I received an email from a friend and was on the phone at work not paying full attention and clicked a link within it. - it was an http link " www. lmesoncharcuteria.com.ar/best.of.the.best.html?abefori+582156&jgamjs=358163 ". I broke it up so as not to have it link, if you will.
This took me to a website that showed a video clip of the the Helen Degeneres show. At once, I realized that I had been duped. I found out later that many of my friends had received similar emails from her email account.
I then ran a Vipre scan and Malwarebytes scan and no infections were found. But I have no idea if there are surprises ahead so here is the OTL scan results:
OTL logfile created on: 4/10/2014 10:18:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sean Strickling\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.95 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 51.24% Memory free
15.90 Gb Paging File | 10.48 Gb Available in Paging File | 65.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 677.92 Gb Total Space | 551.67 Gb Free Space | 81.38% Space Free | Partition Type: NTFS
Drive D: | 20.42 Gb Total Space | 2.20 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
Computer Name: SEAN-PC | User Name: Sean Strickling | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/04/10 22:18:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sean Strickling\Downloads\OTL (2).exe
PRC - [2014/03/30 20:30:08 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/03/30 20:30:08 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/03/24 11:12:26 | 000,740,896 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2014/03/19 16:24:00 | 000,383,504 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
PRC - [2014/02/12 13:16:20 | 000,118,056 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2014/02/07 06:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/12/21 02:04:50 | 003,478,392 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/05 22:33:44 | 003,216,272 | ---- | M] (ThreatTrack Security, Inc.) -- C:\Program Files (x86)\VIPRE\SBAMTray.exe
PRC - [2013/09/05 22:33:42 | 005,801,360 | ---- | M] (ThreatTrack Security, Inc.) -- C:\Program Files (x86)\VIPRE\sbamui.exe
PRC - [2013/09/05 22:32:46 | 003,937,472 | ---- | M] (ThreatTrack Security, Inc.) -- C:\Program Files (x86)\VIPRE\SBAMSvc.exe
PRC - [2013/09/05 22:32:42 | 000,176,016 | ---- | M] (ThreatTrack Security, Inc.) -- C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
PRC - [2013/08/19 18:07:36 | 001,344,312 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/03/31 14:57:08 | 001,646,216 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2013/03/11 17:03:22 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/09/19 22:10:10 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012/09/19 22:10:06 | 001,157,056 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012/09/19 22:03:58 | 005,236,664 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012/09/19 22:02:48 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012/09/03 23:18:02 | 000,078,352 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
PRC - [2012/08/18 18:55:30 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2012/08/18 18:53:54 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe
PRC - [2012/07/13 16:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/06/13 16:53:48 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/04/16 13:46:56 | 000,054,704 | ---- | M] (SmartVault Corporation) -- C:\Program Files (x86)\SmartVault\SVault.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/10/18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/10/18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/10/18 11:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/10/05 13:11:02 | 000,037,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Proximity Sensor\HPPRXSVC.exe
PRC - [2011/10/04 11:11:40 | 001,081,344 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
PRC - [2011/09/06 14:48:34 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
PRC - [2011/09/06 14:48:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
PRC - [2011/08/24 00:42:08 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/08/19 17:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/06 23:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
PRC - [2011/04/14 22:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/19 12:36:30 | 000,077,824 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
PRC - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/20 23:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/09/30 06:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2009/09/30 10:07:34 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
========== Modules (No Company Name) ==========
MOD - [2014/04/07 11:18:02 | 000,358,400 | ---- | M] () -- C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.6.9_0\plugins\screen_capture.dll
MOD - [2014/04/01 21:58:03 | 000,390,472 | ---- | M] () -- C:\Users\Sean Strickling\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014/04/01 21:57:59 | 004,081,480 | ---- | M] () -- C:\Users\Sean Strickling\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014/04/01 21:57:54 | 000,674,632 | ---- | M] () -- C:\Users\Sean Strickling\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
MOD - [2014/04/01 21:57:53 | 000,093,000 | ---- | M] () -- C:\Users\Sean Strickling\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll
MOD - [2014/04/01 21:57:52 | 001,647,432 | ---- | M] () -- C:\Users\Sean Strickling\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014/04/01 21:57:49 | 000,065,352 | ---- | M] () -- C:\Users\Sean Strickling\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
MOD - [2014/03/11 09:27:22 | 001,125,592 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2014/02/18 13:03:08 | 000,450,608 | ---- | M] () -- C:\Program Files (x86)\SmartVault\Trackerbird.Tracker.dll
MOD - [2014/02/18 13:03:01 | 000,600,624 | ---- | M] () -- C:\Program Files (x86)\SmartVault\SVault.Client.Toolbar.UI.Hook.dll
MOD - [2014/02/18 13:02:46 | 000,326,192 | ---- | M] () -- C:\Program Files (x86)\SmartVault\Google.ProtocolBuffers.dll
MOD - [2014/02/18 13:02:45 | 000,088,624 | ---- | M] () -- C:\Program Files (x86)\SmartVault\AxInterop.GdViewerPro4.dll
MOD - [2014/02/12 19:18:16 | 000,047,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SocialWatch62ba68af#\52e592b733d046690b5bead5ccfe1744\SocialWatch.Configuration.Facebook.ni.dll
MOD - [2014/02/12 19:18:11 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Infrastruct604feab8#\0b494cba6745f3a026a7b309b4f30f10\Infrastructure.UserInterface.ni.dll
MOD - [2014/02/12 19:18:10 | 000,091,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SocialWatcha4e6253f#\da943c9c7056e4528722bd56a2fd8b5f\SocialWatch.Authentication.Facebook.ni.dll
MOD - [2014/02/12 19:18:09 | 000,748,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\log4net\093cf1c56c083ff39515a3a49992050c\log4net.ni.dll
MOD - [2014/02/12 19:18:09 | 000,020,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Infrastructure\d00a3a05eccaa172761699a6c61e83d7\Infrastructure.ni.dll
MOD - [2014/02/12 19:18:08 | 000,481,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Facebook\5da3b49a34f2921d177da6bd2167375f\Facebook.ni.dll
MOD - [2014/02/12 19:18:08 | 000,019,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SocialWatch8579869f#\1721573f19e5aaf683cbfe64e1f105de\SocialWatch.Scanner.Serialization.ni.dll
MOD - [2014/02/12 19:18:07 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SocialWatch3fe684a7#\07949961cf2d259a637571048d3ccace\SocialWatch.Scanner.Interfaces.ni.dll
MOD - [2014/02/12 19:18:07 | 000,013,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SocialWatche3fb5e81#\12aac18b2b0ca8e80a29e5b84745a145\SocialWatch.Authentication.Interfaces.ni.dll
MOD - [2014/02/12 19:18:07 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SocialWatcha583c611#\578ab452c4e8577b859a83cf90512d39\SocialWatch.Configuration.Interfaces.ni.dll
MOD - [2014/02/12 19:18:07 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SocialWatchb96ca80f#\cd91ef9519349b8d7c6f3af47154604a\SocialWatch.Engine.Interfaces.ni.dll
MOD - [2014/02/12 19:18:06 | 000,192,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SocialWatchd4ea2be5#\bd9a4b35c569c7627e6cc3518521bfe3\SocialWatch.Scanner.Providers.Facebook.ni.dll
MOD - [2014/02/12 19:18:06 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SocialWatcha57243a5#\4b34698ae67a5e1484967edc12731db7\SocialWatch.Plugins.Facebook.ni.dll
MOD - [2014/02/12 18:38:16 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/12 18:36:26 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll
MOD - [2014/02/12 18:36:26 | 000,141,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\77be6203ce6899b7d0be39c640e2eea0\System.Configuration.Install.ni.dll
MOD - [2014/02/12 18:36:19 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b0f9a4f138cc569a7526f97b93808d3e\System.Web.Services.ni.dll
MOD - [2014/02/12 18:36:17 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014/02/12 18:36:11 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\faf3ae85f2470505e1b32d2154de60ef\System.EnterpriseServices.ni.dll
MOD - [2014/02/12 18:36:09 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\fe1942c05eda4f9744f80afb4ae76a2d\System.Data.ni.dll
MOD - [2014/02/12 18:35:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 18:35:43 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 18:35:40 | 000,688,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\f6db4a5f721a164ce945d0a28f2ca7bd\System.Security.ni.dll
MOD - [2014/02/12 18:35:40 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll
MOD - [2014/02/12 18:35:37 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 18:35:34 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 18:35:22 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 18:35:17 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/12 18:00:53 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/12 18:00:38 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/12 18:00:38 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/12 18:00:32 | 001,632,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\e8f04d39ea7c8991d91498f2867f2c25\Microsoft.CSharp.ni.dll
MOD - [2014/02/12 18:00:32 | 001,046,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\cc50d2e812a40e7932c04af96578de25\System.ComponentModel.Composition.ni.dll
MOD - [2014/02/12 18:00:30 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/12 18:00:30 | 000,394,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\9c792f26e959188b200cd732e1c1d583\System.Dynamic.ni.dll
MOD - [2014/02/12 18:00:29 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/12 18:00:29 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/12 18:00:26 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/12 18:00:25 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/12 18:00:22 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/12 18:00:21 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/12 18:00:15 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/12 18:00:15 | 000,198,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\92e9bacef49552a4485fbb7523782133\CustomMarshalers.ni.dll
MOD - [2013/12/21 02:04:26 | 003,989,888 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/02/14 15:46:50 | 001,044,048 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011/09/06 14:48:34 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
MOD - [2011/08/31 08:41:12 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
MOD - [2011/03/16 15:30:58 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/08/24 16:56:50 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
MOD - [2008/11/12 15:32:30 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardPath.dll
MOD - [2003/03/26 18:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/17 17:25:21 | 008,865,320 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2012/02/26 05:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/02/26 05:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/02/26 05:07:32 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/02/26 05:07:26 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/01/17 16:12:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/01/09 12:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/09/29 15:50:12 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/08/16 04:32:40 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/05/27 14:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/03/30 20:30:08 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/03/24 11:18:12 | 000,140,424 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2014/03/12 11:53:07 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/12 13:16:20 | 000,118,056 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2014/02/07 06:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 22:32:46 | 003,937,472 | ---- | M] (ThreatTrack Security, Inc.) [Auto | Running] -- C:\Program Files (x86)\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2013/09/05 22:32:42 | 000,176,016 | ---- | M] (ThreatTrack Security, Inc.) [Auto | Running] -- C:\Program Files (x86)\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2013/04/10 02:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/11 17:03:22 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/19 22:10:10 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012/09/19 22:10:06 | 001,157,056 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012/09/19 22:02:48 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/09/03 23:18:00 | 000,245,264 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2012/08/18 18:55:30 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2012/08/18 18:55:02 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2012/08/18 18:53:54 | 000,679,936 | ---- | M] (Intuit, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe -- (QuickBooksDB23)
SRV - [2012/04/27 21:15:12 | 000,140,152 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\CLEARIFY\QQube Tool\SQL Anywhere 12\BIN64\dbsrv12.exe -- (SQLANYe_SQLAnywhere12_QQube)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/10/18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/10/18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/10/18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/10/05 13:11:02 | 000,037,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Proximity Sensor\HPPRXSVC.exe -- (HPPRXSVC)
SRV - [2011/09/06 14:48:32 | 000,093,696 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV - [2011/08/24 00:42:08 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/03/07 20:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/22 16:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 16:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/09/30 06:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/03/30 20:30:24 | 000,316,312 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/12/13 16:30:38 | 000,035,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2013/09/04 14:57:42 | 000,031,264 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gfiutil.sys -- (gfiutil)
DRV:64bit: - [2013/06/18 22:02:34 | 000,088,928 | ---- | M] (ThreatTrack Security, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2013/05/23 08:39:23 | 000,041,032 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2013/04/12 15:43:56 | 000,088,864 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2013/01/29 17:20:25 | 000,017,408 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_7.0.41409.0.sys -- (DisplayLinkUsbPort)
DRV:64bit: - [2012/12/17 17:26:49 | 000,384,968 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:64bit: - [2012/12/17 17:26:49 | 000,015,816 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:64bit: - [2012/06/26 15:42:38 | 000,103,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012/03/23 13:53:59 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/03/23 13:53:59 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/20 12:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPALP)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPAL)
DRV:64bit: - [2011/10/11 13:08:00 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/10/10 16:43:16 | 000,288,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/09/29 16:26:56 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/29 15:17:58 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/06 14:44:32 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2011/08/29 16:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/08/24 00:32:02 | 000,558,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/08/16 04:32:40 | 000,534,016 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/08/09 12:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/08/05 15:34:04 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/08/05 15:34:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/08/05 15:34:00 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/07/21 23:01:14 | 001,448,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/06/10 21:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/06/10 21:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/06/06 22:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/30 20:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/05/27 14:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 14:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/04/29 17:57:52 | 000,053,760 | ---- | M] (HTL) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TSUSB2.SYS -- (TsUsb2)
DRV:64bit: - [2010/03/19 06:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2014/03/30 20:30:24 | 000,282,968 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2014/03/30 20:30:22 | 000,397,848 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2014/03/11 09:27:20 | 000,606,672 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys -- (RapportCerberus_59849)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/05/25 06:05:56 | 000,053,760 | ---- | M] (HTL) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TSUSB2.SYS -- (TsUsb2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....ch={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....ch={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=UP74&dt=043013
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {5428B1B3-13A2-44BC-AB3D-EB2F1BCC24BE}
IE - HKCU\..\SearchScopes\{01371253-A125-45D2-8176-7735D67C7DFB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{5428B1B3-13A2-44BC-AB3D-EB2F1BCC24BE}: "URL" = http://search.yahoo....&p={SearchTerms}
IE - HKCU\..\SearchScopes\{956B5339-C2BE-4435-A7E5-939CC80789C8}: "URL" = http://websearch.ask...FA-3B51A064FF21
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....ch={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.order.1: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..keyword.URL: "http://search.yahoo....&type=A110US0="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@eonreality.com/EON,version=8.0.4.6479: C:\Program Files (x86)\EON Reality\EON Viewer 8.0.4.6479\Bin\npEonXPlugin7.dll (EON Reality, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Sean Strickling\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sean Strickling\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Sean Strickling\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sean Strickling\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sean Strickling\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/03/27 08:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014/01/20 09:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/18 09:55:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013/04/18 09:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean Strickling\AppData\Roaming\Mozilla\Extensions
[2013/06/19 14:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean Strickling\AppData\Roaming\Mozilla\Firefox\Profiles\wa6ogeyz.default\extensions
[2013/06/19 14:42:16 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Sean Strickling\AppData\Roaming\Mozilla\Firefox\Profiles\wa6ogeyz.default\extensions\[email protected]
[2013/06/19 14:42:16 | 000,002,308 | ---- | M] () -- C:\Users\Sean Strickling\AppData\Roaming\Mozilla\Firefox\Profiles\wa6ogeyz.default\searchplugins\askcom.xml
[2013/04/18 09:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/03/27 08:27:36 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2013/04/10 02:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/10 02:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2014/01/02 18:44:17 | 000,002,062 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2013/04/10 02:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\Application\34.0.1847.116\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sean Strickling\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: HP Product Detection Plugin = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\2.0.5.6_0\
CHR - Extension: SEOquake = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.18_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.6.9_0\
CHR - Extension: Google Drive = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: QuickBooks = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimncnjihlhfmagneecomiloklpjeagl\67_0\
CHR - Extension: Google Search = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Morpheon Dark - Aero = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnbbonpgadmkipdlclghcekaklebdpi\1.2_0\
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.6.70_0\
CHR - Extension: SiteAdvisor = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: Cloud Reader = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\
CHR - Extension: Currency Converter = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbhghjdcfghfhlogkgdklfgmpodeglno\1.31_0\
CHR - Extension: Google Wallet = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.1.1_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.1.2_0\
CHR - Extension: Gmail = C:\Users\Sean Strickling\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (VIPRE Search Guard Helper) - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSG.dll ()
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (VIPRE Search Guard Toolbar) - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSG.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\GFI Software\VIPRE\SBRC.exe" File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\VIPRE\SBAMTray.exe (ThreatTrack Security, Inc.)
O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [BimeDesktop] C:\Program Files (x86)\BimeDesktop\BimeDesktopLauncher.exe File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe -update activex File not found
O4 - Startup: C:\Users\Sean Strickling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: promptcheckonline.com ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {9602B3CE-BC91-417D-B4FD-F6538C2ABB3B} http://www.advancedm...AMDSWSCheck.CAB (AMDSWSCheck.WSCheck)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://paychexta.we...rt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {EE8CEFA4-1F91-11D4-B31E-00C04F1D37E6} http://www.advancedm...DVBDownload.CAB (PPMDVBDownload.XShowReady)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31472D68-6FC0-4E6C-AF47-CC34BBA6B3CC}: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6203ACAC-F96D-4D6F-8A7A-2AA704020748}: DhcpNameServer = 192.168.1.10 8.8.8.8
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\intu-help-qb6 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\vipresg - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\vipresg {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{62d3ff50-71a2-11e3-838f-88532ecf12fe}\Shell - "" = AutoRun
O33 - MountPoints2\{62d3ff50-71a2-11e3-838f-88532ecf12fe}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{ecdacdb1-eb58-11e2-af22-88532ecf12fe}\Shell - "" = AutoRun
O33 - MountPoints2\{ecdacdb1-eb58-11e2-af22-88532ecf12fe}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/04/10 01:17:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/10 00:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
[2014/04/10 00:40:39 | 000,000,000 | ---D | C] -- C:\xampp
[2014/04/10 00:27:35 | 000,000,000 | ---D | C] -- C:\Users\Sean Strickling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014/04/10 00:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014/04/10 00:27:32 | 000,000,000 | ---D | C] -- C:\Users\Sean Strickling\AppData\Roaming\Notepad++
[2014/04/10 00:27:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2014/04/09 23:12:53 | 000,000,000 | ---D | C] -- C:\Users\Sean Strickling\Desktop\SQL Training
[2014/04/09 09:27:59 | 000,000,000 | ---D | C] -- C:\Users\Sean Strickling\Desktop\Foreign Subcontractors
[2014/04/08 23:55:04 | 000,000,000 | ---D | C] -- C:\Applications
[2014/04/08 23:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BimeDesktop
[2014/04/08 23:19:20 | 000,000,000 | ---D | C] -- C:\Users\Sean Strickling\AppData\Roaming\com.wearecloud.bime
[2014/04/08 23:17:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BimeDesktop
[2014/04/07 13:01:02 | 000,000,000 | ---D | C] -- C:\Users\Sean Strickling\Desktop\QBBackupTemp Mon, Apr 07 2014 01 01 02 PM
[2014/04/04 14:01:03 | 000,000,000 | ---D | C] -- C:\Users\Sean Strickling\Desktop\QBBackupTemp Fri, Apr 04 2014 02 01 03 PM
[2014/04/03 09:01:01 | 000,000,000 | ---D | C] -- C:\Users\Sean Strickling\Desktop\QBBackupTemp Thu, Apr 03 2014 09 01 01 AM
[2014/04/02 12:26:35 | 000,000,000 | ---D | C] -- C:\Users\Sean Strickling\Desktop\Kurts Taxes 2013
[2014/03/24 14:01:03 | 000,000,000 | ---D | C] -- C:\Users\Sean Strickling\Desktop\QBBackupTemp Mon, Mar 24 2014 02 01 03 PM
[2014/03/20 10:01:01 | 000,000,000 | ---D | C] -- C:\Users\Sean Strickling\Desktop\QBBackupTemp Thu, Mar 20 2014 10 01 01 AM
[2012/09/01 18:26:09 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Sean Strickling\gotomypc_438.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/04/10 22:09:02 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4029396285-522126323-1915256878-1000UA.job
[2014/04/10 22:09:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/10 22:08:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/10 21:24:00 | 000,000,622 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-4029396285-522126323-1915256878-1000.job
[2014/04/10 15:44:51 | 078,073,856 | R--- | M] () -- C:\Users\Sean Strickling\Desktop\Narconon Spring Hill, Inc. v3.QBW
[2014/04/10 15:44:51 | 001,900,544 | R--- | M] () -- C:\Users\Sean Strickling\Desktop\Narconon Spring Hill, Inc. v3.QBW.TLG
[2014/04/10 15:44:51 | 000,000,406 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\Narconon Spring Hill, Inc. v3.QBW.ND
[2014/04/10 13:54:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4029396285-522126323-1915256878-1000Core.job
[2014/04/10 12:02:53 | 000,000,407 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\Rehabilitation Initiatives LLC.qbw.ND
[2014/04/10 12:02:52 | 011,022,336 | R--- | M] () -- C:\Users\Sean Strickling\Desktop\Rehabilitation Initiatives LLC.qbw
[2014/04/10 12:02:52 | 002,162,688 | R--- | M] () -- C:\Users\Sean Strickling\Desktop\Rehabilitation Initiatives LLC.qbw.TLG
[2014/04/10 08:39:02 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/10 08:39:02 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/10 08:34:49 | 000,883,302 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/10 08:34:49 | 000,739,268 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/10 08:34:49 | 000,144,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/10 08:29:33 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/10 00:27:35 | 000,001,059 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\Notepad++.lnk
[2014/04/09 15:23:01 | 000,002,008 | -H-- | M] () -- C:\Users\Sean Strickling\Documents\Default.rdp
[2014/04/09 14:50:24 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2014/04/09 08:34:07 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSean Strickling.job
[2014/04/08 23:42:57 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\BimeDesktop.lnk
[2014/04/08 16:18:51 | 024,236,230 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\EHL Zip.zip
[2014/04/08 16:18:20 | 025,081,853 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\14002158enc2_EHL(reduced).pdf
[2014/04/04 22:01:31 | 000,001,240 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\Surveyors Timesheet TPI 2014 - Shortcut.lnk
[2014/04/02 22:41:33 | 000,001,292 | ---- | M] () -- C:\Users\Sean Strickling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2014/04/02 15:23:06 | 000,015,964 | ---- | M] () -- C:\Windows\SysWow64\RegConnector.tlb
[2014/04/02 15:23:05 | 000,160,924 | ---- | M] () -- C:\Windows\01 Transaction Pro Importer 5.0 Uninstaller.exe
[2014/04/02 15:22:55 | 000,001,270 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\Transaction Pro Importer 5.0.lnk
[2014/04/02 15:22:55 | 000,001,158 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\Transaction Pro Help File.lnk
[2014/03/30 20:30:24 | 000,316,312 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2014/03/19 12:11:23 | 000,002,444 | ---- | M] () -- C:\Users\Sean Strickling\Desktop\Surveyors Timesheets - Shortcut.lnk
[2014/03/13 11:56:13 | 000,000,091 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2014/03/12 09:46:30 | 000,366,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/04/10 00:27:35 | 000,001,059 | ---- | C] () -- C:\Users\Sean Strickling\Desktop\Notepad++.lnk
[2014/04/09 14:50:24 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2014/04/09 14:50:24 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2014/04/08 23:42:57 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\BimeDesktop.lnk
[2014/04/08 16:18:48 | 024,236,230 | ---- | C] () -- C:\Users\Sean Strickling\Desktop\EHL Zip.zip
[2014/04/08 16:18:20 | 025,081,853 | ---- | C] () -- C:\Users\Sean Strickling\Desktop\14002158enc2_EHL(reduced).pdf
[2014/04/04 22:01:31 | 000,001,240 | ---- | C] () -- C:\Users\Sean Strickling\Desktop\Surveyors Timesheet TPI 2014 - Shortcut.lnk
[2014/04/02 15:22:55 | 000,001,158 | ---- | C] () -- C:\Users\Sean Strickling\Desktop\Transaction Pro Help File.lnk
[2013/04/24 09:43:44 | 000,160,924 | ---- | C] () -- C:\Windows\01 Transaction Pro Importer 5.0 Uninstaller.exe
[2013/02/06 18:40:04 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/01/29 17:20:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumdfb9.dll
[2013/01/29 17:20:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumdfb11.dll
[2013/01/29 17:20:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumdfb10.dll
[2013/01/29 17:20:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2013/01/29 17:20:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2013/01/29 17:20:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2012/10/29 18:19:52 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2012/10/29 10:00:13 | 000,060,304 | ---- | C] () -- C:\Users\Sean Strickling\g2mdlhlpx.exe
[2012/05/22 15:53:59 | 000,000,574 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/05/22 15:53:58 | 000,000,777 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/05/18 17:34:39 | 000,007,619 | ---- | C] () -- C:\Users\Sean Strickling\AppData\Local\Resmon.ResmonCfg
[2012/05/14 17:51:19 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2012/05/14 16:49:24 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/08/09 15:17:34 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\01 Transaction Pro Importer 5.0
[2014/04/08 23:23:24 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\com.wearecloud.bime
[2014/01/07 23:31:19 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\deb27c1a-00e6-4263-94b2-8b78ea4d32ae
[2012/10/29 18:43:26 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\Fujitsu
[2014/01/07 23:30:07 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\GFI Software
[2012/10/16 14:06:20 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\I-Metrix
[2012/05/18 22:32:24 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\IDT
[2012/10/29 18:25:33 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\Leadertech
[2014/04/10 00:27:53 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\Notepad++
[2012/05/29 09:56:51 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\PDF Writer
[2012/10/29 18:59:47 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\PFU
[2012/12/18 19:36:27 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\SmartVault
[2013/05/24 08:52:32 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\SolidDocuments
[2014/04/09 08:29:49 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\SpiderOak
[2012/07/03 15:31:19 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\SQL Anywhere 12
[2012/05/14 14:43:25 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\Synaptics
[2013/12/03 23:31:48 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\SystemRequirementsLab
[2012/12/05 08:25:18 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\TeamViewer
[2014/01/07 23:30:07 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\VIPRE
[2012/05/14 18:09:55 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\WebApp
[2012/10/31 11:25:33 | 000,000,000 | ---D | M] -- C:\Users\Sean Strickling\AppData\Roaming\webex
========== Purity Check ==========
< End of report >