OTL logfile created on: 10/23/2013 3:36:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\antimalware\win
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.80 Gb Total Physical Memory | 6.14 Gb Available Physical Memory | 78.70% Memory free
15.60 Gb Paging File | 13.57 Gb Available in Paging File | 86.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.22 Gb Total Space | 785.28 Gb Free Space | 84.33% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 1081.18 Gb Free Space | 77.38% Space Free | Partition Type: NTFS
Drive G: | 3.84 Gb Total Space | 2.10 Gb Free Space | 54.83% Space Free | Partition Type: FAT32
Computer Name: PARKTEVERN-PC | User Name: Terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/10/08 20:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/10/01 08:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/10/01 08:14:39 | 012,631,904 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/10/01 08:05:43 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
PRC - [2013/08/16 00:37:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\antimalware\win\OTL.exe
PRC - [2013/06/04 21:32:30 | 000,559,072 | ---- | M] (Panda Security International) -- C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe
PRC - [2013/05/30 15:48:46 | 001,253,912 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/13 06:26:52 | 003,845,464 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
PRC - [2013/03/13 06:26:52 | 001,319,768 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
PRC - [2013/03/13 06:26:50 | 002,511,192 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
PRC - [2013/03/13 06:26:46 | 002,613,080 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
PRC - [2013/02/05 16:18:22 | 001,065,480 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2013/01/08 18:32:22 | 000,436,040 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2012/12/14 17:18:50 | 001,481,200 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
PRC - [2012/12/14 15:26:06 | 000,887,352 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2012/12/14 15:24:56 | 000,383,544 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2012/12/12 14:37:10 | 000,054,320 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2012/09/23 20:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2012/09/20 22:56:34 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe
PRC - [2012/09/20 22:56:32 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe
PRC - [2012/09/20 22:32:42 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/10 03:30:36 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/08 20:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/08 20:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/08 20:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/08 20:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/08 20:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/08/15 09:13:37 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 09:13:20 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 03:26:34 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/09/06 18:52:46 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/05 16:05:34 | 007,564,808 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2011/11/09 17:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/01 08:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/10 14:46:55 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/27 09:41:39 | 000,117,656 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/15 10:10:08 | 001,643,184 | ---- | M] (AVG Secure Search) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
SRV - [2013/06/04 21:32:30 | 000,559,072 | ---- | M] (Panda Security International) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe -- (WAHost)
SRV - [2013/06/04 14:25:50 | 000,329,216 | R--- | M] (Sage Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Sage\Peachtree\SmartPostingService2014.exe -- (Sage 50 SmartPosting 2014)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/13 06:26:52 | 001,319,768 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2013/02/06 05:58:26 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Users\Terry\AppData\Local\Temp\7zS7E16\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2013/01/08 18:32:22 | 000,436,040 | ---- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2012/09/20 22:56:34 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe -- (PSUAService)
SRV - [2012/09/20 22:32:42 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe -- (NanoServiceMain)
SRV - [2012/01/20 08:11:18 | 002,594,584 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/20 08:11:14 | 000,325,912 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/08/16 00:41:08 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/08/15 20:18:38 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2013/08/15 10:10:08 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/03/13 06:15:48 | 000,034,048 | ---- | M] (Citrix Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\monblanking.sys -- (monblanking)
DRV:64bit: - [2013/01/29 18:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/12/05 16:23:34 | 000,098,888 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2012/11/26 18:05:24 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/10/22 20:30:04 | 000,266,752 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PaniniUSB.sys -- (PaniniUSB)
DRV:64bit: - [2012/09/27 18:07:08 | 000,105,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNStlsc.sys -- (NNSTLSC)
DRV:64bit: - [2012/09/20 22:37:12 | 000,134,184 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2012/09/20 22:36:36 | 000,205,352 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2012/09/20 22:36:36 | 000,168,488 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2012/09/20 22:36:36 | 000,124,456 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2012/09/20 22:36:36 | 000,120,872 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2012/09/18 19:13:00 | 000,290,344 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSStrm.sys -- (NNSSTRM)
DRV:64bit: - [2012/09/18 19:12:58 | 000,397,864 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSProt.sys -- (NNSPROT)
DRV:64bit: - [2012/09/18 19:12:58 | 000,150,568 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPrv.sys -- (NNSPRV)
DRV:64bit: - [2012/09/18 19:12:58 | 000,139,304 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPop3.sys -- (NNSPOP3)
DRV:64bit: - [2012/09/18 19:12:58 | 000,135,208 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV:64bit: - [2012/09/18 19:12:56 | 000,154,152 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSIds.sys -- (NNSIDS)
DRV:64bit: - [2012/09/18 19:12:56 | 000,136,232 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSHttp.sys -- (NNSHTTP)
DRV:64bit: - [2012/09/18 19:12:56 | 000,134,696 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSpicc.sys -- (NNSPICC)
DRV:64bit: - [2012/09/18 19:12:56 | 000,083,496 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV:64bit: - [2012/09/18 19:12:54 | 000,127,016 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSAlpc.sys -- (NNSALPC)
DRV:64bit: - [2012/09/11 15:42:44 | 000,105,776 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\dvctprov.sys -- (dvctprov)
DRV:64bit: - [2012/09/11 15:42:20 | 000,050,656 | ---- | M] (Panda Security, S.L.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PSINDvct.sys -- (PSINDvct)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/16 12:56:52 | 000,033,320 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV:64bit: - [2012/03/15 20:57:28 | 000,514,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/02 02:43:00 | 000,509,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/06 04:23:10 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/09 16:27:18 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2011/10/25 09:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/10/25 09:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:05:04 | 000,057,928 | ---- | M] (Panda Security) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/11/16 07:45:24 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:64bit: - [2009/11/16 07:45:20 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/10/22 20:30:04 | 000,266,752 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\PaniniUSB.sys -- (PaniniUSB)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://chaseonline....ure/LogOff.aspx
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: tidynetwork%40tidynetwork:5.0
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.5.0.2
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:3.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/29 14:49:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.5.0.2 [2013/08/15 10:11:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/10 11:22:26 | 000,000,000 | ---D | M]
[2013/05/02 09:42:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions
[2013/10/23 13:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\extensions
[2013/10/23 12:15:32 | 000,000,000 | ---D | M] ("Plus-HD-1.6") -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com
[2013/06/24 09:43:05 | 000,000,000 | ---D | M] (Tidy Network) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\extensions\tidynetwork@tidynetwork
[2013/10/23 12:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData
[2013/10/23 12:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins
[2013/10/23 12:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\userCode
[2013/06/24 09:42:49 | 000,195,976 | ---- | M] () (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/07/01 10:39:32 | 000,001,793 | ---- | M] () -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\searchplugins\Bing.xml
[2013/06/24 09:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/24 09:43:01 | 000,000,000 | ---D | M] (Unit Layers) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/08/27 09:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/27 09:41:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/29 14:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013/08/15 10:11:18 | 000,000,000 | ---D | M] (AVG SafeGuard toolbar) -- C:\PROGRAMDATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\15.5.0.2
File not found (No name found) -- C:\USERS\TERRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K690H04N.DEFAULT\EXTENSIONS\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
[2013/08/08 13:47:04 | 000,000,644 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2013/08/15 10:11:18 | 000,003,697 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://google.com/
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla\6_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\crossrider
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkgoipeflibinmadcecedifdonakgalk\2.2_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.5.0.2_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogokenmicnjdfhmhocanoemnddmpcjjm\1.1.5_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogokenmicnjdfhmhocanoemnddmpcjjm\2.0.2_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogokenmicnjdfhmhocanoemnddmpcjjm\2.0.4_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Plus-HD-1.6) - {11111111-1111-1111-1111-110311201102} - C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll File not found
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found.
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: chase.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: chase.com ([chaseonline] https in Trusted sites)
O15 - HKCU\..Trusted Domains: chase.com ([payments] https in Trusted sites)
O15 - HKCU\..Trusted Domains: chase.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sharepoint.com ([parktavern2012] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sharepoint.com ([parktavern2012-admin] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sharepoint.com ([parktavern2012-my] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.5.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1B14B96-5B3B-4218-8EB7-E460B4A4805C}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (c:\progra~2\citrix\icacli~1\rshook.dll) - c:\Program Files (x86)\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/11 02:34:24 | 000,000,162 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/23 12:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/10/23 12:16:06 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\Programs
[2013/10/23 12:15:43 | 010,201,544 | ---- | C] (SurfRight B.V.) -- C:\Users\Terry\Desktop\HitmanPro_x64.exe
[2013/10/23 12:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/10/23 12:13:44 | 000,000,000 | ---D | C] -- C:\SpybotPortable
[2013/10/23 12:05:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/10/18 17:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/10/18 17:01:20 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\TeamViewer
[2013/10/18 16:58:12 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Oracle
[2013/10/18 16:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/18 16:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/18 16:57:13 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/18 16:57:10 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/18 16:57:10 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/18 16:57:10 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/18 16:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/10 03:29:40 | 000,057,928 | ---- | C] (Panda Security) -- C:\Windows\SysNative\drivers\PSKMAD.sys
[2013/10/09 18:48:37 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\ICAClient
[2013/10/09 18:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2013/10/09 18:48:21 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\Citrix
[2013/10/09 18:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Citrix
[2013/10/09 14:12:22 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/09 14:12:19 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/09 14:12:19 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/09 14:12:19 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/09 14:12:19 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/09 14:12:19 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/09 14:12:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/09 14:12:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/09 14:12:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/09 14:12:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/09 14:12:17 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/09 14:12:16 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/09 14:12:14 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/09 14:12:14 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/09 14:12:14 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/10/09 14:12:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/09 14:12:13 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/10/09 14:12:13 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/10/09 14:12:13 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/10/09 14:12:07 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/09 14:12:06 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/09 14:12:06 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/09 14:12:06 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/09 14:12:06 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/09 14:12:06 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/09 14:12:06 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/09 14:12:06 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/09 14:12:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/09 14:12:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/09 14:12:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/09 14:12:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/09 14:12:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/09 14:12:02 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 14:12:02 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 14:12:01 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/09 14:12:00 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/09 14:12:00 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/08 09:39:50 | 000,000,000 | R--D | C] -- C:\Users\Terry\Documents\HP Photo Creations
[2013/10/08 09:39:50 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Visan
[2013/10/08 09:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2013/10/08 09:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2013/10/08 09:39:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2013/10/07 15:34:16 | 000,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Airport Area Chamber of Commerce Payment receipt_files
[2013/09/24 04:05:55 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/24 04:05:55 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/24 04:05:55 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/09/17 15:11:48 | 012,556,224 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Terry\gosetup.exe
========== Files - Modified Within 30 Days ==========
[2013/10/23 15:40:25 | 000,780,690 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/23 15:40:25 | 000,661,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/23 15:40:25 | 000,121,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/23 15:36:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013/10/23 15:35:52 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/23 15:35:43 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
[2013/10/23 15:34:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/23 15:34:27 | 1988,087,807 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/23 14:55:54 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/23 14:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/23 13:33:28 | 000,032,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/23 13:33:28 | 000,032,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/23 12:16:34 | 010,201,544 | ---- | M] (SurfRight B.V.) -- C:\Users\Terry\Desktop\HitmanPro_x64.exe
[2013/10/23 12:07:53 | 000,007,602 | ---- | M] () -- C:\Users\Terry\AppData\Local\resmon.resmoncfg
[2013/10/23 12:04:32 | 000,087,462 | ---- | M] () -- C:\Users\Terry\Documents\cc_20131023_120429.reg
[2013/10/22 10:51:32 | 000,061,193 | ---- | M] () -- C:\Users\Terry\Documents\Santa Tom and Mrs. Terry Claus.png
[2013/10/22 10:38:38 | 000,188,419 | ---- | M] () -- C:\Users\Terry\Desktop\High Res Santa Closeup with Sack482.tif
[2013/10/22 10:28:05 | 000,506,442 | ---- | M] () -- C:\Users\Terry\Desktop\SWEET_TEA_RIDER.pdf
[2013/10/22 10:27:10 | 000,139,674 | ---- | M] () -- C:\Users\Terry\Desktop\ED ROLAND & THE SWEET TEA PROJECT - Nov 02 2013 - Private Residence _ Michael Robison - Atlanta, GA - Contract.pdf
[2013/10/21 15:18:38 | 000,039,734 | ---- | M] () -- C:\Users\Terry\Documents\Scan0005.rtf
[2013/10/18 17:09:07 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Office Protection Distribution Tool.lnk
[2013/10/18 15:30:11 | 000,030,167 | ---- | M] () -- C:\Users\Terry\Documents\Scan0004.rtf
[2013/10/18 13:21:56 | 002,509,707 | ---- | M] () -- C:\Users\Terry\Documents\Scan0222.pdf
[2013/10/18 10:35:53 | 002,063,806 | ---- | M] () -- C:\Users\Terry\Desktop\Piedmont Room Sconce.JPG
[2013/10/16 17:41:36 | 000,299,449 | ---- | M] () -- C:\Users\Terry\Desktop\Chick-fil-A Receipt from Oct 14, 2013.pdf
[2013/10/16 17:41:03 | 000,295,092 | ---- | M] () -- C:\Users\Terry\Documents\Scan0221.pdf
[2013/10/16 16:50:16 | 000,184,228 | ---- | M] () -- C:\Users\Terry\Desktop\Receipts for Rachel Paccione from Oct 9, 2013.pdf
[2013/10/16 16:48:24 | 000,220,559 | ---- | M] () -- C:\Users\Terry\Documents\Scan0019.jpg
[2013/10/16 12:22:56 | 002,560,946 | ---- | M] () -- C:\Users\Terry\Documents\Scan0220.pdf
[2013/10/15 12:52:53 | 000,542,425 | ---- | M] () -- C:\Users\Terry\Documents\Scan0219.pdf
[2013/10/15 11:14:29 | 000,577,319 | ---- | M] () -- C:\Users\Terry\Desktop\Wynalda CC Auth Oct 15, 2013.pdf
[2013/10/15 11:13:44 | 000,573,001 | ---- | M] () -- C:\Users\Terry\Documents\Scan0218.pdf
[2013/10/15 09:35:01 | 000,011,370 | ---- | M] () -- C:\Users\Terry\Desktop\Home Depot Gate.pdf
[2013/10/14 10:35:43 | 000,108,034 | ---- | M] () -- C:\Users\Terry\Desktop\Santa Tom and Mrs. Terry Claus.png
[2013/10/14 09:38:20 | 000,004,891 | ---- | M] () -- C:\Users\Terry\Desktop\Boy George Oct 12, 2013-a.jpg
[2013/10/14 09:29:48 | 000,005,870 | ---- | M] () -- C:\Users\Terry\Desktop\Boy George Oct 12, 2013.jpg
[2013/10/11 16:59:04 | 000,435,208 | ---- | M] () -- C:\Users\Terry\Documents\Scan0217.pdf
[2013/10/11 14:13:43 | 000,261,063 | ---- | M] () -- C:\Users\Terry\Documents\Scan0216.pdf
[2013/10/11 10:22:28 | 000,340,278 | ---- | M] () -- C:\Users\Terry\Desktop\WC Dec Page.pdf
[2013/10/11 10:22:06 | 000,335,921 | ---- | M] () -- C:\Users\Terry\Documents\Scan0215.pdf
[2013/10/10 16:27:58 | 000,000,000 | ---- | M] () -- C:\Users\Terry\Documents\4662f55f-be48-4b67-8649-81b87ce9d68b
[2013/10/10 15:14:07 | 000,719,301 | ---- | M] () -- C:\Users\Terry\Documents\Scan0018.jpg
[2013/10/10 03:26:38 | 000,497,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 03:06:41 | 000,774,414 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 16:12:48 | 000,144,548 | ---- | M] () -- C:\Users\Terry\Documents\Scan0017.jpg
[2013/10/09 15:30:58 | 000,509,612 | ---- | M] () -- C:\Users\Terry\Documents\Scan0016.jpg
[2013/10/09 11:06:45 | 000,188,600 | ---- | M] () -- C:\Users\Terry\Documents\Scan0214.pdf
[2013/10/09 09:24:54 | 000,232,421 | ---- | M] () -- C:\Users\Terry\Documents\Scan0213.pdf
[2013/10/08 12:10:20 | 001,215,908 | ---- | M] () -- C:\Users\Terry\Documents\Scan0212.pdf
[2013/10/08 11:30:41 | 000,364,627 | ---- | M] () -- C:\Users\Terry\Documents\Scan0015.jpg
[2013/10/08 09:51:31 | 000,408,834 | ---- | M] () -- C:\Users\Terry\Documents\Scan0211.pdf
[2013/10/08 09:39:37 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/10/08 07:50:37 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/08 07:46:52 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/08 07:46:47 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/08 07:46:23 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/07 15:34:16 | 000,004,469 | ---- | M] () -- C:\Users\Terry\Desktop\Airport Area Chamber of Commerce Payment receipt.htm
[2013/10/07 13:35:26 | 000,533,836 | ---- | M] () -- C:\Users\Terry\Documents\Scan0210.pdf
[2013/10/07 10:06:33 | 008,909,700 | ---- | M] () -- C:\Users\Terry\Documents\Scan0209.pdf
[2013/09/27 19:00:58 | 001,390,367 | ---- | M] () -- C:\Users\Terry\Documents\Scan0208.pdf
[2013/09/27 18:35:04 | 000,611,905 | ---- | M] () -- C:\Users\Terry\Documents\Scan0207.pdf
[2013/09/27 18:33:19 | 000,670,541 | ---- | M] () -- C:\Users\Terry\Documents\Scan0206.pdf
[2013/09/27 18:31:31 | 000,657,621 | ---- | M] () -- C:\Users\Terry\Documents\Scan0205.pdf
[2013/09/27 17:03:29 | 000,307,214 | ---- | M] () -- C:\Users\Terry\Documents\Scan0204.pdf
[2013/09/27 15:46:05 | 001,940,399 | ---- | M] () -- C:\Users\Terry\Documents\Scan0203.pdf
[2013/09/27 15:08:59 | 001,924,856 | ---- | M] () -- C:\Users\Terry\Documents\Scan0202.pdf
[2013/09/26 14:10:29 | 002,783,562 | ---- | M] () -- C:\Users\Terry\Documents\Scan0201.pdf
[2013/09/24 16:48:30 | 000,262,237 | ---- | M] () -- C:\Users\Terry\Documents\Scan0200.pdf
[2013/09/24 16:42:46 | 011,735,017 | ---- | M] () -- C:\Users\Terry\Documents\Scan0199.pdf
[2013/09/24 16:21:08 | 001,320,314 | ---- | M] () -- C:\Users\Terry\Documents\Scan0198.pdf
[2013/09/24 16:14:12 | 000,080,810 | ---- | M] () -- C:\Users\Terry\Documents\Scan0197.pdf
[2013/09/24 14:44:51 | 001,376,620 | ---- | M] () -- C:\Users\Terry\Documents\Scan0196.pdf
[2013/09/24 12:19:34 | 000,332,749 | ---- | M] () -- C:\Users\Terry\Documents\Scan0195.pdf
[2013/09/24 05:23:15 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/09/24 05:21:24 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/09/24 05:21:22 | 000,735,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/24 05:20:50 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/24 04:58:14 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/09/24 04:56:26 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/09/24 04:55:51 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/23 17:44:55 | 000,634,181 | ---- | M] () -- C:\Users\Terry\Documents\Scan0194.pdf
[2013/09/23 17:43:08 | 000,621,362 | ---- | M] () -- C:\Users\Terry\Documents\Scan0193.pdf
========== Files Created - No Company Name ==========
[2013/10/23 12:04:31 | 000,087,462 | ---- | C] () -- C:\Users\Terry\Documents\cc_20131023_120429.reg
[2013/10/22 10:38:36 | 000,188,419 | ---- | C] () -- C:\Users\Terry\Desktop\High Res Santa Closeup with Sack482.tif
[2013/10/22 10:28:05 | 000,506,442 | ---- | C] () -- C:\Users\Terry\Desktop\SWEET_TEA_RIDER.pdf
[2013/10/22 10:27:10 | 000,139,674 | ---- | C] () -- C:\Users\Terry\Desktop\ED ROLAND & THE SWEET TEA PROJECT - Nov 02 2013 - Private Residence _ Michael Robison - Atlanta, GA - Contract.pdf
[2013/10/21 15:18:38 | 000,039,734 | ---- | C] () -- C:\Users\Terry\Documents\Scan0005.rtf
[2013/10/21 09:48:42 | 000,061,193 | ---- | C] () -- C:\Users\Terry\Documents\Santa Tom and Mrs. Terry Claus.png
[2013/10/18 17:09:07 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Office Protection Distribution Tool.lnk
[2013/10/18 15:30:11 | 000,030,167 | ---- | C] () -- C:\Users\Terry\Documents\Scan0004.rtf
[2013/10/18 13:21:55 | 002,509,707 | ---- | C] () -- C:\Users\Terry\Documents\Scan0222.pdf
[2013/10/18 10:35:53 | 002,063,806 | ---- | C] () -- C:\Users\Terry\Desktop\Piedmont Room Sconce.JPG
[2013/10/16 17:41:36 | 000,299,449 | ---- | C] () -- C:\Users\Terry\Desktop\Chick-fil-A Receipt from Oct 14, 2013.pdf
[2013/10/16 17:41:03 | 000,295,092 | ---- | C] () -- C:\Users\Terry\Documents\Scan0221.pdf
[2013/10/16 16:50:11 | 000,184,228 | ---- | C] () -- C:\Users\Terry\Desktop\Receipts for Rachel Paccione from Oct 9, 2013.pdf
[2013/10/16 16:48:24 | 000,220,559 | ---- | C] () -- C:\Users\Terry\Documents\Scan0019.jpg
[2013/10/16 12:22:54 | 002,560,946 | ---- | C] () -- C:\Users\Terry\Documents\Scan0220.pdf
[2013/10/15 12:52:53 | 000,542,425 | ---- | C] () -- C:\Users\Terry\Documents\Scan0219.pdf
[2013/10/15 11:14:29 | 000,577,319 | ---- | C] () -- C:\Users\Terry\Desktop\Wynalda CC Auth Oct 15, 2013.pdf
[2013/10/15 11:13:43 | 000,573,001 | ---- | C] () -- C:\Users\Terry\Documents\Scan0218.pdf
[2013/10/15 09:35:01 | 000,011,370 | ---- | C] () -- C:\Users\Terry\Desktop\Home Depot Gate.pdf
[2013/10/14 10:35:43 | 000,108,034 | ---- | C] () -- C:\Users\Terry\Desktop\Santa Tom and Mrs. Terry Claus.png
[2013/10/14 09:38:20 | 000,004,891 | ---- | C] () -- C:\Users\Terry\Desktop\Boy George Oct 12, 2013-a.jpg
[2013/10/14 09:29:48 | 000,005,870 | ---- | C] () -- C:\Users\Terry\Desktop\Boy George Oct 12, 2013.jpg
[2013/10/11 16:59:04 | 000,435,208 | ---- | C] () -- C:\Users\Terry\Documents\Scan0217.pdf
[2013/10/11 14:13:43 | 000,261,063 | ---- | C] () -- C:\Users\Terry\Documents\Scan0216.pdf
[2013/10/11 10:22:28 | 000,340,278 | ---- | C] () -- C:\Users\Terry\Desktop\WC Dec Page.pdf
[2013/10/11 10:22:06 | 000,335,921 | ---- | C] () -- C:\Users\Terry\Documents\Scan0215.pdf
[2013/10/10 15:14:07 | 000,719,301 | ---- | C] () -- C:\Users\Terry\Documents\Scan0018.jpg
[2013/10/09 18:48:47 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
[2013/10/09 16:12:48 | 000,144,548 | ---- | C] () -- C:\Users\Terry\Documents\Scan0017.jpg
[2013/10/09 15:30:57 | 000,509,612 | ---- | C] () -- C:\Users\Terry\Documents\Scan0016.jpg
[2013/10/09 11:06:45 | 000,188,600 | ---- | C] () -- C:\Users\Terry\Documents\Scan0214.pdf
[2013/10/09 09:24:54 | 000,232,421 | ---- | C] () -- C:\Users\Terry\Documents\Scan0213.pdf
[2013/10/08 12:10:19 | 001,215,908 | ---- | C] () -- C:\Users\Terry\Documents\Scan0212.pdf
[2013/10/08 11:30:41 | 000,364,627 | ---- | C] () -- C:\Users\Terry\Documents\Scan0015.jpg
[2013/10/08 09:51:31 | 000,408,834 | ---- | C] () -- C:\Users\Terry\Documents\Scan0211.pdf
[2013/10/08 09:39:37 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/10/08 09:39:36 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013/10/07 15:34:16 | 000,004,469 | ---- | C] () -- C:\Users\Terry\Desktop\Airport Area Chamber of Commerce Payment receipt.htm
[2013/10/07 13:35:26 | 000,533,836 | ---- | C] () -- C:\Users\Terry\Documents\Scan0210.pdf
[2013/10/07 10:06:29 | 008,909,700 | ---- | C] () -- C:\Users\Terry\Documents\Scan0209.pdf
[2013/09/27 19:00:57 | 001,390,367 | ---- | C] () -- C:\Users\Terry\Documents\Scan0208.pdf
[2013/09/27 18:35:04 | 000,611,905 | ---- | C] () -- C:\Users\Terry\Documents\Scan0207.pdf
[2013/09/27 18:33:19 | 000,670,541 | ---- | C] () -- C:\Users\Terry\Documents\Scan0206.pdf
[2013/09/27 18:31:31 | 000,657,621 | ---- | C] () -- C:\Users\Terry\Documents\Scan0205.pdf
[2013/09/27 17:03:29 | 000,307,214 | ---- | C] () -- C:\Users\Terry\Documents\Scan0204.pdf
[2013/09/27 15:46:04 | 001,940,399 | ---- | C] () -- C:\Users\Terry\Documents\Scan0203.pdf
[2013/09/27 15:08:58 | 001,924,856 | ---- | C] () -- C:\Users\Terry\Documents\Scan0202.pdf
[2013/09/26 14:10:28 | 002,783,562 | ---- | C] () -- C:\Users\Terry\Documents\Scan0201.pdf
[2013/09/24 16:48:29 | 000,262,237 | ---- | C] () -- C:\Users\Terry\Documents\Scan0200.pdf
[2013/09/24 16:42:39 | 011,735,017 | ---- | C] () -- C:\Users\Terry\Documents\Scan0199.pdf
[2013/09/24 16:21:07 | 001,320,314 | ---- | C] () -- C:\Users\Terry\Documents\Scan0198.pdf
[2013/09/24 16:14:12 | 000,080,810 | ---- | C] () -- C:\Users\Terry\Documents\Scan0197.pdf
[2013/09/24 14:44:50 | 001,376,620 | ---- | C] () -- C:\Users\Terry\Documents\Scan0196.pdf
[2013/09/24 12:19:33 | 000,332,749 | ---- | C] () -- C:\Users\Terry\Documents\Scan0195.pdf
[2013/09/23 17:44:55 | 000,634,181 | ---- | C] () -- C:\Users\Terry\Documents\Scan0194.pdf
[2013/09/23 17:43:08 | 000,621,362 | ---- | C] () -- C:\Users\Terry\Documents\Scan0193.pdf
[2013/08/22 10:04:46 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\PaniniULD.dll
[2013/08/15 23:40:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2013/08/15 12:40:05 | 000,007,602 | ---- | C] () -- C:\Users\Terry\AppData\Local\resmon.resmoncfg
[2013/06/17 10:48:14 | 000,000,005 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\WBPU-TTL.DAT
[2013/04/23 12:32:04 | 000,774,414 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/23 11:53:24 | 000,000,064 | ---- | C] () -- C:\Windows\AdminIE.ini
[2013/04/23 10:14:46 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/04/22 16:04:59 | 000,000,519 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/06/20 20:49:10 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/06/20 17:14:03 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2012/03/19 16:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/17 10:27:56 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/17 10:27:56 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/01/10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/04/04 17:03:34 | 000,060,304 | ---- | C] () -- C:\Users\Terry\g2mdlhlpx.exe
[2011/04/01 14:26:34 | 000,103,784 | ---- | C] () -- C:\Users\Terry\GoToAssistDownloadHelper.exe
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >