Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PC To A Grinding Hault - Malware! [Solved]

Started by RSFlorida , Aug 25 2014 10:57 AM

  • This topic is locked This topic is locked

#1
RSFlorida
Posted 25 August 2014 - 10:57 AM

RSFlorida

    Member

  • Member
  • PipPip
  • 37 posts

My machine started to act unusually odd: the screen wouldn't come on yet the machine was running, IE was extremely slow, Outlook was slow and overall the machine was sluggish as if it was going to die.  I ran MBAM and it flag quite a few of PUP.optional.FrostwireTB.A from various machine locations.  I quarantined them and the machine is running better but still not it's former self.

 

Here is the OTL log:

 

 

OTL logfile created on: 8/25/2014 12:31:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sean Strickling\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.95 Gb Total Physical Memory | 2.81 Gb Available Physical Memory | 35.31% Memory free
15.90 Gb Paging File | 9.97 Gb Available in Paging File | 62.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 677.92 Gb Total Space | 540.61 Gb Free Space | 79.75% Space Free | Partition Type: NTFS
Drive D: | 20.42 Gb Total Space | 2.20 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
 
Computer Name: SEAN-PC | User Name: Sean Strickling | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/25 12:30:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sean Strickling\Downloads\OTL.exe
PRC - [2014/08/18 16:35:02 | 000,021,520 | ---- | M] (SmartVault Corporation) -- C:\Program Files (x86)\SmartVault\SVault.Client.Importer.exe
PRC - [2014/08/18 16:33:27 | 000,054,704 | ---- | M] (SmartVault Corporation) -- C:\Program Files (x86)\SmartVault\SVault.exe
PRC - [2014/08/05 13:21:39 | 001,457,552 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AcroRd32.exe
PRC - [2014/07/28 16:10:30 | 000,740,360 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/07/10 19:23:28 | 002,640,152 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/07/10 19:23:28 | 001,886,488 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/07/02 05:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/06/30 15:21:24 | 000,387,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
PRC - [2014/06/06 11:27:16 | 000,064,384 | ---- | M] (Google) -- C:\Users\Sean Strickling\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/05/21 11:34:38 | 000,049,464 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/05/08 09:49:02 | 003,499,896 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2014/03/04 12:33:34 | 000,430,888 | ---- | M] () -- C:\Program Files (x86)\Quicken\qw.exe
PRC - [2014/02/12 13:16:20 | 000,118,056 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/05 22:33:44 | 003,216,272 | ---- | M] (ThreatTrack Security, Inc.) -- C:\Program Files (x86)\VIPRE\SBAMTray.exe
PRC - [2013/09/05 22:32:46 | 003,937,472 | ---- | M] (ThreatTrack Security, Inc.) -- C:\Program Files (x86)\VIPRE\SBAMSvc.exe
PRC - [2013/09/05 22:32:42 | 000,176,016 | ---- | M] (ThreatTrack Security, Inc.) -- C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
PRC - [2013/08/19 18:07:36 | 001,344,312 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2013/03/31 14:57:08 | 001,646,216 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2013/03/11 18:33:22 | 001,185,096 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
PRC - [2013/03/11 17:03:22 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/09/19 22:10:10 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012/09/19 22:10:06 | 001,157,056 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012/09/19 22:03:58 | 005,236,664 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012/09/19 22:02:48 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012/09/03 23:18:02 | 000,078,352 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
PRC - [2012/08/18 18:55:30 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2012/08/18 18:53:54 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe
PRC - [2012/08/18 18:45:50 | 000,705,824 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
PRC - [2012/07/13 16:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/06/13 16:53:48 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/05/15 16:39:54 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\SpiderOak\windows_dir_watcher.exe
PRC - [2012/05/15 16:39:52 | 000,053,248 | ---- | M] (SpiderOak) -- C:\Program Files (x86)\SpiderOak\SpiderOak.exe
PRC - [2012/04/04 22:24:10 | 000,864,256 | ---- | M] (EFT Management) -- C:\Program Files (x86)\PromptCheckOnline\PCOnline.exe
PRC - [2012/03/23 13:50:16 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\prevhost.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/10/18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/10/18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/10/18 11:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/10/05 13:11:02 | 000,037,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Proximity Sensor\HPPRXSVC.exe
PRC - [2011/10/04 11:11:40 | 001,081,344 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
PRC - [2011/09/06 14:48:34 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
PRC - [2011/09/06 14:48:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
PRC - [2011/08/24 00:42:08 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/08/19 17:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/06 23:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
PRC - [2011/04/14 22:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/19 12:36:30 | 000,077,824 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
PRC - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/20 23:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/09/30 06:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2009/09/30 10:07:34 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/18 16:35:30 | 000,450,576 | ---- | M] () -- C:\Program Files (x86)\SmartVault\Trackerbird.Tracker.dll
MOD - [2014/08/18 16:35:25 | 000,600,592 | ---- | M] () -- C:\Program Files (x86)\SmartVault\SVault.Client.Toolbar.UI.Hook.dll
MOD - [2014/08/18 16:35:06 | 000,326,160 | ---- | M] () -- C:\Program Files (x86)\SmartVault\Google.ProtocolBuffers.dll
MOD - [2014/08/18 16:35:05 | 000,088,592 | ---- | M] () -- C:\Program Files (x86)\SmartVault\AxInterop.GdViewerPro4.dll
MOD - [2014/08/16 04:40:29 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\245d6862e0c39770654fcf69699fc0a8\Microsoft.VisualBasic.ni.dll
MOD - [2014/08/16 04:38:19 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\39d333d05320d912a94364f525776dd5\System.Management.ni.dll
MOD - [2014/08/16 04:28:46 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f4319843c935b69ebb7e338bfddbad54\System.ServiceProcess.ni.dll
MOD - [2014/08/16 04:28:35 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f11fcbd60483807eefa81820c92b37db\System.Web.Services.ni.dll
MOD - [2014/08/16 04:28:32 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\40d52224797a152552eee1f8433403e4\System.Web.ni.dll
MOD - [2014/08/16 04:28:25 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8890ba3c84a4579cec05af2d9954902f\System.EnterpriseServices.ni.dll
MOD - [2014/08/16 04:28:22 | 006,638,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7c7f587e2c1d8e92243e37f4638bfeef\System.Data.ni.dll
MOD - [2014/08/16 04:27:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\434e3a5de2f98ed740aac2b24c6d0890\System.Windows.Forms.ni.dll
MOD - [2014/08/16 04:27:48 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bce52f0521c930a2e305badb3ea07128\System.Drawing.ni.dll
MOD - [2014/08/16 04:27:44 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\ec7140de731a291e741f3569063e3438\Accessibility.ni.dll
MOD - [2014/08/16 04:27:43 | 000,688,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\fd159320528be15f7b20edd4603b9ee3\System.Security.ni.dll
MOD - [2014/08/16 04:27:40 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\abca6deea510151b5d8e51bdabd17bea\System.Xml.ni.dll
MOD - [2014/08/16 04:27:36 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce5e2af0775efc3c91ba62d5d26fb39\System.Configuration.ni.dll
MOD - [2014/08/16 04:27:19 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ee90c95adb50b0e75b814fcb9d87f8e\System.ni.dll
MOD - [2014/08/16 04:27:11 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f8be9e33457f57805b4068f90099e428\mscorlib.ni.dll
MOD - [2014/08/16 03:25:24 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V5499e76b#\db46d4d547bcfdb8b69cc834e067be62\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
MOD - [2014/08/16 03:25:18 | 000,136,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V883708cb#\da59b1d7097b8c807003fd9d04a26896\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
MOD - [2014/08/16 03:25:17 | 000,477,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vf9a08577#\afe759ce0d91752802c8bc1aa3a4c008\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
MOD - [2014/08/16 03:25:11 | 000,046,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.O2eb0cc9a#\cef14155e1b90987dd2a0c226a7486d6\Microsoft.Office.Tools.v4.0.Framework.ni.dll
MOD - [2014/08/16 03:25:08 | 001,520,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Oe2e369ff#\c6b5feb2f9933e83aaaeafd711adca2b\Microsoft.Office.Tools.Excel.Implementation.ni.dll
MOD - [2014/08/16 03:25:06 | 000,726,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.O4161a3a3#\e69192e767539359b596650116f6c2e8\Microsoft.Office.Tools.Excel.ni.dll
MOD - [2014/08/16 03:25:05 | 000,876,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.O4a946565#\29f4b47f2d236f79a1bd99ccfbf1adc6\Microsoft.Office.Tools.Common.Implementation.ni.dll
MOD - [2014/08/16 03:25:03 | 000,350,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.O854200f9#\ff98d5dea3e74be3823a142ba15f3b26\Microsoft.Office.Tools.Common.ni.dll
MOD - [2014/08/16 03:25:02 | 000,023,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.O5949707a#\6f9fa5a7a561344c9445ad48f8bf4d12\Microsoft.Office.Tools.ni.dll
MOD - [2014/08/06 23:20:55 | 000,353,096 | ---- | M] () -- C:\Users\Sean Strickling\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/08/06 23:20:53 | 008,537,928 | ---- | M] () -- C:\Users\Sean Strickling\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll
MOD - [2014/08/06 23:20:46 | 001,732,936 | ---- | M] () -- C:\Users\Sean Strickling\AppData\Local\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/06/30 08:48:35 | 001,404,120 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2014/05/14 17:45:20 | 000,785,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\ee550c3d485d44c7fbeeafe12a3e318b\System.EnterpriseServices.ni.dll
MOD - [2014/05/14 17:45:20 | 000,250,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\ee550c3d485d44c7fbeeafe12a3e318b\System.EnterpriseServices.Wrapper.dll
MOD - [2014/05/14 17:45:19 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll
MOD - [2014/03/23 17:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2014/03/20 18:49:19 | 002,952,704 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/03/04 12:33:34 | 000,430,888 | ---- | M] () -- C:\Program Files (x86)\Quicken\qw.exe
MOD - [2014/02/12 19:20:07 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll
MOD - [2014/02/12 19:19:23 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014/02/12 19:19:20 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/02/12 19:19:05 | 013,901,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\e1a31634a43becfaae07ce060f2d215b\System.Data.Entity.ni.dll
MOD - [2014/02/12 19:19:05 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/02/12 19:18:44 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/12 19:18:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\0d3cb1df8b6af32cebdc6e2cc4948c69\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2014/02/12 19:18:43 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\c6ab75afe61e2065e65a2faa795abff9\PresentationFramework-SystemCore.ni.dll
MOD - [2014/02/12 19:18:43 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\af02d03484578dbc357d1df8d1b6fd01\PresentationFramework-SystemData.ni.dll
MOD - [2014/02/12 19:18:16 | 000,047,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SocialWatch62ba68af#\52e592b733d046690b5bead5ccfe1744\SocialWatch.Configuration.Facebook.ni.dll
MOD - [2014/02/12 19:18:11 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/12 19:18:11 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c94c36c9ae776de930f2aacb6dd51c38\UIAutomationProvider.ni.dll
MOD - [2014/02/12 19:18:10 | 000,091,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SocialWatcha4e6253f#\da943c9c7056e4528722bd56a2fd8b5f\SocialWatch.Authentication.Facebook.ni.dll
MOD - [2014/02/12 19:18:09 | 000,748,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\log4net\093cf1c56c083ff39515a3a49992050c\log4net.ni.dll
MOD - [2014/02/12 19:18:09 | 000,020,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Infrastructure\d00a3a05eccaa172761699a6c61e83d7\Infrastructure.ni.dll
MOD - [2014/02/12 19:18:08 | 000,481,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Facebook\5da3b49a34f2921d177da6bd2167375f\Facebook.ni.dll
MOD - [2014/02/12 19:18:08 | 000,019,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SocialWatch8579869f#\1721573f19e5aaf683cbfe64e1f105de\SocialWatch.Scanner.Serialization.ni.dll
MOD - [2014/02/12 19:18:07 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SocialWatch3fe684a7#\07949961cf2d259a637571048d3ccace\SocialWatch.Scanner.Interfaces.ni.dll
MOD - [2014/02/12 19:18:07 | 000,013,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SocialWatche3fb5e81#\12aac18b2b0ca8e80a29e5b84745a145\SocialWatch.Authentication.Interfaces.ni.dll
MOD - [2014/02/12 19:18:07 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SocialWatcha583c611#\578ab452c4e8577b859a83cf90512d39\SocialWatch.Configuration.Interfaces.ni.dll
MOD - [2014/02/12 19:18:07 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SocialWatchb96ca80f#\cd91ef9519349b8d7c6f3af47154604a\SocialWatch.Engine.Interfaces.ni.dll
MOD - [2014/02/12 19:18:06 | 000,192,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SocialWatchd4ea2be5#\bd9a4b35c569c7627e6cc3518521bfe3\SocialWatch.Scanner.Providers.Facebook.ni.dll
MOD - [2014/02/12 19:18:06 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SocialWatcha57243a5#\4b34698ae67a5e1484967edc12731db7\SocialWatch.Plugins.Facebook.ni.dll
MOD - [2014/02/12 18:00:53 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/12 18:00:46 | 013,620,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\921861ef36355e6f12a981a188f99b8a\System.Web.ni.dll
MOD - [2014/02/12 18:00:41 | 001,870,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b85a411ce82ba71cd3d77c8c13794f81\System.Web.Services.ni.dll
MOD - [2014/02/12 18:00:41 | 001,172,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data86569bbf#\42e4e0c2624e0f686d87fa4011455fac\System.Data.OracleClient.ni.dll
MOD - [2014/02/12 18:00:39 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014/02/12 18:00:38 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/12 18:00:38 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/12 18:00:37 | 000,660,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\2053b0e14f1e64a5c5d6d1c4d01485a2\System.Transactions.ni.dll
MOD - [2014/02/12 18:00:32 | 001,632,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\e8f04d39ea7c8991d91498f2867f2c25\Microsoft.CSharp.ni.dll
MOD - [2014/02/12 18:00:32 | 001,046,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\cc50d2e812a40e7932c04af96578de25\System.ComponentModel.Composition.ni.dll
MOD - [2014/02/12 18:00:30 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/12 18:00:30 | 000,394,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\9c792f26e959188b200cd732e1c1d583\System.Dynamic.ni.dll
MOD - [2014/02/12 18:00:29 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/12 18:00:29 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/12 18:00:28 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/02/12 18:00:26 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/12 18:00:26 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/12 18:00:25 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/12 18:00:24 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/12 18:00:24 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/12 18:00:22 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/12 18:00:22 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\fcffb45098807dbf4f96bb133936789a\System.Security.ni.dll
MOD - [2014/02/12 18:00:22 | 000,670,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c968d57#\0089476535b92fb3f56b96e9dff4609c\PresentationFramework.Luna.ni.dll
MOD - [2014/02/12 18:00:22 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 18:00:22 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatiod51afaa5#\edec2d7b3ecaabfc5c72d7615d884f79\PresentationFramework.Classic.ni.dll
MOD - [2014/02/12 18:00:21 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/12 18:00:15 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/12 18:00:15 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014/02/12 18:00:15 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\e7e7e3b82e91028e6ed05189f837ea13\Accessibility.ni.dll
MOD - [2014/02/10 13:44:24 | 004,592,128 | ---- | M] () -- C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll
MOD - [2014/02/10 13:44:24 | 000,112,128 | ---- | M] () -- C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll
MOD - [2013/12/21 02:04:26 | 003,989,888 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/03/11 18:34:42 | 000,112,968 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\Webification.DLL
MOD - [2013/03/11 18:34:36 | 000,445,768 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\SyncManagerUtils.dll
MOD - [2013/03/11 18:34:22 | 000,125,256 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\ReportBridge.DLL
MOD - [2013/03/11 18:34:12 | 000,141,128 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll
MOD - [2013/03/11 18:34:08 | 000,021,832 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.DLL
MOD - [2013/03/11 18:34:06 | 000,072,520 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QB2WPFBridge.dll
MOD - [2013/03/11 18:33:52 | 000,042,824 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll
MOD - [2013/03/11 18:33:48 | 000,096,072 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\IPDWidgetInterop.dll
MOD - [2013/03/11 18:33:48 | 000,085,832 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\IPDWidgetBridge.DLL
MOD - [2013/03/11 18:33:46 | 000,058,184 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\htmlhelper.dll
MOD - [2013/03/11 18:33:44 | 000,415,560 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll
MOD - [2013/03/11 18:33:42 | 000,542,536 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.DLL
MOD - [2013/03/11 18:33:30 | 000,176,968 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2013/03/11 18:33:28 | 000,529,224 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll
MOD - [2013/03/11 18:33:28 | 000,269,128 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
MOD - [2013/03/11 15:34:58 | 000,059,208 | ---- | M] () -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\ULIPUpdate.dll
MOD - [2013/02/14 15:46:50 | 001,044,048 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2012/10/24 14:38:22 | 000,677,144 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.QBFC7\7.0.0.134__31d8aec643e18259\Interop.QBFC7.dll
MOD - [2012/08/18 18:54:48 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll
MOD - [2012/05/15 16:39:54 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\SpiderOak\windows_dir_watcher.exe
MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011/09/06 14:48:34 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
MOD - [2011/08/31 08:41:12 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
MOD - [2011/03/16 15:30:58 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
MOD - [2010/08/24 16:56:50 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
MOD - [2008/11/12 15:32:30 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardPath.dll
MOD - [2003/03/26 18:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/07/25 09:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/06/01 18:06:45 | 010,571,056 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2014/04/18 17:45:37 | 001,471,792 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV:64bit: - [2014/04/08 22:27:18 | 000,020,232 | ---- | M] () [Auto | Running] -- C:\Program Files\Splunk\bin\splunkweb.exe -- (splunkweb)
SRV:64bit: - [2014/04/08 22:27:16 | 025,401,096 | ---- | M] (Splunk Inc.) [Auto | Running] -- C:\Program Files\Splunk\bin\splunkd.exe -- (Splunkd)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/26 05:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/02/26 05:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/02/26 05:07:32 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/02/26 05:07:26 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/01/17 16:12:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/01/09 12:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/09/29 15:50:12 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/08/16 04:32:40 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/05/27 14:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/08/21 00:10:10 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/28 16:12:40 | 000,156,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/07/10 19:23:28 | 001,886,488 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/07/02 05:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/05/21 11:34:38 | 000,049,464 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/22 05:25:15 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/02/12 13:16:20 | 000,118,056 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 22:32:46 | 003,937,472 | ---- | M] (ThreatTrack Security, Inc.) [Auto | Running] -- C:\Program Files (x86)\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2013/09/05 22:32:42 | 000,176,016 | ---- | M] (ThreatTrack Security, Inc.) [Auto | Running] -- C:\Program Files (x86)\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2013/03/11 17:03:22 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/19 22:10:10 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012/09/19 22:10:06 | 001,157,056 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012/09/19 22:02:48 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/09/03 23:18:00 | 000,245,264 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2012/08/18 18:55:30 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2012/08/18 18:55:02 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2012/08/18 18:53:54 | 000,679,936 | ---- | M] (Intuit, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe -- (QuickBooksDB23)
SRV - [2012/04/27 21:15:12 | 000,140,152 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\CLEARIFY\QQube Tool\SQL Anywhere 12\BIN64\dbsrv12.exe -- (SQLANYe_SQLAnywhere12_QQube)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/10/18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/10/18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/10/18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/10/05 13:11:02 | 000,037,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Proximity Sensor\HPPRXSVC.exe -- (HPPRXSVC)
SRV - [2011/09/06 14:48:32 | 000,093,696 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV - [2011/08/24 00:42:08 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/03/07 20:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/09/30 06:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/25 10:05:30 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/07/10 19:23:38 | 000,358,616 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2014/06/03 06:49:53 | 000,035,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2014/06/03 06:42:10 | 000,046,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DisplayLinkUsbIo_x64_7.6.55673.0.sys -- (DisplayLinkUsbIo_x64)
DRV:64bit: - [2014/06/01 18:10:01 | 000,434,992 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:64bit: - [2014/06/01 18:10:01 | 000,018,736 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/04/08 22:27:42 | 000,044,544 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\splunkdrv-win6.sys -- (splunkdrv-win6)
DRV:64bit: - [2014/04/08 22:27:42 | 000,019,968 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SplunkMonitorNoHandleDrv-vista.sys -- (SplunkMonitorNoHandle)
DRV:64bit: - [2014/04/08 22:27:40 | 000,034,816 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\splknetdrv-vista.sys -- (splknetdrv)
DRV:64bit: - [2013/09/04 14:57:42 | 000,031,264 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiutil.sys -- (gfiutil)
DRV:64bit: - [2013/06/18 22:02:34 | 000,088,928 | ---- | M] (ThreatTrack Security, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2013/05/23 08:39:23 | 000,041,032 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2013/04/12 15:43:56 | 000,088,864 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2012/06/26 15:42:38 | 000,103,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012/03/23 13:53:59 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/03/23 13:53:59 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/20 12:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPALP)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPAL)
DRV:64bit: - [2011/10/11 13:08:00 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/10/10 16:43:16 | 000,288,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/09/29 16:26:56 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/29 15:17:58 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/06 14:44:32 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2011/08/29 16:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/08/24 00:32:02 | 000,558,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/08/16 04:32:40 | 000,534,016 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/08/09 12:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/08/05 15:34:04 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/08/05 15:34:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/08/05 15:34:00 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/07/21 23:01:14 | 001,448,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/06/10 21:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/06/10 21:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/06/06 22:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/30 20:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/05/27 14:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 14:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/04/29 17:57:52 | 000,053,760 | ---- | M] (HTL) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TSUSB2.SYS -- (TsUsb2)
DRV:64bit: - [2010/03/19 06:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2014/07/21 09:23:45 | 000,631,128 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys -- (RapportCerberus_69875)
DRV - [2014/07/10 19:23:38 | 000,414,296 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2014/07/10 19:23:38 | 000,299,736 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2014/04/08 22:27:42 | 000,044,544 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\splunkdrv-win6.sys -- (splunkdrv-win6)
DRV - [2014/04/08 22:27:42 | 000,019,968 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SplunkMonitorNoHandleDrv-vista.sys -- (SplunkMonitorNoHandle)
DRV - [2014/04/08 22:27:40 | 000,034,816 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\splknetdrv-vista.sys -- (splknetdrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/05/25 06:05:56 | 000,053,760 | ---- | M] (HTL) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TSUSB2.SYS -- (TsUsb2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=UP74&dt=043013
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0780F188-C0AB-415A-86AD-1D0689EB73CB}
IE - HKCU\..\SearchScopes\{0780F188-C0AB-415A-86AD-1D0689EB73CB}: "URL" = https://search.yahoo...p={SearchTerms}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{5428B1B3-13A2-44BC-AB3D-EB2F1BCC24BE}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{956B5339-C2BE-4435-A7E5-939CC80789C8}: "URL" = http://websearch.ask...FA-3B51A064FF21
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.7.0
FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - prefs.js..keyword.URL: "http://search.yahoo....ype=A110US0&p="
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.order.1: "Secure Search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@eonreality.com/EON,version=8.0.4.6479: C:\Program Files (x86)\EON Reality\EON Viewer 8.0.4.6479\Bin\npEonXPlugin7.dll (EON Reality, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Sean Strickling\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sean Strickling\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Sean Strickling\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sean Strickling\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sean Strickling\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/08/05 08:57:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014/05/15 17:52:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/04/18 09:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean Strickling\AppData\Roaming\Mozilla\Extensions
[2014/05/06 15:39:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean Strickling\AppData\Roaming\Mozilla\Firefox\Profiles\wa6ogeyz.default\extensions
[2014/05/06 15:39:19 | 000,000,000 | ---D | M] (OutWit Hub) -- C:\Users\Sean Strickling\AppData\Roaming\Mozilla\Firefox\Profiles\wa6ogeyz.default\extensions\[email protected]
[2013/06/19 14:42:16 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Sean Strickling\AppData\Roaming\Mozilla\Firefox\Profiles\wa6ogeyz.default\extensions\[email protected]
[2013/06/19 14:42:16 | 000,002,308 | ---- | M] () -- C:\Users\Sean Strickling\AppData\Roaming\Mozilla\Firefox\Profiles\wa6ogeyz.default\searchplugins\askcom.xml
[2014/04/17 11:11:22 | 000,002,273 | ---- | M] () -- C:\Users\Sean Strickling\AppData\Roaming\Mozilla\Firefox\Profiles\wa6ogeyz.default\searchplugins\bingp.xml
[2014/08/07 09:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/06 15:19:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/15 17:52:18 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 11.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2014/08/05 08:57:19 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2014/01/02 18:44:17 | 000,002,062 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sean Strickling\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: HP Product Detection Plugin = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\2.0.5.6_0\
CHR - Extension: SEOquake = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.21_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.7.11_0\
CHR - Extension: Google Drive = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: QuickBooks = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimncnjihlhfmagneecomiloklpjeagl\67_0\
CHR - Extension: Google Search = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Morpheon Dark - Aero = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnbbonpgadmkipdlclghcekaklebdpi\1.2_0\
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.7.52_0\
CHR - Extension: Video Downloader professional = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil\1.97.43_0\
CHR - Extension: SiteAdvisor = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: Kindle Cloud Reader = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.7.0.1_0\
CHR - Extension: Currency Converter = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbhghjdcfghfhlogkgdklfgmpodeglno\1.31_0\
CHR - Extension: Skype Click to Call = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: Scraper = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd\1.6_0\
CHR - Extension: Google Wallet = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.2.4_0\
CHR - Extension: Gmail = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (VIPRE Search Guard Helper) - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSG.dll ()
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (VIPRE Search Guard Toolbar) - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSG.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\GFI Software\VIPRE\SBRC.exe" File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\VIPRE\SBAMTray.exe (ThreatTrack Security, Inc.)
O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [BimeDesktop] C:\Program Files (x86)\BimeDesktop\BimeDesktopLauncher.exe File not found
O4 - HKCU..\Run: [SpiderOak] C:\Program Files (x86)\SpiderOak\SpiderOak.exe (SpiderOak)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Sean Strickling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: promptcheckonline.com ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {9602B3CE-BC91-417D-B4FD-F6538C2ABB3B} http://www.advancedm...AMDSWSCheck.CAB (AMDSWSCheck.WSCheck)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://paychexta.we...rt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {EE8CEFA4-1F91-11D4-B31E-00C04F1D37E6} http://www.advancedm...DVBDownload.CAB (PPMDVBDownload.XShowReady)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.10 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31472D68-6FC0-4E6C-AF47-CC34BBA6B3CC}: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6203ACAC-F96D-4D6F-8A7A-2AA704020748}: DhcpNameServer = 192.168.1.10 8.8.8.8
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\intu-help-qb6 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vipresg - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\vipresg {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{62d3ff50-71a2-11e3-838f-88532ecf12fe}\Shell - "" = AutoRun
O33 - MountPoints2\{62d3ff50-71a2-11e3-838f-88532ecf12fe}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{ecdacdb1-eb58-11e2-af22-88532ecf12fe}\Shell - "" = AutoRun
O33 - MountPoints2\{ecdacdb1-eb58-11e2-af22-88532ecf12fe}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/24 21:51:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/08/24 21:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/22 10:57:49 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/22 10:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/08/22 10:57:29 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/08/22 10:57:29 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/08/22 10:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/08/21 09:03:16 | 000,000,000 | ---D | C] -- C:\Users\Sean Strickling\AppData\Local\Adobe
[2014/08/05 13:10:37 | 000,000,000 | ---D | C] -- C:\Users\Sean Strickling\Documents\APEX
[2014/08/04 17:23:50 | 000,000,000 | ---D | C] -- C:\Users\Sean Strickling\AppData\Local\6_Wunderkinder_GmbH
[2014/08/04 17:23:46 | 000,000,000 | ---D | C] -- C:\Users\Sean Strickling\AppData\Roaming\6Wunderkinder
[2014/08/04 17:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wunderlist2
[2014/08/04 17:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2012/09/01 18:26:09 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Sean Strickling\gotomypc_438.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/25 12:32:01 | 000,000,622 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-4029396285-522126323-1915256878-1000.job
[2014/08/25 12:19:48 | 081,997,824 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\Narconon Spring Hill, Inc. v3.QBW
[2014/08/25 12:19:48 | 006,094,848 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\Narconon Spring Hill, Inc. v3.QBW.TLG
[2014/08/25 12:05:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4029396285-522126323-1915256878-1000UA.job
[2014/08/25 11:53:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/25 10:42:05 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSean Strickling.job
[2014/08/25 10:10:04 | 000,000,438 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\Narconon Spring Hill, Inc. v3.QBW.ND
[2014/08/25 10:05:30 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/25 10:04:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4029396285-522126323-1915256878-1000Core.job
[2014/08/25 09:05:51 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/25 09:05:51 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/25 09:01:30 | 000,883,430 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/25 09:01:30 | 000,739,268 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/25 09:01:30 | 000,144,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/25 08:54:47 | 000,373,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/25 08:54:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/25 08:54:31 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/22 17:40:41 | 000,431,557 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\AR-M455N_20140822_180717.pdf
[2014/08/22 14:52:50 | 000,002,012 | -H-- | M] () -- C:\Users\Sean Strickling\Documents\Default.rdp
[2014/08/22 10:57:33 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/20 17:52:15 | 000,002,444 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\Surveyors Timesheets - Shortcut.lnk
[2014/08/14 17:14:11 | 011,198,464 | R--- | M] () -- C:\Users\Sean Strickling\Desktop\Rehabilitation Initiatives LLC.qbw
[2014/08/14 17:14:11 | 001,114,112 | R--- | M] () -- C:\Users\Sean Strickling\Desktop\Rehabilitation Initiatives LLC.qbw.TLG
[2014/08/14 17:14:11 | 000,000,407 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\Rehabilitation Initiatives LLC.qbw.ND
[2014/08/13 14:48:47 | 000,000,091 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2014/08/11 15:13:38 | 000,026,778 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\~qbofx32
[2014/08/11 15:13:37 | 000,000,103 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\mkx03101.ini
[2014/08/11 14:38:05 | 000,063,514 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\~qbofxod
[2014/08/11 14:38:05 | 000,000,159 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\mkx00147.ini
[2014/08/04 17:22:49 | 000,002,495 | ---- | M] () -- C:\Users\Public\Desktop\Wunderlist.lnk
[2014/07/29 09:18:47 | 000,002,621 | ---- | M] () -- C:\Users\Public\Desktop\QuickBooks File Doctor.lnk
 
========== Files Created - No Company Name ==========
 
[2014/08/22 18:01:34 | 000,431,557 | ---- | C] () -- C:\Users\Sean Strickling\Desktop\AR-M455N_20140822_180717.pdf
[2014/08/04 17:22:49 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk
[2014/08/04 17:22:49 | 000,002,495 | ---- | C] () -- C:\Users\Public\Desktop\Wunderlist.lnk
[2014/04/21 22:46:59 | 000,002,622 | -H-- | C] () -- C:\Users\Sean Strickling\_viminfo
[2013/04/24 09:43:44 | 000,160,924 | ---- | C] () -- C:\Windows\01 Transaction Pro Importer 5.0 Uninstaller.exe
[2013/02/06 18:40:04 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/10/29 18:19:52 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2012/10/29 10:00:13 | 000,060,304 | ---- | C] () -- C:\Users\Sean Strickling\g2mdlhlpx.exe
[2012/05/18 17:34:39 | 000,007,619 | ---- | C] () -- C:\Users\Sean Strickling\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/08/09 15:17:34 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\01 Transaction Pro Importer 5.0
[2014/08/04 17:23:46 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\6Wunderkinder
[2014/06/20 10:21:14 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\A-Shell
[2014/04/08 23:23:24 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\com.wearecloud.bime
[2014/01/07 23:31:19 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\deb27c1a-00e6-4263-94b2-8b78ea4d32ae
[2012/10/29 18:43:26 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\Fujitsu
[2014/01/07 23:30:07 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\GFI Software
[2014/04/30 22:44:40 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\I-Metrix
[2012/05/18 22:32:24 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\IDT
[2012/10/29 18:25:33 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\Leadertech
[2014/04/10 00:27:53 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\Notepad++
[2014/05/06 15:56:45 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\OutWit
[2012/05/29 09:56:51 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\PDF Writer
[2012/10/29 18:59:47 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\PFU
[2012/12/18 19:36:27 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\SmartVault
[2014/04/24 21:07:43 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\SolidDocuments
[2014/08/25 12:40:03 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\SpiderOak
[2012/07/03 15:31:19 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\SQL Anywhere 12
[2012/05/14 14:43:25 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\Synaptics
[2013/12/03 23:31:48 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\SystemRequirementsLab
[2012/12/05 08:25:18 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\TeamViewer
[2014/01/07 23:30:07 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\VIPRE
[2012/05/14 18:09:55 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\WebApp
[2012/10/31 11:25:33 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\webex
[2014/05/19 11:44:20 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\Windows Live Writer
[2014/05/05 06:53:08 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\Wing 101 5
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements

#2
ruggie_uk
Posted 26 August 2014 - 04:55 PM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Greetings RSFLorida and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.
Please be aware I am currently in the final stages of training right now and all my work will be checked by an instructor so there may be a slight delay between posts. The added benefit to this is that you will have 2 sets of eyes looking at your problem so you can be assured you will get the best possible help.
  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it will be difficult at times but it is important that you stay with me until your computer is declared clean.
stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.pngPlease stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

I will make a start on looking through your log file, in the meantime could you please post the extras.txt file that was created when you ran OTL, it will be located in C:\Users\Sean Strickling\Downloads

Thanks and see you soon :D
  • 0

#3
RSFlorida
Posted 27 August 2014 - 07:15 AM

RSFlorida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Sounds good to me!

 

Here is the log file...

 

OTL Extras logfile created on: 8/25/2014 12:31:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sean Strickling\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.95 Gb Total Physical Memory | 2.81 Gb Available Physical Memory | 35.31% Memory free
15.90 Gb Paging File | 9.97 Gb Available in Paging File | 62.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 677.92 Gb Total Space | 540.61 Gb Free Space | 79.75% Space Free | Partition Type: NTFS
Drive D: | 20.42 Gb Total Space | 2.20 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
 
Computer Name: SEAN-PC | User Name: Sean Strickling | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO [email protected])
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.txt [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO [email protected])
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Notepad++_file] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0880D626-29B2-4247-A24F-666293C8C4DB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0FCF9AD8-094E-4B69-8556-40BF3281DAB3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1E94240E-82AB-48DD-9A8B-48633C73903C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{247A0E43-963A-4AE9-9B20-3001003ECB83}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{28FDE178-7E38-4D76-84E6-172DD7056ABC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{29420308-8D00-41EE-B8E9-12C64354C9F2}" = rport=8019 | protocol=6 | dir=in | app=c:\program files (x86)\intuit\quickbooks 2013\filemanagement.exe | 
"{343C5D5B-015B-4B5F-9565-5434984366D0}" = rport=8019 | protocol=6 | dir=out | app=c:\program files (x86)\intuit\quickbooks 2013\qbw32.exe | 
"{34CA8172-11B3-4F34-B52E-2870E9095A19}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{355F8120-4CBD-4A86-B398-54F67E2A2586}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{42E815C6-1CFD-4895-8AE8-9D4FB469F3FD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4C3DCB5C-BD3A-48B5-8BFA-3B8F25299661}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5058ADEA-E7E3-4EAA-ADC2-1FC3FF2A42B5}" = rport=8019 | protocol=6 | dir=out | app=c:\program files (x86)\intuit\quickbooks 2013\dbmanagerexe.exe | 
"{541E1CC1-9938-4D46-A709-6C1E1C89C820}" = rport=8019 | protocol=6 | dir=in | app=c:\program files (x86)\common files\intuit\quickbooks\qblaunch.exe | 
"{56976076-4EFE-4DEF-850D-8D2FFCE2CA34}" = rport=137 | protocol=17 | dir=out | app=system | 
"{569E21FB-E905-45FB-B2E7-DCA97661A3FF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5735C90D-92EA-4E3F-BFEA-7500A7249E73}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{61F6F197-3F5D-439B-B431-A24DDC398C73}" = rport=8019 | protocol=6 | dir=in | app=c:\program files (x86)\common files\intuit\quickbooks\qbcfmonitorservice.exe | 
"{6646A874-129A-45F1-8395-6967ECF7A22E}" = rport=8019 | protocol=6 | dir=out | app=c:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe | 
"{6771AF93-2F83-4AE5-9071-2755E2E8C2DB}" = rport=8019 | protocol=6 | dir=out | app=c:\program files (x86)\intuit\quickbooks 2013\filemanagement.exe | 
"{731302BE-653E-485A-BA24-BAE421D177B6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7BD9CED1-99AD-414B-8C29-5CDF87263DB7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{7F5C6766-99DD-4240-8FDA-179F8B9AC5A0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{871A3C77-7A21-4FB0-9E3A-EE56D1F7BFD9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8B2473C1-D191-406C-A74E-3CA66233F300}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8B8EBEA2-8423-4FA5-83D2-27529E67EA24}" = rport=8019 | protocol=6 | dir=in | app=c:\program files (x86)\intuit\quickbooks 2013\qbw32.exe | 
"{8C703DF3-C7FC-422B-B2E2-31FF1CE4991D}" = rport=8019 | protocol=6 | dir=in | app=c:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe | 
"{96EC9841-DCBF-4E95-97BA-90D6B7846E1A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9EC1C007-2EF4-4BB0-84C1-A6B28F925026}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A1FB4946-0D0A-4D9D-82F4-B643B234DCDA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A79510AF-D9FC-435A-8A1D-D7532062A6FB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A88A2C62-3BB3-4ADB-AEB5-0E5AB328FA12}" = rport=8019 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\quickbooks\qbcfmonitorservice.exe | 
"{ACFDE29C-8078-4D47-A083-341620AF216E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B2B401A6-05E6-4F2F-812F-8CD428E04FE8}" = rport=8019 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\quickbooks\qblaunch.exe | 
"{B6D96C1A-30D5-4B31-BD78-6A986802D5D3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{B7134995-69BF-49B5-877E-558E6825A532}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C8C86AE1-9E56-4D0C-9408-A1334F3096CF}" = rport=8019 | protocol=6 | dir=in | app=c:\program files (x86)\intuit\quickbooks 2013\dbmanagerexe.exe | 
"{E1D2D9EC-97C2-40A7-A494-750DAB7E8BBD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E4C426B4-D775-4DF7-A396-E7C4D69EE462}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E6F4626E-D30D-4F99-B0A7-152D89A5FC06}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04404EA5-7A61-4140-A032-D8B592774CEB}" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"{0DBC3699-91CA-44E5-9FEA-EF482038C08D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{0E367B0D-74A9-4BF4-AD85-2799A94CF4E4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{14270D4B-1C82-478A-99A5-589A4510FF49}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe | 
"{202DC6CB-A9F8-419A-B62D-D97204BD2AC9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{21E8E285-6475-4325-943F-4919C6EF5252}" = protocol=6 | dir=in | app=c:\program files (x86)\clearify\qqube tool\qqube configuration tool.exe | 
"{2244F2CA-ED78-4088-ABD9-714742D3C06E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{22E3917E-7367-4877-B170-10C0DAE63B77}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe | 
"{25AFD253-7A6C-429A-8F59-EFCF56DD8BE4}" = protocol=1 | dir=out | [email protected],-28544 | 
"{2AD4F3A2-F87A-4A9C-AF80-7271C50C7803}" = protocol=17 | dir=in | app=c:\program files (x86)\clearify\qqube tool\qqube synchronizer.exe | 
"{2BBF2CA3-2499-4E08-A7A4-C9F1B1A0CD39}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3584A14C-2A29-4EAD-A2B4-6970765E1070}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{3B3AAE9A-EF5D-426F-A19F-48E63B5E742A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3CAA313D-F331-4B22-8FE8-2B47B7AEFD56}" = protocol=17 | dir=in | app=c:\users\sean strickling\desktop\lighttable\lighttable.exe | 
"{48D67869-8E41-4CB8-87B7-BDE80B2DFA79}" = protocol=6 | dir=in | app=c:\users\sean strickling\downloads\lighttablewin\lighttable\lighttable.exe | 
"{48E62C18-32DD-465F-9070-7DDDB1A00093}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe | 
"{55AE9891-284F-4445-8540-CBF5649BADD8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5A03E2E7-E30C-4D95-8E4E-15D4673E4FF9}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\devicesetup.exe | 
"{5FFFD6E6-ABA9-4EBC-A660-161C634D2395}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe | 
"{665CA416-4CE2-4D03-944B-BCEFD6D551D2}" = protocol=6 | dir=in | app=c:\program files (x86)\clearify\qqube tool\qqube synchronizer.exe | 
"{69099367-3EC2-46A2-9E07-F7CD71CCF799}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6D1984BA-4438-41D2-8B14-4235A77A959B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{6FF1CAF8-D695-4F9C-8F32-07BE87F1C126}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{75A0BFAA-47C4-43F6-B184-521C3448C0D0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{789D8211-18EE-472D-861C-E860B531EEFF}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 
"{7ACE14A3-D5BA-4384-9065-D49934D04DA3}" = protocol=17 | dir=in | app=c:\program files (x86)\clearify\qqube tool\qqube configuration tool.exe | 
"{80F43450-DD28-4A3A-976E-60929806CF5C}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 
"{83410812-2E80-4371-84A7-C3B35466678C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{851A7B31-88CB-402F-BEC1-2EFD9DB3489A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{906A8A2C-BFB8-4DF8-93CF-146CF8009C6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A2CB3A9F-523D-4E91-8F2B-E2B7E9D3CF56}" = protocol=6 | dir=in | app=c:\users\sean strickling\desktop\lighttable\lighttable.exe | 
"{A7286162-55EE-470B-80D2-2365B2778359}" = protocol=58 | dir=in | [email protected],-28545 | 
"{AB544FA6-DBBA-44D6-86E4-3564622D69A5}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{B38B4AF6-4563-48FA-9A38-2D67A56A8BEF}" = protocol=58 | dir=out | [email protected],-28546 | 
"{B492682B-3E38-473A-B901-5C166B15BBC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BB4F4AD4-4DF3-4BC7-958C-6B9952154528}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C0E4FD77-536C-40C5-AE86-3CC5C3B10046}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C575C824-2559-426F-81F8-2B931F8406F9}" = protocol=1 | dir=in | [email protected],-28543 | 
"{C7E19C2D-24C8-4274-B7BB-71ABE3A086D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C94C0B12-11EC-4501-B7CF-A7713C7284A7}" = protocol=17 | dir=in | app=c:\users\sean strickling\downloads\lighttablewin\lighttable\lighttable.exe | 
"{CB56E47D-BE14-4C26-BC89-ECAEB0B2CC22}" = protocol=6 | dir=out | app=system | 
"{CD7562A0-A8B3-410B-833C-FC9ADE8C490C}" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"{D2D31666-7386-4946-9F94-D50D5145B0CF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{DA7D96D2-CA03-46F5-A493-02C98E39AEFC}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe | 
"{DF720187-6E5E-4D77-AA32-97E23F84BB74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E80C370E-811E-4D09-B904-A572CE42EA9F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{EB409877-CC50-47FA-BD82-C4DC9794567C}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{EDD4DEE0-8995-4BAD-B8D2-2B20B2152F4F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{EF492F40-37B2-4EAB-AA1A-2B404970429B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F150C872-9BD5-474F-8156-EF5C947A3CFF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F4D830E9-102B-4664-A8A8-A4A87BE4D5C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FCD3D992-9505-4C71-8A64-9194B6FC85FA}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe | 
"TCP Query User{13522D05-F8DE-46AA-9F18-2E3838AB1E9B}C:\program files (x86)\spideroak\spideroak.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spideroak\spideroak.exe | 
"TCP Query User{23687B92-2703-4FD4-B98B-BB6892BF4EDD}C:\users\sean strickling\desktop\lighttable\lighttable.exe" = protocol=6 | dir=in | app=c:\users\sean strickling\desktop\lighttable\lighttable.exe | 
"TCP Query User{4C0154D7-C78D-4213-BB34-077AA9ECE7A7}C:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe | 
"TCP Query User{5757BC81-9B74-46B0-8A72-A3DEC401E6A0}C:\users\sean strickling\appdata\local\startmeeting\startmeeting en.exe" = protocol=6 | dir=in | app=c:\users\sean strickling\appdata\local\startmeeting\startmeeting en.exe | 
"TCP Query User{67E1F0C4-7694-4872-BC67-173074C4B334}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe | 
"TCP Query User{96A64561-919F-4504-9AEC-5AAE40665D97}C:\users\sean strickling\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\sean strickling\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe | 
"TCP Query User{9ECBC0EF-639F-4184-B1D6-F1D043EA8423}C:\users\sean strickling\downloads\lighttablewin\lighttable\lighttable.exe" = protocol=6 | dir=in | app=c:\users\sean strickling\downloads\lighttablewin\lighttable\lighttable.exe | 
"TCP Query User{AB323D84-21B8-4B26-8278-C99FD69F19BA}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{AC2881EA-7A36-4605-8A35-9BA53FC49ED2}C:\program files (x86)\spideroak\spideroak.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spideroak\spideroak.exe | 
"TCP Query User{FF7F95C3-B0C8-4906-BE98-2B01C54B1F70}C:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe | 
"UDP Query User{1A9691B1-CEC2-4551-9D29-97BBBC7107EA}C:\users\sean strickling\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\sean strickling\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe | 
"UDP Query User{253144B2-29A6-4143-B4E9-B39258D17098}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe | 
"UDP Query User{2C935822-2E21-4623-8AE1-C8685B515B55}C:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe | 
"UDP Query User{4AA7101E-A894-4416-B52E-1983C171B619}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{66680221-6EE2-4418-A8AE-45A62A28BF2B}C:\users\sean strickling\downloads\lighttablewin\lighttable\lighttable.exe" = protocol=17 | dir=in | app=c:\users\sean strickling\downloads\lighttablewin\lighttable\lighttable.exe | 
"UDP Query User{8AF901B1-4BA1-4BE1-91B7-D646C227C7A8}C:\users\sean strickling\appdata\local\startmeeting\startmeeting en.exe" = protocol=17 | dir=in | app=c:\users\sean strickling\appdata\local\startmeeting\startmeeting en.exe | 
"UDP Query User{C5F72132-C151-42C7-A33C-A92830B8CF17}C:\program files (x86)\spideroak\spideroak.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spideroak\spideroak.exe | 
"UDP Query User{D2AFD662-7F4D-467A-A203-0CB61F67E925}C:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe | 
"UDP Query User{E5220185-1B0B-4656-AEFD-1B3380EEA803}C:\program files (x86)\spideroak\spideroak.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spideroak\spideroak.exe | 
"UDP Query User{EC484E2C-CBD8-4391-9DB5-11ABA1995BAF}C:\users\sean strickling\desktop\lighttable\lighttable.exe" = protocol=17 | dir=in | app=c:\users\sean strickling\desktop\lighttable\lighttable.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17C04D02-29DD-42A0-97F2-8C9E7030CB07}" = Tableau 8.1
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{35E63BD5-4393-43CC-9626-ED9BD4999DA6}" = Splunk
"{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel® PROSet/Wireless for Bluetooth® + High Speed
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54471BB6-4A20-4C28-B3D1-37FC0E8D552C}" = QQube SQL Anywhere 12
"{5639514A-861C-44A3-BE9A-BDADE7693647}" = DisplayLink Core Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}" = WD SmartWare
"{72B48DB7-1C97-842F-2B25-55F40FA73E8E}" = ccc-utility64
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{7EE77282-7B19-36A5-A408-4A5408B852F1}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{863162A8-ECC2-35EA-BDF7-E09AC456E164}" = Python 3.4.0 (64-bit)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9609B5E8-4C72-495F-8544-2A61A8A66DDC}" = DisplayLink Graphics
"{C0CA6788-386E-4BE1-B214-629E746A5302}" = HP Officejet 6700 Basic Device Software
"{C2109862-4C52-C4C0-8E71-2EF3F2470CB0}" = AMD Catalyst Install Manager
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D82D4106-BD65-47CC-8CFA-3708F02CC803}" = TellerScanDriver 64-Bit
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}" = HP 3D DriveGuard
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E2D0B67F-8032-4E11-87C6-C8C721D331B3}" = Intel® PROSet/Wireless WiFi Software
"{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}" = QuickBooks Runtime Redistributable
"1BCFCB58CAD0C622A504194B76156A833DE92C31" = Windows Driver Package - Digital Check Corporation (TsUsb2) USB  (04/01/2010 2.0.0.0)
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1406
"Logitech Unifying" = Logitech Unifying Software 2.00
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics ClickPad Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{075F2A5D-E1D6-50F7-47BC-255D55357F61}" = CCC Help Portuguese
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08523528-BA2F-43BB-87E3-252C081872B9}" = Catalyst Control Center - Branding
"{0877F595-254F-45F4-991D-3F72E86B17CE}" = Quicken 2014
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A84393B-C09E-3184-A7D9-5A0D580B0CEB}" = Catalyst Control Center Profiles Mobile
"{0A918A9E-74F2-41CB-969F-FB0CB9A51DD8}" = Intel® Smart Connect Technology 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE73D3C-B5AF-11E1-933A-984BE15F174E}" = Evernote v. 4.5.7
"{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}" = HP CoolSense
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0F3FF772-29E0-4B7E-A178-34527747DB72}" = Wunderlist
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1ca68332-4ba1-4943-9010-eaa1aa45b492}" = Wunderlist
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2421E8FE-AE35-493A-94F5-66307E006ECF}" = QuickBooks_VC10_Debug
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3167CC62-C775-4E47-92C1-73EBB845751A}" = QuickBooks
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3574CD7C-FC85-40FA-9611-7277A3236AB1}_is1" = BimeDesktop
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3BFE1D0A-3F5B-CA85-CE7C-45CE319A9B67}" = CCC Help Hungarian
"{3C631966-387E-4054-85D9-BBFFABE32BD8}" = QuickBooks Pro 2013
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41B3BC57-AE8D-19F0-7776-04AE47AABB2F}" = PX Profile Update
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{451433B2-12F2-05A6-B5ED-B67B76493C25}" = CCC Help Chinese Traditional
"{4570FCDC-2BA6-4B29-70B0-4712211027C9}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CFC749F-E178-42C7-8095-796C5814C9C3}" = Microsoft SQL Server 2012 PowerPivot for Excel  32-bit
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{53F45786-F5DE-9BF7-181F-410BED18299E}" = CCC Help Finnish
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588E7010-AF5C-9233-514B-A3F48307F4F1}" = CCC Help Thai
"{5AA22838-7865-EBD2-FE1A-F8942E69A247}" = Catalyst Control Center
"{5EF6FF75-C1F4-44D3-9A63-10257B30312A}" = QuickBooks File Doctor
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62272BD6-5AB1-EE2A-8371-A09268FD32D3}" = CCC Help Japanese
"{63DF23E8-2D93-4019-AAB9-621921C48B5E}" = SmartVault
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66AA87C9-2A10-C2E0-F59F-C613FB0C38CF}" = CCC Help Greek
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7257132D-7F65-41E6-A90F-43BF6099461A}" = Intel® WiDi
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74C0DEDD-7541-0837-7843-5F96C722152C}" = Catalyst Control Center Localization All
"{74E30ECD-0F61-4A70-B131-3BE2217A2816}" = ScanSnap
"{78AE262D-4ED7-43C2-A0D6-C5535A421BAC}" = Intel Digital Logo
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7B089009-DE77-0068-A3DB-B82EC2609A2F}" = CCC Help Czech
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85EB33CA-683D-2B2C-51A9-052DB5B8FF1D}" = CCC Help Swedish
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{883FC42F-0FF5-5209-F832-55E1B9064D59}" = Catalyst Control Center InstallProxy
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90FD6C78-47B2-E9D2-C674-C8E7B8F1A3E7}" = CCC Help Polish
"{90FE9281-F7C4-D95F-5B0E-FD089C69CF24}" = CCC Help English
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93A32543-0107-4885-A754-70B687522AF4}" = VIPRE Antivirus
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EBE85AD-B155-3DC7-F5B6-E08F76245DEC}" = CCC Help Spanish
"{9FE259BD-C298-4A1A-A314-D6FBAF36A7DD}" = SIDEKIQ
"{A0C8AF32-C6B8-08B9-0BC9-D8752EC16ACE}" = CCC Help Danish
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A40AE1FF-A9BF-0167-2C51-F1CE505B2DFC}" = CCC Help Chinese Standard
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{AC7E7905-8C59-4806-A96D-30936A2B1FC5}" = Citrix Online Launcher
"{B5948257-201E-7731-122F-FEA108166F34}" = CCC Help Norwegian
"{BAF0881C-77EC-1105-DAD3-8C71D260FC62}" = CCC Help Russian
"{BB4BA51A-667D-8EDD-1E04-37EB354E7039}" = CCC Help German
"{BB586E51-4876-4BB2-91EC-5CB3D0C38145}" = CardMinder V4.1
"{BE208C2E-A46A-426F-B2B8-CE8BEF9DB24D}" = HP Proximity Sensor Utility
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Antivirus
"{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}" = Google Talk Plugin
"{C54A0E36-CFFF-4DB5-86C5-A0F651946819}" = VCTransaction Express
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6F2D9E0-CB1F-40C0-969E-2C1D541DDB4B}" = ERI Nonprofit Comparables Assessor - October 2013
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEA63996-6C9E-D922-7FC8-465BBCCAAA75}" = CCC Help Turkish
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2A97E45-B5CD-4BBD-8FE2-CA285291A922}" = QQube SQL Anywhere 12
"{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}" = HP Support Solutions Framework
"{D3A15314-FF16-BB56-0D64-2691EE52D5AF}" = CCC Help Korean
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF87DB8C-FBD6-4E13-99AA-4A510E0B0BCD}" = HP Documentation
"{E081AC90-C86E-11DD-3D6C-053C11884AE1}" = ZOOM
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E17D8F59-1990-4C6A-9EDA-B66009A46251}" = TellerScan 64-bit Driver v3.0
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E2BCBC83-E08D-D581-A854-096968DE5245}" = CCC Help French
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E431A49E-6044-2581-C7BE-FF18BFCA422F}" = CCC Help Italian
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F8639538-90F4-4E24-B5A4-4EBC20171E4F}" = ScanSnap Organizer
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FB410000-0002-0000-0000-074957833700}" = ABBYY FineReader for ScanSnap ™ 4.1
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"01 Transaction Pro Importer 5.0" = 01 Transaction Pro Importer 5.0
"3457-5199-4887-5753" = Quantrix Modeler 3.7.92
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Amortization Software_is1" = Amortization Software
"AudibleManager" = AudibleManager
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"HP Wireless Audio Manager" = HP Wireless Audio Manager 1.3.5
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 29.0 (x86 en-US)" = Mozilla Firefox 29.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"OutWit Hub 4.0.6.36 (x86 en-US)" = OutWit Hub 4.0.6.36 (x86 en-US)
"PremElem90" = Adobe Premiere Elements 9
"QQube Tool" = QQube Tool
"Rapport_msi" = Trusteer Endpoint Protection
"SIDEKIQ" = SIDEKIQ
"SmartVault" = SmartVault
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpiderOak" = SpiderOak
"ST6UNST #1" = PromptCheck Online 2.0.9
"TeamViewer 9" = TeamViewer 9
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Wing IDE 101 5.0_is1" = Wing IDE 101 5.0.5-1
"WinLiveSuite" = Windows Live Essentials
"xampp" = XAMPP
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Amazon Kindle" = Amazon Kindle
"c5001dc7b370a332" = Remote Express Deposit
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 6.4.0.1558
"StartMeeting" = StartMeeting
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/25/2014 9:49:13 AM | Computer Name = Sean-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2013": DB error 
-298 ErrorMessage:'Attempted two active database requests' from file:'.\.\src\sadbsess.cpp'
 at line 1200 from function:'SADBSession::LoadCursor
 
Error - 8/25/2014 9:49:13 AM | Computer Name = Sean-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2013": DB error 
-298 ErrorMessage:'Attempted two active database requests' from file:'.\.\src\sadbsess.cpp'
 at line 1246 from function:'SADBSession::LoadCursor
 
Error - 8/25/2014 9:49:13 AM | Computer Name = Sean-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2013": DB error 
-298 ErrorMessage:'Attempted two active database requests' from file:'.\.\src\sadbsess.cpp'
 at line 7933 from function:'SADBSession::DoMov
 
Error - 8/25/2014 9:56:00 AM | Computer Name = Sean-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Error reading server
 location from registry :The system cannot find the file specified.
 
Error - 8/25/2014 9:56:07 AM | Computer Name = Sean-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2013": Error reading
 server location from registry :The system cannot find the file specified.
 
Error - 8/25/2014 9:56:22 AM | Computer Name = Sean-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2013": Error reading
 server location from registry :The system cannot find the file specified.
 
Error - 8/25/2014 9:56:27 AM | Computer Name = Sean-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2013": Error reading
 server location from registry :The system cannot find the file specified.
 
Error - 8/25/2014 10:09:30 AM | Computer Name = Sean-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Error reading server
 location from registry :The system cannot find the file specified.
 
Error - 8/25/2014 10:09:39 AM | Computer Name = Sean-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2013": Error reading
 server location from registry :The system cannot find the file specified.
 
Error - 8/25/2014 10:10:02 AM | Computer Name = Sean-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2013": Error reading
 server location from registry :The system cannot find the file specified.
 
Error - 8/25/2014 10:10:08 AM | Computer Name = Sean-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2013": Error reading
 server location from registry :The system cannot find the file specified.
 
[ Hewlett-Packard Events ]
Error - 11/4/2012 6:23:02 PM | Computer Name = Sean-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Object '/365cf9fe_91e3_4f5f_9cdf_ea9a9dd46507/hk1gsmxjzpjui8w5euobapjy_5.rem' has
 been disconnected or does not exist at the server.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 8139  Ram Utilization: 50  TargetSite: Void UpdateDetail(System.String)  
 
Error - 11/13/2012 11:58:07 AM | Computer Name = Sean-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]  Message: The server did not provide a meaningful
 reply; this might be caused by a contract mismatch, a premature session shutdown
 or an internal server error.  StackTrace:  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
 reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
 msgData, Int32 type)     at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()
 
   at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: mscorlib
 
Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: en-US  RAM: 8139  Ram Utilization: 40  TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
 System.Runtime.Remoting.Messaging.IMessage)  
 
Error - 11/23/2012 8:33:57 AM | Computer Name = Sean-PC | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261   at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Source:
 HPSFMsgr    Name: HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: en-US  RAM: 8139  Ram
 Utilization: 30  TargetSite: Void SetWMISysInformation()  
 
Error - 11/23/2012 8:33:57 AM | Computer Name = Sean-PC | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261HPSFMsgr.exe   at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Source:
 HPSFMsgr    Name: HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: en-US  RAM: 8139  Ram
 Utilization: 30  TargetSite: Void SetWMISysInformation()  
 
Error - 11/23/2012 8:33:59 AM | Computer Name = Sean-PC | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147023169HPSFMsgr.exe   at System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     at System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     at System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     at System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
 
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
 
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     at System.Activator.CreateInstance(Type type, Boolean nonPublic)
 
   at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib
 
Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: en-US  RAM: 8139  Ram
 Utilization: 30  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 1/4/2013 11:00:48 AM | Computer Name = Sean-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/8/2013 11:59:24 AM | Computer Name = Sean-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/29/2013 5:05:49 PM | Computer Name = Sean-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/29/2013 5:07:11 PM | Computer Name = Sean-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 6/30/2014 9:32:56 AM | Computer Name = Sean-PC | Source = HPSF.exe | ID = 2000
Description = 
 
[ HP Software Framework Events ]
Error - 5/29/2012 10:42:46 AM | Computer Name = Sean-PC | Source = CaslWmi | ID = 5
Description = 2012/05/29 10:42:46.573|00002100|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 6/5/2012 10:23:11 AM | Computer Name = Sean-PC | Source = CaslWmi | ID = 5
Description = 2012/06/05 10:23:11.316|00000F80|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 6/5/2012 10:23:15 AM | Computer Name = Sean-PC | Source = CaslWmi | ID = 5
Description = 2012/06/05 10:23:15.493|00001990|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 6/5/2012 10:23:25 AM | Computer Name = Sean-PC | Source = CaslWmi | ID = 5
Description = 2012/06/05 10:23:25.779|00001A64|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 6/12/2012 10:07:58 AM | Computer Name = Sean-PC | Source = CaslWmi | ID = 5
Description = 2012/06/12 10:07:58.053|00001364|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 6/12/2012 10:08:01 AM | Computer Name = Sean-PC | Source = CaslWmi | ID = 5
Description = 2012/06/12 10:08:01.960|000019D0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 6/19/2012 11:12:08 AM | Computer Name = Sean-PC | Source = CaslWmi | ID = 5
Description = 2012/06/19 11:12:08.695|00001824|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 6/19/2012 11:12:12 AM | Computer Name = Sean-PC | Source = CaslWmi | ID = 5
Description = 2012/06/19 11:12:12.893|000016C0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 6/26/2012 10:06:52 AM | Computer Name = Sean-PC | Source = CaslWmi | ID = 5
Description = 2012/06/26 10:06:52.648|00001CC8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 6/26/2012 10:06:56 AM | Computer Name = Sean-PC | Source = CaslWmi | ID = 5
Description = 2012/06/26 10:06:56.224|00001888|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ Media Center Events ]
Error - 5/22/2012 9:24:54 AM | Computer Name = Sean-PC | Source = MCUpdate | ID = 0
Description = 9:24:53 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 
status 404: The requested URL does not exist on the server.  )  
 
Error - 5/22/2012 10:25:21 AM | Computer Name = Sean-PC | Source = MCUpdate | ID = 0
Description = 10:25:20 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
 status 404: The requested URL does not exist on the server.  )  
 
Error - 5/22/2012 11:26:03 AM | Computer Name = Sean-PC | Source = MCUpdate | ID = 0
Description = 11:26:00 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
 status 404: The requested URL does not exist on the server.  )  
 
Error - 5/22/2012 12:26:44 PM | Computer Name = Sean-PC | Source = MCUpdate | ID = 0
Description = 12:26:44 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
 status 404: The requested URL does not exist on the server.  )  
 
[ System Events ]
Error - 8/22/2014 10:53:10 AM | Computer Name = Sean-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 8/22/2014 10:53:10 AM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7000
Description = The Bluetooth Media Service service failed to start due to the following
 error:   %%1083
 
Error - 8/22/2014 11:22:13 AM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7023
Description = The Intel® PROSet/Wireless Zero Configuration Service service terminated
 with the following error:   %%-2147196306
 
Error - 8/22/2014 5:51:41 PM | Computer Name = Sean-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:50:04 PM on ?8/?22/?2014 was unexpected.
 
Error - 8/22/2014 5:53:39 PM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7034
Description = The Splunkd service terminated unexpectedly.  It has done this 1 time(s).
 
Error - 8/23/2014 10:54:15 AM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Error - 8/23/2014 10:54:15 AM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
 to start due to the following error:   %%1053
 
Error - 8/25/2014 8:59:00 AM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Modules Installer service to connect.
 
Error - 8/25/2014 8:59:00 AM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Modules Installer service failed to start due to the following
 error:   %%1053
 
Error - 8/25/2014 8:59:00 AM | Computer Name = Sean-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >

  • 0

#4
ruggie_uk
Posted 27 August 2014 - 12:07 PM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts


Hi RSflorida, there doesn't seem to ge a great deal amiss with your computer that a good tidy up shouldn't sort out for you.

Step 1

You have multiple AV products installed:

  • Mcafee
  • VIPRE Antivirus

Multiple AV products can cause many problems including slowing your computer down and causing conflicts between the products, leaving you potentially unprotected.

Please Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.

And choose a product to uninstall. If you have one paid for and one free, then I would recommend you keep the paid for product.


Step 2

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the adwcleaner.pngAdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the adwcleaner.pngAdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

  • Optional:

    NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

  • 0

#5
RSFlorida
Posted 28 August 2014 - 08:28 PM

RSFlorida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Here you go...

 

 # AdwCleaner v3.308 - Report created 28/08/2014 at 22:14:59

# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sean Strickling - SEAN-PC
# Running from : C:\Users\Sean Strickling\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Sean Strickling\AppData\Roaming\Mozilla\Firefox\Profiles\wa6ogeyz.default\searchplugins\Askcom.xml
File Found : C:\Users\Sean Strickling\AppData\Roaming\Mozilla\Firefox\Profiles\wa6ogeyz.default\searchplugins\bingp.xml
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\Sean Strickling\AppData\Local\apn
Folder Found : C:\Users\Sean Strickling\AppData\Local\PackageAware
Folder Found : C:\Users\Sean Strickling\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Sean Strickling\AppData\Roaming\Mozilla\Firefox\Profiles\wa6ogeyz.default\Extensions\[email protected]
Folder Found : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
 
***** [ Scheduled Tasks ] *****
 
Task Found : Scheduled Update for Ask Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : [x64] HKCU\Software\APN
Key Found : [x64] HKCU\Software\Ask.com
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v29.0 (en-US)
 
[ File : C:\Users\Sean Strickling\AppData\Roaming\Mozilla\Firefox\Profiles\wa6ogeyz.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Extension] : aaaaojmikegpiepcfdkkjaplodkpfmlo
 
*************************
 
AdwCleaner[R0].txt - [8505 octets] - [28/08/2014 22:14:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8565 octets] ##########

  • 0

#6
ruggie_uk
Posted 29 August 2014 - 06:13 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts


Hi RSFlorida, thanks for the log. Did you remove one of the products? If so which one?

Step 1

Re-run AdwCleaner

Close all open windows and browsers.

  • Double click the adwcleaner.pngAdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the adwcleaner.pngAdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the <TAB NAME> tab and Uncheck the following items:
    • <put the list here, if any>
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

  • Please right click TFC.exe tfc.png and select Run as Administrator.. (Note: If you are running on XP, just double click the file.
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

How are things looking now?
Items for your next post:

  • Adwcleaner log
  • Jrt Log

  • 0

#7
RSFlorida
Posted 29 August 2014 - 07:40 AM

RSFlorida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

I deleted no products as you instructed me not to.

 

I'm unclear how to do Step I, #4.  

 

Which <tab name> am I going to click and also which "list"?

 

Sorry if I'm making this complicated.


  • 0

#8
ruggie_uk
Posted 29 August 2014 - 07:47 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Sorry, that's my error, That is for when I put in items that are to be left by adwcleaner but there are none so just move to step 5.

 

I meant the uninstall of one of the anti virus products as they will be conflicting. I'll repost the bit I was referring to.

 

You have multiple AV products installed:

  • Mcafee
  • VIPRE Antivirus

Multiple AV products can cause many problems including slowing your computer down and causing conflicts between the products, leaving you potentially unprotected.

Please Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.

And choose a product to uninstall. If you have one paid for and one free, then I would recommend you keep the paid for product.


  • 0

#9
RSFlorida
Posted 29 August 2014 - 09:25 AM

RSFlorida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Gotcha.

 

Question on that point...the McAfee product is their site advisor which gives a heads up as whether a site is cool or not versus their full AV product.  It works within the browser.

 

Given that, do you think it would be ok to keep?


  • 0

#10
RSFlorida
Posted 29 August 2014 - 11:12 AM

RSFlorida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

One more thing.  

 

I want to confirm that I will clean all the checked items that AdwCleaner locates on this new scan?


  • 0

Advertisements

#11
ruggie_uk
Posted 29 August 2014 - 11:14 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Yes that is correct.
I think the mcafee will be ok to keep, I am just checking with the boss.
  • 0

#12
ruggie_uk
Posted 29 August 2014 - 11:39 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Yes keep mcafee. :D


  • 0

#13
RSFlorida
Posted 30 August 2014 - 10:59 AM

RSFlorida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Got it on McAfee.

 

We'll see how the machine performs.  If you can, give a few days on this as this is a work machine and i need to see how it does come Tuesday - it is a holiday weekend here in the states.  Also, i need to pay you guys for your service but my company card is at my office.

 

thank you for your help!

 

 

 

Here are the logs...

 

# AdwCleaner v3.308 - Report created 30/08/2014 at 12:19:26
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sean Strickling - SEAN-PC
# Running from : C:\Users\Sean Strickling\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Sean Strickling\AppData\Local\apn
Folder Deleted : C:\Users\Sean Strickling\AppData\Local\PackageAware
Folder Deleted : C:\Users\Sean Strickling\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Sean Strickling\AppData\Roaming\Mozilla\Firefox\Profiles\wa6ogeyz.default\Extensions\[email protected]
File Deleted : C:\Users\Sean Strickling\AppData\Roaming\Mozilla\Firefox\Profiles\wa6ogeyz.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Sean Strickling\AppData\Roaming\Mozilla\Firefox\Profiles\wa6ogeyz.default\searchplugins\bingp.xml
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Scheduled Update for Ask Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v29.0 (en-US)
 
[ File : C:\Users\Sean Strickling\AppData\Roaming\Mozilla\Firefox\Profiles\wa6ogeyz.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
Deleted [Extension] : aaaaojmikegpiepcfdkkjaplodkpfmlo
 
*************************
 
AdwCleaner[R0].txt - [8777 octets] - [28/08/2014 22:14:59]
AdwCleaner[R1].txt - [8837 octets] - [30/08/2014 12:14:16]
AdwCleaner[S0].txt - [8611 octets] - [30/08/2014 12:19:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8671 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Sean Strickling on Sat 08/30/2014 at 12:29:49.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{956B5339-C2BE-4435-A7E5-939CC80789C8}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Sean Strickling\appdata\local\{DD8A1F2C-8B09-402C-9804-35498B4854C0}
Successfully deleted: [Empty Folder] C:\Users\Sean Strickling\appdata\local\{DF7D345D-7594-45B5-BE2A-7F12F7E10F7D}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/30/2014 at 12:45:25.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#14
ruggie_uk
Posted 31 August 2014 - 07:37 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
No problem. I will make sure the thread stays open. Enjoy your break :)
  • 0

#15
RSFlorida
Posted 04 September 2014 - 08:12 AM

RSFlorida

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Everything seems to be fine.  How does it look to you?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP