all open Windows including your web-browser.
    • Click on Run Script.
    • Your system may reboot and a log file will open which is also located in your systemdrive.
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #3 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart;
    • Copy and Paste the contents of this log in your reply.
 
  • Step #4 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2
    • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
    • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
    • Please be patient as the tool cleans your system;
    • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • Zoek Log;
    • AdwCleaner Log;
    • Junkware Removal Tool Log
Regards,
Valinorum
  • 0

#8
pcnoob

pcnoob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts

Here is the Zoek log . Ill post the other logs in post to follow

 

 
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by jaclyn on Mon 04/14/2014 at  8:01:02.00.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jaclyn\Downloads\zoek (2).exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2014-04-12-221556.log 41514 bytes
C:\zoek-results2014-04-14-145039.log 3617 bytes
 
==== Installed Programs ======================
 
Adobe Reader XI (11.0.06)  
AMD APP SDK Runtime  
AMD Catalyst Install Manager  
AMD VISION Engine Control Center  
Bonjour  
Catalyst Control Center - Branding  
Catalyst Control Center Graphics Previews Common  
Catalyst Control Center InstallProxy  
Catalyst Control Center Localization All  
ccc-utility64  
CCC Help Chinese Standard  
CCC Help Chinese Traditional  
CCC Help Czech  
CCC Help Danish  
CCC Help Dutch  
CCC Help English  
CCC Help Finnish  
CCC Help French  
CCC Help German  
CCC Help Greek  
CCC Help Hungarian  
CCC Help Italian  
CCC Help Japanese  
CCC Help Korean  
CCC Help Norwegian  
CCC Help Polish  
CCC Help Portuguese  
CCC Help Russian  
CCC Help Spanish  
CCC Help Swedish  
CCC Help Thai  
CCC Help Turkish  
CyberLink LabelPrint  
CyberLink Media Suite 10  
CyberLink PhotoDirector  
CyberLink Power2Go 8  
CyberLink PowerDirector 10  
CyberLink PowerDVD  
CyberLink YouCam  
D3DX10  
Energy Star  
Facebook Video Calling 2.0.0.447  
Google Chrome  
Google Toolbar for Internet Explorer  
Google Update Helper  
Hewlett-Packard ACLM.NET v1.2.0.0  
HP Connected Music (Meridian - installer)  
HP Connected Music (Meridian - player)  
HP Connected Remote  
HP Customer Experience Enhancements  
HP Games  
HP Keyboard  
HP MyRoom  
HP Postscript Converter  
HP Quick Start  
HP Registration Service  
HP Support Assistant  
HP Support Information  
Microsoft Application Error Reporting  
Microsoft Office 365 - en-us  
Microsoft SkyDrive  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft SQL Server Compact 3.5 SP2 ENU  
Microsoft SQL Server Compact 3.5 SP2 x64 ENU  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
MSVCRT  
Norton Internet Security  
Office 15 Click-to-Run Extensibility Component  
Office 15 Click-to-Run Licensing Component  
Office 15 Click-to-Run Localization Component  
Ralink RT5390R 802.11bgn Wi-Fi Adapter  
Realtek High Definition Audio Driver  
Realtek PCIE Card Reader  
Recovery Manager  
Soldier of Fortune II - Double Helix GOLD  
Unity Web Player  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Installer  
Windows Live Language Selector  
Windows Live Movie Maker  
Windows Live Photo Common  
Windows Live Photo Gallery  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Windows Live Writer  
Windows Live Writer Resources  
World of Warcraft  
 
==== Deleting Files \ Folders ======================
 
C:\Program Files (x86)\WildTangent Games not found
"C:\Users\Public\Desktop\HP Games.lnk" not found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=5 folders=3 231945 bytes)
 
==== EOF on Mon 04/14/2014 at  8:01:49.92 ======================

  • 0

#9
pcnoob

pcnoob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts

AdwCleaner log

 

# AdwCleaner v3.023 - Report created 14/04/2014 at 08:09:11
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : jaclyn - MICHELE
# Running from : C:\Users\jaclyn\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\Software\InstallIQ
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Users\jaclyn\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1109 octets] - [14/04/2014 08:07:44]
AdwCleaner[S0].txt - [1043 octets] - [14/04/2014 08:09:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1103 octets] ##########

  • 0

#10
pcnoob

pcnoob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts

Junkware removal tool log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by jaclyn on Mon 04/14/2014 at  8:13:49.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/14/2014 at  8:20:29.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

Advertisements


#11
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
How is your system running?
  • 0

#12
pcnoob

pcnoob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts

seems to be running great. did you find anything?


  • 0

#13
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi pcnoob, :)

Yes, we found the main culprit. Time to check for remnants.
  • Step #5 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #6 Run ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista / 7 users: You will need to to right-click on the either the Internet Explorer or Firefox icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
    • Please go here then click on: EOLS1.gif.pagespeed.ce.drf6rgtaCz.gif

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

    • Select the option YES, I accept the Terms of Use then click on:EOLS2.gif.pagespeed.ce.lNUTYf4hmK.gif
    • When prompted allow the Add-On/Active X to install.
    • Uncheck the box beside Remove Found Threats
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:EOLS3.gif.pagespeed.ce.KadG-KgShM.gif
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    When The Scan is Complete:
    • If No Threats Were Found:
      • Put a checkmark in "Uninstall application on close"
      • Close the program
      • Report to me that nothing was found
    • If Threats Were Found:
      • Click on "list of threats found"
      • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
      • Click on Back
      • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
      • Click on Finish
      • Close the program
      • Copy and paste the report here
    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 
  • Required Log(s):
    • Malwarebytes' Anti-Malware Log;
    • ESET Scan Log
Regards,
Valinorum
  • 0

#14
pcnoob

pcnoob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts

heres Malwarebytes scan. The othere scans coming in posts below this,

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/14/2014
Scan Time: 11:03:50 AM
Logfile: scan log.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.14.06
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: jaclyn
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 247953
Time Elapsed: 13 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#15
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Okay. Post the ESET log when done. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP