OTL logfile created on: 4/7/2014 2:49:16 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\achutsell\Desktop\Cleanup Aisle 5 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16521) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 15.93 Gb Total Physical Memory | 8.98 Gb Available Physical Memory | 56.38% Memory free 31.85 Gb Paging File | 19.87 Gb Available in Paging File | 62.39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 464.48 Gb Total Space | 174.53 Gb Free Space | 37.57% Space Free | Partition Type: NTFS Drive F: | 1.86 Gb Total Space | 0.52 Gb Free Space | 28.12% Space Free | Partition Type: FAT Drive K: | 272.23 Gb Total Space | 4.24 Gb Free Space | 1.56% Space Free | Partition Type: NTFS Drive O: | 272.23 Gb Total Space | 4.24 Gb Free Space | 1.56% Space Free | Partition Type: NTFS Drive R: | 115.91 Gb Total Space | 95.35 Gb Free Space | 82.27% Space Free | Partition Type: NTFS Drive X: | 3663.09 Gb Total Space | 3429.16 Gb Free Space | 93.61% Space Free | Partition Type: NTFS Drive Y: | 930.52 Gb Total Space | 239.36 Gb Free Space | 25.72% Space Free | Partition Type: NTFS Drive Z: | 3663.09 Gb Total Space | 3429.16 Gb Free Space | 93.61% Space Free | Partition Type: NTFS Computer Name: ACHUTSELL | User Name: achutsell | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - File not found -- PRC - [2014/04/06 18:42:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\achutsell\Desktop\Cleanup Aisle 5\OTL.exe PRC - [2014/04/02 09:27:36 | 004,972,864 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe PRC - [2014/04/02 09:27:35 | 012,877,632 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe PRC - [2014/04/02 09:05:16 | 000,238,400 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe PRC - [2014/03/20 10:18:16 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2014/02/11 05:15:11 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe PRC - [2014/02/05 10:53:11 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2014/01/14 15:46:38 | 003,140,608 | ---- | M] () -- C:\Users\achutsell\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe PRC - [2013/12/21 02:04:50 | 003,478,392 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/11/12 06:06:14 | 002,872,424 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell\KACE\AMPAgent.exe PRC - [2013/10/07 15:52:17 | 000,208,384 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe PRC - [2013/09/26 15:13:11 | 011,249,144 | ---- | M] (Foxit Corporation) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe PRC - [2013/09/25 15:46:29 | 018,679,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE PRC - [2013/09/25 15:45:15 | 001,923,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE PRC - [2013/09/25 15:45:08 | 025,594,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE PRC - [2013/09/18 08:35:54 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2013/06/18 14:39:08 | 000,063,096 | ---- | M] (Xobni Corporation) -- C:\Program Files (x86)\Xobni\XobniService.exe PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2013/03/07 08:43:40 | 020,598,844 | ---- | M] (Bentley Systems, Inc.) -- C:\SProV8i\STAAD\Staadpro.exe PRC - [2012/09/26 07:37:26 | 000,078,944 | ---- | M] (NirSoft) -- C:\Users\achutsell\Documents\OLD Desktop\OLD COMPUTER\V&M\OLD C\Program Files\NirSoft\SmartSniff\smsniff.exe PRC - [2012/07/05 17:47:06 | 002,593,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012/07/05 17:46:52 | 000,325,504 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012/05/21 15:00:34 | 000,212,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2012/03/12 10:11:02 | 000,069,632 | R--- | M] () -- c:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe PRC - [2012/01/27 11:57:16 | 000,090,112 | ---- | M] (Bentley Systems Inc.) -- C:\Program Files (x86)\Common Files\Bentley Shared\IEG\IEGLCS\BAppMon.exe PRC - [2011/10/30 19:23:56 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe PRC - [2011/03/18 12:43:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- c:\Program Files (x86)\MegaRAID Storage Manager\JRE\bin\javaw.exe PRC - [2011/03/18 12:43:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- c:\Program Files (x86)\MegaRAID Storage Manager\JRE\bin\java.exe PRC - [2010/11/20 23:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2010/11/20 23:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe PRC - [2010/11/17 12:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010/07/15 13:46:52 | 000,939,280 | ---- | M] (Bentley Systems Inc.) -- C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\ustation.exe PRC - [2010/03/03 11:18:00 | 017,010,688 | ---- | M] (Hydrologic Engineering Center) -- C:\Program Files (x86)\HEC\HEC-RAS\4.1.0\ras.exe PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe PRC - [2009/03/19 15:54:02 | 001,462,272 | ---- | M] (Kansas Department of Transportation (KDOT)) -- C:\Program Files (x86)\TAEG 2.1\TAEG 2.1.exe PRC - [2008/08/05 02:06:57 | 001,121,944 | ---- | M] (EXP Systems LLC) -- C:\Program Files (x86)\PDF reDirect\PDF_reDirect.exe PRC - [2008/08/05 02:06:54 | 000,323,224 | ---- | M] (EXP Systems LLC) -- C:\Program Files (x86)\PDF reDirect\Capture.exe PRC - [2007/11/12 17:19:16 | 000,920,640 | ---- | M] (Bentley Systems, Inc.) -- C:\BentleyV8\Program\MicroStation\ustation.exe PRC - [1998/11/10 10:31:20 | 000,525,312 | ---- | M] (MathSoft, Inc.) -- C:\Program Files (x86)\MathSoft\Mathcad 8\Mathcad.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014/03/20 10:18:16 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2014/03/08 06:23:32 | 003,509,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\XobniFeeds\8ec6dfd2e3ad1d103c83d52ee66f78bf\XobniFeeds.ni.dll MOD - [2014/03/08 06:22:46 | 001,028,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\b1b034570a758dabaf2bc2dcf38ee44b\Microsoft.Office.Interop.Outlook.ni.dll MOD - [2014/03/08 06:22:45 | 001,122,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Xobni.XMapiAccessor\338ecd9323fc6e46a1883e10f93c3e16\Xobni.XMapiAccessor.ni.dll MOD - [2014/03/08 06:22:45 | 000,883,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\XobniGadgets\5a46948d9968858cdfb378a38a4ac10b\XobniGadgets.ni.dll MOD - [2014/03/08 06:22:45 | 000,506,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\office\8944520a90167b172d1ed31e45a78bb1\office.ni.dll MOD - [2014/03/08 06:22:45 | 000,366,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Antlr3.Runtime\04ab119e6d76ce83c4b0156d7508f53c\Antlr3.Runtime.ni.dll MOD - [2014/03/08 06:22:44 | 000,555,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\XobniResources\5218e6999d03ffb55cb04d5924e75629\XobniResources.ni.dll MOD - [2014/03/08 06:22:44 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\LinqBridge\39fff9695ea8703a34ff0b76be89ceeb\LinqBridge.ni.dll MOD - [2014/03/08 06:22:44 | 000,328,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.shdocvw\5e44b578774e9a216dc5a119efe2ce1b\Interop.shdocvw.ni.dll MOD - [2014/03/08 06:22:44 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\XobniDataTransfer\9b2c06f175811456635715b209adbdf8\XobniDataTransfer.ni.dll MOD - [2014/03/08 06:22:43 | 001,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\6d4010227ca2c70eb0f973e6890c422f\Newtonsoft.Json.Net20.ni.dll MOD - [2014/03/08 06:22:00 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll MOD - [2014/03/08 06:21:40 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d682d06abf8257c72ce11cefd1d74cf5\CustomMarshalers.ni.dll MOD - [2014/03/08 06:21:37 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll MOD - [2014/03/07 15:12:15 | 010,580,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\4b776e75c1cab7efacbb4917164ab9a8\System.Design.ni.dll MOD - [2014/03/07 15:12:12 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b0f9a4f138cc569a7526f97b93808d3e\System.Web.Services.ni.dll MOD - [2014/03/07 15:12:11 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll MOD - [2014/03/07 15:12:02 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\faf3ae85f2470505e1b32d2154de60ef\System.EnterpriseServices.ni.dll MOD - [2014/03/07 15:12:01 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\cd3556d1162e8f7df77611c9c4253f7c\System.Transactions.ni.dll MOD - [2014/03/07 15:12:00 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\fe1942c05eda4f9744f80afb4ae76a2d\System.Data.ni.dll MOD - [2014/03/07 15:11:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll MOD - [2014/03/07 15:11:39 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll MOD - [2014/03/07 15:11:37 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll MOD - [2014/03/07 15:11:35 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll MOD - [2014/03/07 15:11:33 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll MOD - [2014/03/07 15:11:32 | 000,015,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a8032a0070c50ffdde3433a9005aff32\Microsoft.VisualC.ni.dll MOD - [2014/03/07 15:11:21 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll MOD - [2014/03/07 15:11:13 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll MOD - [2014/02/05 10:53:11 | 003,019,376 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2014/02/05 10:53:11 | 000,158,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll MOD - [2014/02/05 10:53:11 | 000,023,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll MOD - [2014/01/14 15:46:38 | 003,140,608 | ---- | M] () -- C:\Users\achutsell\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe MOD - [2013/10/07 15:52:03 | 017,652,224 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\googleearth_free.dll MOD - [2013/10/07 15:32:10 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\alchemyext.dll MOD - [2013/10/07 15:28:11 | 000,086,528 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\ge_expat.dll MOD - [2013/10/07 15:24:58 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll MOD - [2013/10/07 15:24:58 | 000,059,392 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\libEGL.dll MOD - [2013/10/07 15:24:54 | 001,393,664 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGSg.dll MOD - [2013/10/07 15:24:53 | 003,105,280 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll MOD - [2013/10/07 15:24:52 | 000,751,104 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll MOD - [2013/10/07 15:24:43 | 000,290,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\IGUtils.dll MOD - [2013/10/07 15:24:43 | 000,145,408 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll MOD - [2013/10/07 15:24:42 | 001,050,624 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\IGOpt.dll MOD - [2013/10/07 15:24:42 | 000,726,016 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\IGExportCommon.dll MOD - [2013/10/07 15:24:42 | 000,631,808 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\IGMath.dll MOD - [2013/10/07 15:24:41 | 001,224,192 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\IGCore.dll MOD - [2013/10/07 15:21:58 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\imageformats\qjpeg4.dll MOD - [2013/10/07 15:21:58 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\imageformats\qgif4.dll MOD - [2013/10/07 15:21:57 | 007,877,632 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\QtWebKit4.dll MOD - [2013/10/07 15:21:57 | 006,174,208 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\QtGui4.dll MOD - [2013/10/07 15:21:57 | 001,777,664 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\QtCore4.dll MOD - [2013/10/07 15:21:57 | 000,518,656 | ---- | M] () -- C:\Program Files (x86)\Google\Google Earth\client\QtNetwork4.dll MOD - [2013/09/26 18:07:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_32\BentleyRSS\1.1.0.0__4bf6c96a266e58d4\BentleyRSS.dll MOD - [2013/09/26 13:01:34 | 007,499,776 | ---- | M] () -- C:\Windows\assembly\GAC_32\XobniCommon\2.0.4.13745__6298d2d1fcfb5d85\XobniCommon.dll MOD - [2013/09/26 13:01:34 | 000,516,608 | ---- | M] () -- C:\Windows\assembly\GAC_32\ServerSync\2.0.4.13745__6298d2d1fcfb5d85\ServerSync.dll MOD - [2013/09/26 13:01:34 | 000,516,096 | ---- | M] () -- C:\Windows\assembly\GAC_32\Xobni.XMapiAccessor\2.0.4.13745__6298d2d1fcfb5d85\Xobni.XMapiAccessor.dll MOD - [2013/09/26 13:01:34 | 000,390,144 | ---- | M] () -- C:\Windows\assembly\GAC_32\XobniPluginAPI\2.0.4.13745__6298d2d1fcfb5d85\XobniPluginAPI.dll MOD - [2013/09/26 13:01:34 | 000,224,256 | ---- | M] () -- C:\Windows\assembly\GAC_32\Utilities\2.0.4.13745__6298d2d1fcfb5d85\Utilities.dll MOD - [2013/09/26 13:01:33 | 000,003,072 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Extensibility\7.0.3300.0__6298d2d1fcfb5d85\Extensibility.dll MOD - [2013/09/25 16:08:49 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2013/09/25 15:52:27 | 000,321,088 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\msfad.dll MOD - [2013/09/25 15:48:29 | 008,866,472 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll MOD - [2013/09/25 15:46:21 | 001,027,240 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\ADDINS\UmOutlookAddin.dll MOD - [2013/09/25 15:45:26 | 000,121,920 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\JitV.dll MOD - [2013/09/25 15:42:02 | 000,359,080 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll MOD - [2013/09/25 15:42:01 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll MOD - [2013/06/18 14:39:12 | 000,063,096 | ---- | M] () -- C:\Program Files (x86)\Xobni\XobniMainConnector.dll MOD - [2013/06/18 14:38:52 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Xobni\XobniFailsafeUpdateChecker.dll MOD - [2013/06/18 14:36:08 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Xobni\ManagedAggregator.dll MOD - [2013/06/18 14:36:06 | 000,125,440 | ---- | M] () -- C:\Program Files (x86)\Xobni\WindowDriver.dll MOD - [2012/11/29 11:46:10 | 004,476,998 | ---- | M] () -- C:\SProV8i\STAAD\dbSectionInterface.dll MOD - [2012/04/02 12:01:42 | 000,065,536 | ---- | M] () -- C:\SProV8i\STAAD\QueryDB.dll MOD - [2012/03/21 08:46:00 | 000,904,704 | ---- | M] () -- C:\Program Files (x86)\Xobni\System.Data.SQLite.dll MOD - [2011/09/27 23:12:08 | 000,045,056 | ---- | M] () -- C:\SProV8i\STAAD\SProSection.dll MOD - [2011/09/12 15:36:46 | 001,028,159 | ---- | M] () -- C:\SProV8i\STAAD\IBCSpectrum.dll MOD - [2011/05/05 15:22:10 | 000,065,536 | ---- | M] () -- C:\SProV8i\STAAD\SProHelp.dll MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/11/20 23:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2010/09/02 14:30:58 | 000,028,672 | ---- | M] () -- C:\SProV8i\STAAD\XMLWriter.dll MOD - [2010/08/09 10:24:24 | 000,131,138 | ---- | M] () -- C:\SProV8i\STAAD\GetPlateStress.dll MOD - [2010/07/15 13:48:20 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.PowerPlatform.FeatureAspects.resources.dll MOD - [2010/07/15 13:33:06 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.UI.resources.dll MOD - [2010/07/15 13:33:00 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.ECObjects.2.0.resources.dll MOD - [2010/07/15 13:32:46 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\ElementInfo.resources.dll MOD - [2010/07/15 13:32:44 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.ViewAttributesDialog.resources.dll MOD - [2010/07/15 13:32:44 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.TaskNavigation.resources.dll MOD - [2010/07/15 13:32:42 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.PointCloud.resources.dll MOD - [2010/07/15 13:32:42 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.PropertyManager.resources.dll MOD - [2010/07/15 13:32:42 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.RasterManager.resources.dll MOD - [2010/07/15 13:32:42 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.RasterPropertiesEnabler.resources.dll MOD - [2010/07/15 13:32:40 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.MicroStation.Templates.Support.resources.dll MOD - [2010/07/15 13:32:38 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.MicroStation.PrintFoundation.resources.dll MOD - [2010/07/15 13:32:32 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.designexplorer.elementexplorer.resources.dll MOD - [2010/07/15 13:32:32 | 000,003,584 | ---- | M] () -- C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.designexplorer.resources.dll MOD - [2010/02/04 11:54:50 | 000,118,858 | ---- | M] () -- C:\SProV8i\STAAD\Plugins\LoadAttributes.dll MOD - [2010/01/22 16:20:12 | 000,159,812 | ---- | M] () -- C:\SProV8i\STAAD\TransferForceDLL.dll MOD - [2009/08/23 13:58:06 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll MOD - [2009/06/10 17:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009/05/18 10:35:46 | 000,069,696 | ---- | M] () -- C:\SProV8i\STAAD\REIOpenGLLib.dll MOD - [2009/05/18 10:35:20 | 000,090,171 | ---- | M] () -- C:\SProV8i\STAAD\LoadGen.dll MOD - [2008/09/18 15:44:12 | 000,368,640 | ---- | M] () -- C:\Program Files (x86)\HEC\HEC-RAS\4.1.0\heclib6-pc.dll MOD - [2008/05/20 14:45:02 | 000,106,556 | ---- | M] () -- C:\SProV8i\STAAD\SurfMesh.dll MOD - [2008/05/14 11:43:26 | 000,080,963 | ---- | M] () -- C:\SProV8i\STAAD\CrashRpt.dll MOD - [2008/05/12 10:10:16 | 000,094,208 | ---- | M] () -- C:\SProV8i\STAAD\ZipArchiveInterface.dll MOD - [2008/05/12 10:01:40 | 000,028,740 | ---- | M] () -- C:\SProV8i\STAAD\DiffUtils.dll MOD - [2008/05/12 10:00:20 | 000,045,126 | ---- | M] () -- C:\SProV8i\STAAD\DbInterface.dll MOD - [2005/10/22 17:35:46 | 001,855,488 | ---- | M] () -- C:\Program Files (x86)\PDF reDirect\bin\gsdll32.dll MOD - [1998/11/10 12:04:10 | 000,433,152 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\CEngCoreSE.dll MOD - [1998/11/10 10:31:38 | 000,214,016 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\MapleEng.dll MOD - [1998/11/10 10:31:38 | 000,138,240 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\CEngFront.dll MOD - [1998/11/10 10:31:38 | 000,087,552 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\SolverSE.dll MOD - [1998/11/10 10:31:38 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\plot.dll MOD - [1998/11/10 10:31:38 | 000,058,368 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\CEngEfi.dll MOD - [1998/11/10 10:31:38 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\fft.dll MOD - [1998/11/10 10:31:36 | 002,792,448 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\MathDllSE.dll MOD - [1998/11/10 10:31:36 | 000,340,480 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\efi.dll MOD - [1998/11/05 09:35:34 | 000,084,992 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\SpecialFunctions.dll MOD - [1998/11/05 09:35:34 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\rootfinder.dll MOD - [1998/11/05 09:35:32 | 000,374,272 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\statistical.dll MOD - [1998/11/05 09:35:32 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\matrix.dll MOD - [1998/11/05 09:35:32 | 000,175,616 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\Frontmip.dll MOD - [1998/11/05 09:35:32 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\ImExport.dll MOD - [1998/11/05 09:35:32 | 000,143,872 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\GarbCol.dll MOD - [1998/11/05 09:35:32 | 000,112,128 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\diffeq.dll MOD - [1998/11/05 09:35:32 | 000,095,744 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\integration.dll MOD - [1998/11/05 09:35:32 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\funcman.dll MOD - [1998/11/05 09:35:32 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\polynomials.dll MOD - [1998/11/05 09:35:30 | 000,235,520 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\ResDllSE.dll MOD - [1998/11/05 09:35:30 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\EfiUtils.dll MOD - [1998/11/05 09:35:30 | 000,153,600 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\spellchkMD.dll MOD - [1998/11/05 09:35:30 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\NewMsg.dll MOD - [1998/11/05 09:35:30 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\McXML.dll MOD - [1998/11/03 15:43:58 | 000,503,296 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\mkernel.dll MOD - [1998/11/03 15:43:58 | 000,439,808 | ---- | M] () -- C:\Program Files (x86)\MathSoft\Mathcad 8\liboem.dll MOD - [1998/07/12 00:13:00 | 000,053,760 | ---- | M] () -- C:\SProV8i\STAAD\zlib.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2013/09/18 08:35:57 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2013/07/22 00:25:30 | 001,901,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc) SRV:[b]64bit:[/b] - [2013/05/23 16:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV:[b]64bit:[/b] - [2013/03/11 11:05:06 | 000,231,792 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe -- (EmbassyService) SRV:[b]64bit:[/b] - [2013/03/08 13:13:56 | 000,254,824 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe -- (WvPCR) SRV:[b]64bit:[/b] - [2013/03/05 15:31:54 | 005,159,760 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV:[b]64bit:[/b] - [2013/02/26 16:17:16 | 001,773,056 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service) SRV:[b]64bit:[/b] - [2013/02/01 15:21:52 | 002,215,272 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV:[b]64bit:[/b] - [2013/01/21 13:05:12 | 000,021,504 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe -- (PbaDrvSvc_x64) SRV:[b]64bit:[/b] - [2011/11/09 18:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2014/04/02 09:27:36 | 004,972,864 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9) SRV - [2014/03/20 10:18:16 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/11/12 06:06:14 | 002,872,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\KACE\AMPAgent.exe -- (AMPAgent) SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013/06/18 14:39:08 | 000,063,096 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService) SRV - [2012/07/05 17:47:06 | 002,593,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012/07/05 17:46:52 | 000,325,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012/05/21 15:00:34 | 000,212,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2012/05/11 10:42:24 | 001,643,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2012/03/12 10:11:02 | 000,069,632 | R--- | M] () [Auto | Running] -- c:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe -- (MSMFramework) SRV - [2011/10/30 19:24:00 | 002,594,816 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe -- (SmcService) SRV - [2011/10/30 19:24:00 | 000,324,016 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe -- (SNAC) SRV - [2011/10/30 19:23:56 | 000,137,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe -- (SepMasterService) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013/09/25 15:05:18 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:[b]64bit:[/b] - [2013/09/25 15:04:33 | 000,118,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SysPlant.sys -- (SysPlant) DRV:[b]64bit:[/b] - [2013/07/01 15:33:48 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2013/07/01 15:33:40 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2013/07/01 15:33:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2013/02/25 01:27:46 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2012/11/14 20:29:04 | 000,051,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\percsas2.sys -- (percsas2) DRV:[b]64bit:[/b] - [2012/09/23 04:18:58 | 000,039,016 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dcdbas64.sys -- (dcdbas) DRV:[b]64bit:[/b] - [2012/09/12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:[b]64bit:[/b] - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2012/08/10 22:44:18 | 000,482,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:[b]64bit:[/b] - [2012/07/05 17:46:44 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2011/10/30 19:24:02 | 000,931,448 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\SymEFA64.sys -- (SymEFA) DRV:[b]64bit:[/b] - [2011/10/30 19:24:02 | 000,678,008 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\srtsp64.sys -- (SRTSP) DRV:[b]64bit:[/b] - [2011/10/30 19:24:02 | 000,451,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\SymDS64.sys -- (SymDS) DRV:[b]64bit:[/b] - [2011/10/30 19:24:02 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\symnets.sys -- (SYMNETS) DRV:[b]64bit:[/b] - [2011/10/30 19:24:02 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\Ironx64.sys -- (SymIRON) DRV:[b]64bit:[/b] - [2011/10/30 19:24:02 | 000,039,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C0103E8\009D.105\x64\srtspx64.sys -- (SRTSPX) DRV:[b]64bit:[/b] - [2011/09/23 10:23:00 | 001,982,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTDVHD64.sys -- (IntcAzAudAddService) DRV:[b]64bit:[/b] - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:[b]64bit:[/b] - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:[b]64bit:[/b] - [2010/11/20 23:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc) DRV:[b]64bit:[/b] - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2010/11/20 23:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid) DRV:[b]64bit:[/b] - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/20 09:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:[b]64bit:[/b] - [2010/11/20 09:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:[b]64bit:[/b] - [2010/11/20 07:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:[b]64bit:[/b] - [2010/11/20 07:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:[b]64bit:[/b] - [2010/11/19 13:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:[b]64bit:[/b] - [2010/11/19 13:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:[b]64bit:[/b] - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV - [2014/04/01 11:56:59 | 001,525,976 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20140319.011\BHDrvx64.sys -- (BHDrvx64) DRV - [2014/03/25 18:27:50 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20140404.001\IDSviA64.sys -- (IDSVia64) DRV - [2013/11/21 01:57:51 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013/11/21 01:57:51 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013/10/14 09:25:19 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20140407.003\ex64.sys -- (NAVEX15) DRV - [2013/10/14 09:25:19 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20140407.003\eng64.sys -- (NAVENG) DRV - [2011/10/30 19:24:00 | 000,029,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys -- (SyDvCtrl) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {520AAC53-8750-4AC6-A3D2-CFC22B5CD3C4} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{520AAC53-8750-4AC6-A3D2-CFC22B5CD3C4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {520AAC53-8750-4AC6-A3D2-CFC22B5CD3C4} IE - HKLM\..\SearchScopes\{520AAC53-8750-4AC6-A3D2-CFC22B5CD3C4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.connectvm.com/SitePages/Home.aspx IE - HKCU\..\SearchScopes,DefaultScope = {520AAC53-8750-4AC6-A3D2-CFC22B5CD3C4} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.bing.com/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014/01/27 09:46:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFF [2013/10/03 00:53:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/09/26 08:49:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\achutsell\AppData\Roaming\mozilla\Extensions [2014/03/21 09:33:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\achutsell\AppData\Roaming\mozilla\Firefox\Profiles\er59c11d.default\extensions [2014/03/20 10:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2014/03/20 10:18:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:[b]64bit:[/b] - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:[b]64bit:[/b] - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2:[b]64bit:[/b] - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe (Realtek Semiconductor Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [Popup] c:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\Popup.exe (LSI) O4 - HKCU..\Run: [Amazon Cloud Player] C:\Users\achutsell\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\achutsell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\procexp.exe - Shortcut.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:[b]64bit:[/b] - Extra context menu item: Append Link Target to Existing PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Append to Existing PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Convert Link Target to Adobe PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:[b]64bit:[/b] - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Append Link Target to Existing PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: connectvm.com ([www] https in Trusted sites) O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} https://www.connectvm.com/Foundation/admin/Reserved.ReportViewerWebPart.axd?ReportSession=2xr4qnee4sf1fa55uyfxeda4&Culture=1033&CultureOverrides=True&UICulture=1033&UICultureOverrides=True&ReportStack=1&ControlID=fb064fc204a14349a787edeb6a56e15e&OpType=PrintCab&Arch=X86 (RSClientPrint 2008 Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.199 192.168.100.27 204.97.212.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VaughnMelton.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A38E5720-DDEF-4A1E-83D4-2BAD1F6B0A79}: DhcpNameServer = 192.168.3.199 192.168.100.27 204.97.212.10 O18:[b]64bit:[/b] - Protocol\Handler\osf - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\System32\KUsrInit.exe) - C:\Windows\SysNative\KUsrInit.exe (Dell Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.) O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:[b]64bit:[/b] - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.) O30 - LSA: Authentication Packages - (wvauth) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/03/09 09:39:20 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014/04/07 08:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2014/04/07 08:55:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine [2014/04/07 08:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security [2014/04/06 14:29:02 | 000,000,000 | ---D | C] -- C:\Users\achutsell\Desktop\Cleanup Aisle 5 [2014/04/04 16:27:45 | 000,000,000 | ---D | C] -- C:\Users\achutsell\Desktop\STAAD Temp [2014/04/02 17:29:02 | 000,000,000 | ---D | C] -- C:\Users\achutsell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TAEG 2.1 [2014/04/02 17:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TAEG 2.1 [2014/03/20 10:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2014/03/12 10:04:40 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll [2014/03/12 10:04:40 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll [2014/03/12 10:04:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014/03/12 10:04:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014/03/12 10:04:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014/03/12 10:04:38 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014/03/12 10:04:38 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014/03/12 10:04:38 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014/03/12 10:04:38 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014/03/12 10:04:38 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014/03/12 10:04:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014/03/12 10:04:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014/03/12 10:04:37 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014/03/12 10:04:37 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014/03/12 10:04:37 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014/03/12 10:04:37 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014/03/12 10:04:36 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014/03/12 10:04:36 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014/03/12 10:04:36 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014/03/12 10:04:36 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014/03/12 10:04:35 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014/03/12 10:04:35 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014/03/12 10:04:35 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014/03/12 10:04:35 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014/03/12 10:04:35 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014/03/12 10:04:34 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2014/03/12 10:04:22 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2014/03/12 10:04:22 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll [2014/03/12 10:04:22 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll [2014/03/11 09:29:35 | 000,000,000 | ---D | C] -- C:\Users\achutsell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2014/03/11 09:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2014/03/11 09:29:34 | 000,000,000 | ---D | C] -- C:\Users\achutsell\AppData\Roaming\Notepad++ [2014/03/11 09:29:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++ [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014/04/07 14:43:46 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/04/07 14:43:46 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/04/07 12:27:25 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk [2014/04/06 10:43:01 | 000,403,595 | ---- | M] () -- C:\Users\achutsell\Desktop\Helpful Tools.pdf [2014/04/06 10:38:27 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\HydrainW.fot [2014/04/04 13:06:48 | 000,086,113 | ---- | M] () -- C:\Users\achutsell\Desktop\ACH PM Update.pdf [2014/04/02 17:29:02 | 000,002,895 | ---- | M] () -- C:\Users\achutsell\Desktop\TAEG 2.1.lnk [2014/03/25 16:31:56 | 001,907,741 | ---- | M] () -- C:\Users\achutsell\Desktop\CNK244_Concrete.mcd [2014/03/25 11:39:33 | 000,802,594 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/03/25 11:39:33 | 000,678,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/03/25 11:39:33 | 000,127,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/03/24 16:09:35 | 000,032,256 | ---- | M] () -- C:\Users\achutsell\Desktop\Stand.dgn [2014/03/18 16:24:02 | 000,044,453 | ---- | M] () -- C:\Users\achutsell\Desktop\CostEstimateWestlandImprv_2_17_2014.pdf [2014/03/14 17:07:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/03/14 17:07:21 | 000,602,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014/03/14 17:06:44 | 4236,562,430 | -HS- | M] () -- C:\hiberfil.sys [2014/03/12 13:18:20 | 000,022,147 | ---- | M] () -- C:\Users\achutsell\Desktop\Knoxville Tickets KnoxvilleTickets_com Knoxville, TN Online Ticket Office Thank You For Your Order.pdf [2014/03/12 08:19:27 | 000,001,054 | ---- | M] () -- C:\Users\achutsell\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk [2014/03/10 11:00:20 | 000,137,909 | ---- | M] () -- C:\Users\achutsell\Desktop\MS Detailer.zip [2014/03/08 20:57:09 | 000,796,970 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014/04/06 10:37:43 | 000,403,595 | ---- | C] () -- C:\Users\achutsell\Desktop\Helpful Tools.pdf [2014/04/04 13:06:41 | 000,086,113 | ---- | C] () -- C:\Users\achutsell\Desktop\ACH PM Update.pdf [2014/04/02 17:29:02 | 000,002,895 | ---- | C] () -- C:\Users\achutsell\Desktop\TAEG 2.1.lnk [2014/03/25 16:24:31 | 001,907,741 | ---- | C] () -- C:\Users\achutsell\Desktop\CNK244_Concrete.mcd [2014/03/18 16:24:01 | 000,044,453 | ---- | C] () -- C:\Users\achutsell\Desktop\CostEstimateWestlandImprv_2_17_2014.pdf [2014/03/12 13:18:02 | 000,022,147 | ---- | C] () -- C:\Users\achutsell\Desktop\Knoxville Tickets KnoxvilleTickets_com Knoxville, TN Online Ticket Office Thank You For Your Order.pdf [2014/03/10 11:00:19 | 000,137,909 | ---- | C] () -- C:\Users\achutsell\Desktop\MS Detailer.zip [2014/03/03 18:13:26 | 000,002,940 | ---- | C] () -- C:\Users\achutsell\AppData\Local\recently-used.xbel [2013/09/26 18:08:22 | 000,458,752 | ---- | C] () -- C:\Windows\SysWow64\LiveUpdate.dll [2013/09/26 18:08:22 | 000,006,537 | ---- | C] () -- C:\Windows\SysWow64\WinGPDrv.dat [2013/09/26 18:08:22 | 000,006,534 | ---- | C] () -- C:\Windows\SysWow64\NGWinDrv.dat [2013/09/25 16:47:39 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2013/09/25 15:34:46 | 000,000,466 | ---- | C] () -- C:\Windows\mosswin.ini [2013/09/25 14:35:19 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013/09/25 13:48:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\chw29wo.dll [2013/09/25 13:48:13 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll [2013/09/25 13:48:13 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll [2013/09/25 13:48:13 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll [2013/09/25 13:48:13 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll [2013/09/25 13:48:13 | 000,000,341 | ---- | C] () -- C:\Windows\SysWow64\sotwaz3.dll [2013/09/25 13:48:13 | 000,000,101 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll [2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\zzppqel.dll [2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\qn76h6o.dll [2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\nd4nejy.dll [2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\h8ghqs4.dll [2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\cmci8zx.dll [2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\cgm011a.dll [2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\b027w5p.dll [2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\a2dvk59.dll [2013/09/25 13:48:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll [2013/03/08 12:37:36 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_zh-HK.dll [2013/03/08 12:37:34 | 000,091,648 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_hr.dll [2013/03/08 12:37:34 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_sl.dll [2013/03/08 12:37:34 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_sk.dll [2013/03/08 12:37:32 | 000,089,088 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_tr.dll [2013/03/08 12:37:30 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ro.dll [2013/03/08 12:37:30 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_pt-BR.dll [2013/03/08 12:37:30 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_hu.dll [2013/03/08 12:37:28 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_fi.dll [2013/03/08 12:37:28 | 000,084,992 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_he.dll [2013/03/08 12:37:26 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_el.dll [2013/03/08 12:37:26 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_cs.dll [2013/03/08 12:37:26 | 000,087,040 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ar.dll [2013/03/08 12:37:24 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_zh-CHT.dll [2013/03/08 12:37:24 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_zh-CHS.dll [2013/03/08 12:37:22 | 000,091,648 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_sv.dll [2013/03/08 12:37:22 | 000,091,648 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ru.dll [2013/03/08 12:37:20 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_pt.dll [2013/03/08 12:37:20 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_pl.dll [2013/03/08 12:37:20 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_no.dll [2013/03/08 12:37:18 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_nl.dll [2013/03/08 12:37:18 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ko.dll [2013/03/08 12:37:16 | 000,095,232 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_it.dll [2013/03/08 12:37:16 | 000,095,232 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_fr.dll [2013/03/08 12:37:16 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ja.dll [2013/03/08 12:37:14 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_es.dll [2013/03/08 12:37:12 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_de.dll [2013/03/08 12:37:12 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_da.dll [2012/09/13 18:58:34 | 001,008,640 | ---- | C] () -- C:\Windows\SysWow64\DemoLicense.dll [2012/05/07 17:35:28 | 000,041,495 | ---- | C] () -- C:\Windows\sas_mib.dat [2012/05/02 17:19:54 | 000,038,017 | ---- | C] () -- C:\Windows\sas_ir_mib.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >