CharmPeddler
New Member
Hi guys, here is the OTL report. I was able to get the other 3 cleaned out OK.
What are your thoughts on this one?
OTL logfile created on: 12/15/2014 11:07:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cliff\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
11.94 Gb Total Physical Memory | 9.40 Gb Available Physical Memory | 78.77% Memory free
23.87 Gb Paging File | 21.30 Gb Available in Paging File | 89.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 908.59 Gb Total Space | 784.04 Gb Free Space | 86.29% Space Free | Partition Type: NTFS
Drive D: | 22.63 Gb Total Space | 2.43 Gb Free Space | 10.73% Space Free | Partition Type: NTFS
Computer Name: CLIFF-HP | User Name: Cliff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Cliff\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Neat\exec\NeatStartupService.exe (The Neat Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (SynTPEnhService) -- C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated)
SRV:64bit: - (igfxCUIService1.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation)
SRV:64bit: - (omniserv) -- C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (Softex Inc.)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (valWBFPolicyService) -- C:\Windows\SysNative\valWBFPolicyService.exe (Validity Sensors, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (GamesAppIntegrationService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (PSUAService) -- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe (Panda Security, S.L.)
SRV - (NanoServiceMain) -- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security, S.L.)
SRV - (PandaAgent) -- C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security, S.L.)
SRV - (Neat Startup Service) -- C:\Program Files (x86)\Neat\exec\NeatStartupService.exe (The Neat Company)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (Agent) -- C:\Windows\VPDAgent_x64.exe (Two Pilots)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
========== Driver Services (SafeList) ==========
DRV:64bit: - (PSINReg) -- C:\Windows\SysNative\drivers\PSINReg.sys (Panda Security, S.L.)
DRV:64bit: - (PSINAflt) -- C:\Windows\SysNative\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV:64bit: - (PSINFile) -- C:\Windows\SysNative\drivers\PSINFile.sys (Panda Security, S.L.)
DRV:64bit: - (PSINProt) -- C:\Windows\SysNative\drivers\PSINProt.sys (Panda Security, S.L.)
DRV:64bit: - (PSINKNC) -- C:\Windows\SysNative\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV:64bit: - (PSINProc) -- C:\Windows\SysNative\drivers\PSINProc.sys (Panda Security, S.L.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NNSHTTP) -- C:\Windows\SysNative\drivers\NNSHttp.sys (Panda Security, S.L.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys (Synaptics Incorporated)
DRV:64bit: - (NNSSTRM) -- C:\Windows\SysNative\drivers\NNSStrm.sys (Panda Security, S.L.)
DRV:64bit: - (NNSTLSC) -- C:\Windows\SysNative\drivers\NNStlsc.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPROT) -- C:\Windows\SysNative\drivers\NNSProt.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPRV) -- C:\Windows\SysNative\drivers\NNSPrv.sys (Panda Security, S.L.)
DRV:64bit: - (NNSSMTP) -- C:\Windows\SysNative\drivers\NNSSmtp.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPOP3) -- C:\Windows\SysNative\drivers\NNSPop3.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPIHSW) -- C:\Windows\SysNative\drivers\NNSPihsw.sys (Panda Security, S.L.)
DRV:64bit: - (NNSIDS) -- C:\Windows\SysNative\drivers\NNSIds.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPICC) -- C:\Windows\SysNative\drivers\NNSpicc.sys (Panda Security, S.L.)
DRV:64bit: - (NNSHTTPS) -- C:\Windows\SysNative\drivers\NNSHttps.sys (Panda Security, S.L.)
DRV:64bit: - (NNSALPC) -- C:\Windows\SysNative\drivers\NNSAlpc.sys (Panda Security, S.L.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (PSKMAD) -- C:\Windows\SysNative\drivers\PSKMAD.sys (Panda Security, S.L.)
DRV:64bit: - (RTSPER) -- C:\Windows\SysNative\drivers\RtsPer.sys (Realsil Semiconductor Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (NNSNAHSL) -- C:\Windows\SysNative\drivers\NNSNAHSL.sys (Panda Security, S.L.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys (CyberLink)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9C938041-D785-4EE8-AB8C-20E3662252FB}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9C938041-D785-4EE8-AB8C-20E3662252FB}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=HPNTDF
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9C938041-D785-4EE8-AB8C-20E3662252FB}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/12/14 08:29:28 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.14.4_0\
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [OPBHOBroker] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [OPBHOBrokerDesktop] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SimplePass] C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe (Hewlett-Packard)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [HP Photosmart 6520 series (NET)] C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76079EB1-F2A4-4412-BA12-B4C118885AAE}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/12/15 23:04:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/12/15 22:57:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/12/15 22:36:04 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/15 22:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/12/15 22:35:44 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/15 22:35:44 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/12/15 22:35:44 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/12/15 22:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/12/15 22:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/12/15 21:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/12/15 21:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/12/15 21:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/12/15 21:23:15 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Apps
[2014/12/15 21:23:14 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Deployment
[2014/12/15 21:22:08 | 000,000,000 | ---D | C] -- C:\CrimeWatch
[2014/12/15 17:30:33 | 000,060,400 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSKMAD.sys
[2014/12/15 17:00:58 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\ElevatedDiagnostics
[2014/12/15 14:16:19 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\Panda Security
[2014/12/15 14:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda GOLD Protection
[2014/12/15 14:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2014/12/15 14:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2014/12/15 13:46:56 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Wild Tangent
[2014/12/15 13:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2014/12/15 13:45:24 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\WildTangent
[2014/12/15 09:00:54 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Programs
[2014/12/15 08:38:52 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\LogMeIn Rescue Applet
[2014/12/15 08:07:11 | 000,000,000 | ---D | C] -- C:\Windows\twain_64
[2014/12/14 18:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ceJrbaFMQX
[2014/12/14 18:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\CrimeWatch
[2014/12/14 18:15:29 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Documents\Xactimate27 Office Templates
[2014/12/14 18:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xactware
[2014/12/14 18:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Xactware
[2014/12/14 18:10:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xactware
[2014/12/14 16:44:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014/12/14 15:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2014/12/14 15:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2014/12/14 15:38:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2014/12/14 15:38:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2014/12/14 15:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2014/12/14 15:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2014/12/14 14:05:41 | 000,000,000 | ---D | C] -- C:\temp
[2014/12/14 13:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2014/12/14 13:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2014/12/14 13:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2014/12/14 13:56:32 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\HpUpdate
[2014/12/14 13:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/12/14 13:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/12/14 13:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/12/14 13:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014/12/14 13:53:54 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\HP
[2014/12/14 13:40:27 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Documents\Neat Data
[2014/12/14 13:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2014/12/14 13:25:29 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\The Neat Company
[2014/12/14 13:25:11 | 000,148,480 | ---- | C] (Two Pilots) -- C:\Windows\VPDAgent_x64.exe
[2014/12/14 13:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Send To Neat
[2014/12/14 13:23:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Neat ADF Scanner
[2014/12/14 13:23:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Neat Mobile Scanner
[2014/12/14 13:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neat
[2014/12/14 13:22:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2014/12/14 13:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\The Neat Company
[2014/12/14 13:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\The Neat Company
[2014/12/14 13:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Neat
[2014/12/14 13:14:41 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/12/14 12:58:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\The Neat Company
[2014/12/14 12:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2014/12/14 12:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2014/12/14 12:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2014/12/14 12:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2014/12/14 11:48:25 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\AppData\Local\EmieBrowserModeList
[2014/12/14 11:23:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/12/14 06:47:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2014/12/14 06:47:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2014/12/14 06:08:44 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Documents\Outlook Files
[2014/12/14 06:06:30 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014/12/14 06:05:16 | 000,000,000 | R--D | C] -- C:\Users\Cliff\OneDrive
[2014/12/14 06:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft OneDrive
[2014/12/14 06:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2014/12/14 06:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/12/14 06:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014/12/14 06:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2014/12/13 05:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlanSwift 9
[2014/12/13 05:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird
[2014/12/13 05:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlanSwift9
[2014/12/12 21:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2014/12/12 21:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/12/12 21:15:43 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Google
[2014/12/12 20:45:32 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\AppData\Local\EmieUserList
[2014/12/12 20:45:32 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\AppData\Local\EmieSiteList
[2014/12/12 20:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Streets & Trips 2013
[2014/12/12 20:36:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2014/12/12 20:23:06 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014/12/12 19:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014/12/12 19:32:58 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Documents\Avatar
[2014/12/12 19:32:44 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\CyberLink
[2014/12/12 16:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2014/12/12 16:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2014/12/12 16:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/12/12 16:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/12/12 16:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Standard CS6
[2014/12/12 16:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/12/12 15:59:28 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\Macromedia
[2014/12/12 15:58:10 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Adobe
[2014/12/12 15:39:41 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Microsoft Help
[2014/12/12 15:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2014/12/12 14:59:01 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\WSU
[2014/12/12 14:58:56 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\Work Orders
[2014/12/12 14:58:41 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\Salespeople
[2014/12/12 14:58:41 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\Robert on 1216 Mt Carmel
[2014/12/12 14:58:31 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\Pictures from Phone
[2014/12/12 14:58:31 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\Manasco
[2014/12/12 14:58:08 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\JOB PICTURES
[2014/12/12 14:58:08 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\HEALTH
[2014/12/12 14:58:07 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\Employees
[2014/12/12 14:58:07 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\Credit Info
[2014/12/12 14:58:07 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\Budget & Bills
[2014/12/12 14:56:31 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\Bids
[2014/12/12 14:50:58 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\ad. MASTER
[2014/12/12 14:42:27 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\ab. OLD Proposals
[2014/12/12 14:42:11 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\aa. SOLD & IN PROGRESS
[2014/12/12 14:42:02 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\a. SOLD & CLOSED
[2014/12/12 14:41:44 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\a. LOST BIDS
[2014/12/12 14:40:47 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Outlook Files
[2014/12/12 14:40:32 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Neat Back Up
[2014/12/12 14:38:24 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Master
[2014/12/12 14:38:20 | 000,000,000 | ---D | C] -- C:\Users\Cliff\High Impact eMail 5
[2014/12/12 14:31:28 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\Adobe
[2014/12/12 14:31:25 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Virtual Machines
[2014/12/12 14:31:25 | 000,000,000 | R--D | C] -- C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/12/12 14:31:25 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Searches
[2014/12/12 14:31:25 | 000,000,000 | R--D | C] -- C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/12/12 14:31:25 | 000,000,000 | -H-D | C] -- C:\Users\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/12/12 14:31:16 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\Identities
[2014/12/12 14:31:14 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Contacts
[2014/12/12 14:29:36 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\Hewlett-Packard
[2014/12/12 14:28:21 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Documents\Youcam
[2014/12/12 14:28:16 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\CyberLink
[2014/12/12 14:27:49 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\hpqlog
[2014/12/12 14:27:27 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\RemEngine
[2014/12/12 14:27:25 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Hewlett-Packard_Company
[2014/12/12 14:27:13 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Hewlett-Packard
[2014/12/12 14:26:00 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\VirtualStore
[2014/12/12 14:25:46 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\IntelGraphicsProfiles
[2014/12/12 14:25:36 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\Synaptics
[2014/12/12 14:25:27 | 000,000,000 | --SD | C] -- C:\Users\Cliff\AppData\Roaming\Microsoft
[2014/12/12 14:25:27 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Videos
[2014/12/12 14:25:27 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Saved Games
[2014/12/12 14:25:27 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Pictures
[2014/12/12 14:25:27 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Music
[2014/12/12 14:25:27 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Links
[2014/12/12 14:25:27 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Favorites
[2014/12/12 14:25:27 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Downloads
[2014/12/12 14:25:27 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Documents
[2014/12/12 14:25:27 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Desktop
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\AppData\Local\Temporary Internet Files
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\Templates
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\Start Menu
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\SendTo
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\Recent
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\PrintHood
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\NetHood
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\Documents\My Videos
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\Documents\My Pictures
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\Documents\My Music
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\My Documents
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\Local Settings
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\AppData\Local\History
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\Cookies
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\Application Data
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\AppData\Local\Application Data
[2014/12/12 14:25:27 | 000,000,000 | -H-D | C] -- C:\Users\Cliff\Documents\hp.system.package.metadata
[2014/12/12 14:25:27 | 000,000,000 | -H-D | C] -- C:\Users\Cliff\Documents\hp.applications.package.appdata
[2014/12/12 14:25:27 | 000,000,000 | -H-D | C] -- C:\Users\Cliff\AppData
[2014/12/12 14:25:27 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Temp
[2014/12/12 14:25:27 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Microsoft
[2014/12/12 14:25:27 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\Media Center Programs
[2014/12/12 14:25:27 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/12/12 14:25:27 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/12/12 14:25:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
========== Files - Modified Within 30 Days ==========
[2014/12/15 23:09:28 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/15 23:09:28 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/15 23:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/15 23:02:01 | 005,061,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/12/15 23:02:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/15 23:00:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/15 23:00:33 | 1022,070,782 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/15 22:51:20 | 000,002,243 | ---- | M] () -- C:\Users\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/12/15 22:36:11 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/15 22:20:25 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/15 22:02:26 | 000,046,298 | ---- | M] () -- C:\Users\Cliff\Documents\cc_20141215_220211.reg DO NOT DELETE.reg
[2014/12/15 21:24:29 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/15 16:00:42 | 000,050,919 | ---- | M] () -- C:\Users\Cliff\Desktop\Capture.PNG
[2014/12/15 15:34:45 | 000,877,690 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/15 15:34:45 | 000,731,456 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/15 15:34:45 | 000,148,710 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/15 09:37:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/12/15 09:23:04 | 000,872,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/12/15 07:47:30 | 000,297,382 | ---- | M] () -- C:\Users\Cliff\Desktop\Amazon Cords.pdf
[2014/12/14 13:54:45 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2014/12/14 11:39:49 | 000,001,052 | ---- | M] () -- C:\Users\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/12/12 21:23:54 | 000,041,450 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/12/12 21:23:54 | 000,041,450 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014/12/12 20:45:23 | 000,001,411 | ---- | M] () -- C:\Users\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/12/12 14:25:43 | 000,000,180 | ---- | M] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2014/12/10 12:26:04 | 001,056,768 | ---- | M] () -- C:\Users\Cliff\Desktop\WINDOW CONTRACT STUFF.indd
[2014/12/01 19:19:58 | 000,132,046 | ---- | M] () -- C:\Users\Cliff\Desktop\SmartPCFixer Receipt.pdf
[2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/11/19 15:13:57 | 001,048,576 | ---- | M] () -- C:\Users\Cliff\Desktop\WATTS payments on Bennington.indd
========== Files Created - No Company Name ==========
[2014/12/15 22:34:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/12/15 22:02:24 | 000,046,298 | ---- | C] () -- C:\Users\Cliff\Documents\cc_20141215_220211.reg DO NOT DELETE.reg
[2014/12/15 21:24:29 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/15 21:24:29 | 000,002,243 | ---- | C] () -- C:\Users\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/12/15 16:00:42 | 000,050,919 | ---- | C] () -- C:\Users\Cliff\Desktop\Capture.PNG
[2014/12/15 09:37:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/12/15 07:47:30 | 000,297,382 | ---- | C] () -- C:\Users\Cliff\Desktop\Amazon Cords.pdf
[2014/12/14 13:54:45 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/12/14 13:25:09 | 000,054,784 | ---- | C] () -- C:\Windows\SysNative\sdtnpm.dll
[2014/12/14 06:08:48 | 000,001,052 | ---- | C] () -- C:\Users\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/12/14 06:05:16 | 000,002,178 | ---- | C] () -- C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
[2014/12/12 21:15:53 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/12 21:15:51 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/12 20:45:23 | 000,001,411 | ---- | C] () -- C:\Users\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/12/12 20:43:08 | 000,002,737 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Streets & Trips 2013.lnk
[2014/12/12 16:25:31 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2014/12/12 16:25:31 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2014/12/12 16:18:29 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2014/12/12 14:59:01 | 018,018,253 | ---- | C] () -- C:\Users\Cliff\Desktop\Personal Financial - Cliff & Janna 7-2014-2.psd
[2014/12/12 14:59:01 | 001,056,768 | ---- | C] () -- C:\Users\Cliff\Desktop\WINDOW CONTRACT STUFF.indd
[2014/12/12 14:59:01 | 001,056,768 | ---- | C] () -- C:\Users\Cliff\Desktop\Financial.indd
[2014/12/12 14:59:01 | 001,048,576 | ---- | C] () -- C:\Users\Cliff\Desktop\WATTS payments on Bennington.indd
[2014/12/12 14:59:01 | 000,905,216 | ---- | C] () -- C:\Users\Cliff\Desktop\Records.indd
[2014/12/12 14:59:01 | 000,892,928 | ---- | C] () -- C:\Users\Cliff\Desktop\GOALS for Company.indd
[2014/12/12 14:59:01 | 000,880,640 | ---- | C] () -- C:\Users\Cliff\Desktop\AT&T NOTES.indd
[2014/12/12 14:59:01 | 000,856,064 | ---- | C] () -- C:\Users\Cliff\Desktop\Deck Tools Serial #.indd
[2014/12/12 14:59:01 | 000,132,046 | ---- | C] () -- C:\Users\Cliff\Desktop\SmartPCFixer Receipt.pdf
[2014/12/12 14:59:01 | 000,046,897 | ---- | C] () -- C:\Users\Cliff\Desktop\Tech Support.JPG
[2014/12/12 14:59:01 | 000,002,523 | ---- | C] () -- C:\Users\Cliff\Desktop\Advanced Tech Support Rescue Connect.lnk
[2014/12/12 14:59:01 | 000,002,409 | ---- | C] () -- C:\Users\Cliff\Desktop\800.978.4501Advanced Tech Support Rescue Connect.lnk
[2014/12/12 14:31:28 | 000,001,417 | ---- | C] () -- C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/12/12 14:25:43 | 000,000,180 | ---- | C] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2014/12/12 14:25:27 | 000,000,290 | ---- | C] () -- C:\Users\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/12/12 14:25:27 | 000,000,272 | ---- | C] () -- C:\Users\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/07/06 23:36:45 | 000,872,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/24 06:38:44 | 000,348,088 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2014/04/24 06:35:42 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/04/24 06:35:40 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/08/27 15:00:08 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ==========
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/12/15 14:16:19 | 000,000,000 | ---D | M] -- C:\Users\Cliff\AppData\Roaming\Panda Security
[2014/12/12 20:23:06 | 000,000,000 | ---D | M] -- C:\Users\Cliff\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014/12/12 14:25:36 | 000,000,000 | ---D | M] -- C:\Users\Cliff\AppData\Roaming\Synaptics
[2014/12/15 13:45:28 | 000,000,000 | ---D | M] -- C:\Users\Cliff\AppData\Roaming\WildTangent
========== Purity Check ==========
< End of report >
What are your thoughts on this one?
OTL logfile created on: 12/15/2014 11:07:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cliff\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
11.94 Gb Total Physical Memory | 9.40 Gb Available Physical Memory | 78.77% Memory free
23.87 Gb Paging File | 21.30 Gb Available in Paging File | 89.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 908.59 Gb Total Space | 784.04 Gb Free Space | 86.29% Space Free | Partition Type: NTFS
Drive D: | 22.63 Gb Total Space | 2.43 Gb Free Space | 10.73% Space Free | Partition Type: NTFS
Computer Name: CLIFF-HP | User Name: Cliff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Cliff\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Neat\exec\NeatStartupService.exe (The Neat Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (SynTPEnhService) -- C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated)
SRV:64bit: - (igfxCUIService1.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation)
SRV:64bit: - (omniserv) -- C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (Softex Inc.)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (valWBFPolicyService) -- C:\Windows\SysNative\valWBFPolicyService.exe (Validity Sensors, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (GamesAppIntegrationService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (PSUAService) -- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe (Panda Security, S.L.)
SRV - (NanoServiceMain) -- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security, S.L.)
SRV - (PandaAgent) -- C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security, S.L.)
SRV - (Neat Startup Service) -- C:\Program Files (x86)\Neat\exec\NeatStartupService.exe (The Neat Company)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (Agent) -- C:\Windows\VPDAgent_x64.exe (Two Pilots)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
========== Driver Services (SafeList) ==========
DRV:64bit: - (PSINReg) -- C:\Windows\SysNative\drivers\PSINReg.sys (Panda Security, S.L.)
DRV:64bit: - (PSINAflt) -- C:\Windows\SysNative\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV:64bit: - (PSINFile) -- C:\Windows\SysNative\drivers\PSINFile.sys (Panda Security, S.L.)
DRV:64bit: - (PSINProt) -- C:\Windows\SysNative\drivers\PSINProt.sys (Panda Security, S.L.)
DRV:64bit: - (PSINKNC) -- C:\Windows\SysNative\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV:64bit: - (PSINProc) -- C:\Windows\SysNative\drivers\PSINProc.sys (Panda Security, S.L.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NNSHTTP) -- C:\Windows\SysNative\drivers\NNSHttp.sys (Panda Security, S.L.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys (Synaptics Incorporated)
DRV:64bit: - (NNSSTRM) -- C:\Windows\SysNative\drivers\NNSStrm.sys (Panda Security, S.L.)
DRV:64bit: - (NNSTLSC) -- C:\Windows\SysNative\drivers\NNStlsc.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPROT) -- C:\Windows\SysNative\drivers\NNSProt.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPRV) -- C:\Windows\SysNative\drivers\NNSPrv.sys (Panda Security, S.L.)
DRV:64bit: - (NNSSMTP) -- C:\Windows\SysNative\drivers\NNSSmtp.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPOP3) -- C:\Windows\SysNative\drivers\NNSPop3.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPIHSW) -- C:\Windows\SysNative\drivers\NNSPihsw.sys (Panda Security, S.L.)
DRV:64bit: - (NNSIDS) -- C:\Windows\SysNative\drivers\NNSIds.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPICC) -- C:\Windows\SysNative\drivers\NNSpicc.sys (Panda Security, S.L.)
DRV:64bit: - (NNSHTTPS) -- C:\Windows\SysNative\drivers\NNSHttps.sys (Panda Security, S.L.)
DRV:64bit: - (NNSALPC) -- C:\Windows\SysNative\drivers\NNSAlpc.sys (Panda Security, S.L.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (PSKMAD) -- C:\Windows\SysNative\drivers\PSKMAD.sys (Panda Security, S.L.)
DRV:64bit: - (RTSPER) -- C:\Windows\SysNative\drivers\RtsPer.sys (Realsil Semiconductor Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (NNSNAHSL) -- C:\Windows\SysNative\drivers\NNSNAHSL.sys (Panda Security, S.L.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys (CyberLink)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9C938041-D785-4EE8-AB8C-20E3662252FB}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9C938041-D785-4EE8-AB8C-20E3662252FB}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=HPNTDF
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9C938041-D785-4EE8-AB8C-20E3662252FB}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/12/14 08:29:28 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.14.4_0\
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Cliff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [OPBHOBroker] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [OPBHOBrokerDesktop] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SimplePass] C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe (Hewlett-Packard)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [HP Photosmart 6520 series (NET)] C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76079EB1-F2A4-4412-BA12-B4C118885AAE}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/12/15 23:04:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/12/15 22:57:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/12/15 22:36:04 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/15 22:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/12/15 22:35:44 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/15 22:35:44 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/12/15 22:35:44 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/12/15 22:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/12/15 22:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/12/15 21:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/12/15 21:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/12/15 21:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/12/15 21:23:15 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Apps
[2014/12/15 21:23:14 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Deployment
[2014/12/15 21:22:08 | 000,000,000 | ---D | C] -- C:\CrimeWatch
[2014/12/15 17:30:33 | 000,060,400 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSKMAD.sys
[2014/12/15 17:00:58 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\ElevatedDiagnostics
[2014/12/15 14:16:19 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\Panda Security
[2014/12/15 14:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda GOLD Protection
[2014/12/15 14:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2014/12/15 14:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2014/12/15 13:46:56 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Wild Tangent
[2014/12/15 13:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2014/12/15 13:45:24 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\WildTangent
[2014/12/15 09:00:54 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Programs
[2014/12/15 08:38:52 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\LogMeIn Rescue Applet
[2014/12/15 08:07:11 | 000,000,000 | ---D | C] -- C:\Windows\twain_64
[2014/12/14 18:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ceJrbaFMQX
[2014/12/14 18:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\CrimeWatch
[2014/12/14 18:15:29 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Documents\Xactimate27 Office Templates
[2014/12/14 18:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xactware
[2014/12/14 18:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Xactware
[2014/12/14 18:10:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xactware
[2014/12/14 16:44:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014/12/14 15:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2014/12/14 15:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2014/12/14 15:38:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2014/12/14 15:38:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2014/12/14 15:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2014/12/14 15:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2014/12/14 14:05:41 | 000,000,000 | ---D | C] -- C:\temp
[2014/12/14 13:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2014/12/14 13:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2014/12/14 13:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2014/12/14 13:56:32 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\HpUpdate
[2014/12/14 13:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/12/14 13:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/12/14 13:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/12/14 13:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014/12/14 13:53:54 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\HP
[2014/12/14 13:40:27 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Documents\Neat Data
[2014/12/14 13:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2014/12/14 13:25:29 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\The Neat Company
[2014/12/14 13:25:11 | 000,148,480 | ---- | C] (Two Pilots) -- C:\Windows\VPDAgent_x64.exe
[2014/12/14 13:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Send To Neat
[2014/12/14 13:23:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Neat ADF Scanner
[2014/12/14 13:23:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Neat Mobile Scanner
[2014/12/14 13:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neat
[2014/12/14 13:22:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2014/12/14 13:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\The Neat Company
[2014/12/14 13:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\The Neat Company
[2014/12/14 13:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Neat
[2014/12/14 13:14:41 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/12/14 12:58:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\The Neat Company
[2014/12/14 12:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2014/12/14 12:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2014/12/14 12:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2014/12/14 12:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2014/12/14 11:48:25 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\AppData\Local\EmieBrowserModeList
[2014/12/14 11:23:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/12/14 06:47:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2014/12/14 06:47:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2014/12/14 06:08:44 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Documents\Outlook Files
[2014/12/14 06:06:30 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014/12/14 06:05:16 | 000,000,000 | R--D | C] -- C:\Users\Cliff\OneDrive
[2014/12/14 06:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft OneDrive
[2014/12/14 06:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2014/12/14 06:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/12/14 06:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014/12/14 06:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2014/12/13 05:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlanSwift 9
[2014/12/13 05:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird
[2014/12/13 05:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlanSwift9
[2014/12/12 21:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2014/12/12 21:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/12/12 21:15:43 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Google
[2014/12/12 20:45:32 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\AppData\Local\EmieUserList
[2014/12/12 20:45:32 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\AppData\Local\EmieSiteList
[2014/12/12 20:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Streets & Trips 2013
[2014/12/12 20:36:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2014/12/12 20:23:06 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014/12/12 19:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014/12/12 19:32:58 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Documents\Avatar
[2014/12/12 19:32:44 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\CyberLink
[2014/12/12 16:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2014/12/12 16:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2014/12/12 16:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/12/12 16:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/12/12 16:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Standard CS6
[2014/12/12 16:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/12/12 15:59:28 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\Macromedia
[2014/12/12 15:58:10 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Adobe
[2014/12/12 15:39:41 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Microsoft Help
[2014/12/12 15:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2014/12/12 14:59:01 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\WSU
[2014/12/12 14:58:56 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\Work Orders
[2014/12/12 14:58:41 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\Salespeople
[2014/12/12 14:58:41 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\Robert on 1216 Mt Carmel
[2014/12/12 14:58:31 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\Pictures from Phone
[2014/12/12 14:58:31 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\Manasco
[2014/12/12 14:58:08 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\JOB PICTURES
[2014/12/12 14:58:08 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\HEALTH
[2014/12/12 14:58:07 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\Employees
[2014/12/12 14:58:07 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\Credit Info
[2014/12/12 14:58:07 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\Budget & Bills
[2014/12/12 14:56:31 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\Bids
[2014/12/12 14:50:58 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\ad. MASTER
[2014/12/12 14:42:27 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\ab. OLD Proposals
[2014/12/12 14:42:11 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\aa. SOLD & IN PROGRESS
[2014/12/12 14:42:02 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\a. SOLD & CLOSED
[2014/12/12 14:41:44 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Desktop\a. LOST BIDS
[2014/12/12 14:40:47 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Outlook Files
[2014/12/12 14:40:32 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Neat Back Up
[2014/12/12 14:38:24 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Master
[2014/12/12 14:38:20 | 000,000,000 | ---D | C] -- C:\Users\Cliff\High Impact eMail 5
[2014/12/12 14:31:28 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\Adobe
[2014/12/12 14:31:25 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Virtual Machines
[2014/12/12 14:31:25 | 000,000,000 | R--D | C] -- C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/12/12 14:31:25 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Searches
[2014/12/12 14:31:25 | 000,000,000 | R--D | C] -- C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/12/12 14:31:25 | 000,000,000 | -H-D | C] -- C:\Users\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/12/12 14:31:16 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\Identities
[2014/12/12 14:31:14 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Contacts
[2014/12/12 14:29:36 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\Hewlett-Packard
[2014/12/12 14:28:21 | 000,000,000 | ---D | C] -- C:\Users\Cliff\Documents\Youcam
[2014/12/12 14:28:16 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\CyberLink
[2014/12/12 14:27:49 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\hpqlog
[2014/12/12 14:27:27 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\RemEngine
[2014/12/12 14:27:25 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Hewlett-Packard_Company
[2014/12/12 14:27:13 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Hewlett-Packard
[2014/12/12 14:26:00 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\VirtualStore
[2014/12/12 14:25:46 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\IntelGraphicsProfiles
[2014/12/12 14:25:36 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\Synaptics
[2014/12/12 14:25:27 | 000,000,000 | --SD | C] -- C:\Users\Cliff\AppData\Roaming\Microsoft
[2014/12/12 14:25:27 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Videos
[2014/12/12 14:25:27 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Saved Games
[2014/12/12 14:25:27 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Pictures
[2014/12/12 14:25:27 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Music
[2014/12/12 14:25:27 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Links
[2014/12/12 14:25:27 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Favorites
[2014/12/12 14:25:27 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Downloads
[2014/12/12 14:25:27 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Documents
[2014/12/12 14:25:27 | 000,000,000 | R--D | C] -- C:\Users\Cliff\Desktop
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\AppData\Local\Temporary Internet Files
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\Templates
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\Start Menu
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\SendTo
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\Recent
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\PrintHood
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\NetHood
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\Documents\My Videos
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\Documents\My Pictures
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\Documents\My Music
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\My Documents
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\Local Settings
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\AppData\Local\History
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\Cookies
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\Application Data
[2014/12/12 14:25:27 | 000,000,000 | -HSD | C] -- C:\Users\Cliff\AppData\Local\Application Data
[2014/12/12 14:25:27 | 000,000,000 | -H-D | C] -- C:\Users\Cliff\Documents\hp.system.package.metadata
[2014/12/12 14:25:27 | 000,000,000 | -H-D | C] -- C:\Users\Cliff\Documents\hp.applications.package.appdata
[2014/12/12 14:25:27 | 000,000,000 | -H-D | C] -- C:\Users\Cliff\AppData
[2014/12/12 14:25:27 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Temp
[2014/12/12 14:25:27 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\Microsoft
[2014/12/12 14:25:27 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\Media Center Programs
[2014/12/12 14:25:27 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/12/12 14:25:27 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/12/12 14:25:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
========== Files - Modified Within 30 Days ==========
[2014/12/15 23:09:28 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/15 23:09:28 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/15 23:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/15 23:02:01 | 005,061,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/12/15 23:02:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/15 23:00:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/15 23:00:33 | 1022,070,782 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/15 22:51:20 | 000,002,243 | ---- | M] () -- C:\Users\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/12/15 22:36:11 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/15 22:20:25 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/15 22:02:26 | 000,046,298 | ---- | M] () -- C:\Users\Cliff\Documents\cc_20141215_220211.reg DO NOT DELETE.reg
[2014/12/15 21:24:29 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/15 16:00:42 | 000,050,919 | ---- | M] () -- C:\Users\Cliff\Desktop\Capture.PNG
[2014/12/15 15:34:45 | 000,877,690 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/15 15:34:45 | 000,731,456 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/15 15:34:45 | 000,148,710 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/15 09:37:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/12/15 09:23:04 | 000,872,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/12/15 07:47:30 | 000,297,382 | ---- | M] () -- C:\Users\Cliff\Desktop\Amazon Cords.pdf
[2014/12/14 13:54:45 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2014/12/14 11:39:49 | 000,001,052 | ---- | M] () -- C:\Users\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/12/12 21:23:54 | 000,041,450 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/12/12 21:23:54 | 000,041,450 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014/12/12 20:45:23 | 000,001,411 | ---- | M] () -- C:\Users\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/12/12 14:25:43 | 000,000,180 | ---- | M] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2014/12/10 12:26:04 | 001,056,768 | ---- | M] () -- C:\Users\Cliff\Desktop\WINDOW CONTRACT STUFF.indd
[2014/12/01 19:19:58 | 000,132,046 | ---- | M] () -- C:\Users\Cliff\Desktop\SmartPCFixer Receipt.pdf
[2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/11/19 15:13:57 | 001,048,576 | ---- | M] () -- C:\Users\Cliff\Desktop\WATTS payments on Bennington.indd
========== Files Created - No Company Name ==========
[2014/12/15 22:34:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/12/15 22:02:24 | 000,046,298 | ---- | C] () -- C:\Users\Cliff\Documents\cc_20141215_220211.reg DO NOT DELETE.reg
[2014/12/15 21:24:29 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/15 21:24:29 | 000,002,243 | ---- | C] () -- C:\Users\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/12/15 16:00:42 | 000,050,919 | ---- | C] () -- C:\Users\Cliff\Desktop\Capture.PNG
[2014/12/15 09:37:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/12/15 07:47:30 | 000,297,382 | ---- | C] () -- C:\Users\Cliff\Desktop\Amazon Cords.pdf
[2014/12/14 13:54:45 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/12/14 13:25:09 | 000,054,784 | ---- | C] () -- C:\Windows\SysNative\sdtnpm.dll
[2014/12/14 06:08:48 | 000,001,052 | ---- | C] () -- C:\Users\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/12/14 06:05:16 | 000,002,178 | ---- | C] () -- C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
[2014/12/12 21:15:53 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/12 21:15:51 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/12 20:45:23 | 000,001,411 | ---- | C] () -- C:\Users\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/12/12 20:43:08 | 000,002,737 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Streets & Trips 2013.lnk
[2014/12/12 16:25:31 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2014/12/12 16:25:31 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2014/12/12 16:18:29 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2014/12/12 14:59:01 | 018,018,253 | ---- | C] () -- C:\Users\Cliff\Desktop\Personal Financial - Cliff & Janna 7-2014-2.psd
[2014/12/12 14:59:01 | 001,056,768 | ---- | C] () -- C:\Users\Cliff\Desktop\WINDOW CONTRACT STUFF.indd
[2014/12/12 14:59:01 | 001,056,768 | ---- | C] () -- C:\Users\Cliff\Desktop\Financial.indd
[2014/12/12 14:59:01 | 001,048,576 | ---- | C] () -- C:\Users\Cliff\Desktop\WATTS payments on Bennington.indd
[2014/12/12 14:59:01 | 000,905,216 | ---- | C] () -- C:\Users\Cliff\Desktop\Records.indd
[2014/12/12 14:59:01 | 000,892,928 | ---- | C] () -- C:\Users\Cliff\Desktop\GOALS for Company.indd
[2014/12/12 14:59:01 | 000,880,640 | ---- | C] () -- C:\Users\Cliff\Desktop\AT&T NOTES.indd
[2014/12/12 14:59:01 | 000,856,064 | ---- | C] () -- C:\Users\Cliff\Desktop\Deck Tools Serial #.indd
[2014/12/12 14:59:01 | 000,132,046 | ---- | C] () -- C:\Users\Cliff\Desktop\SmartPCFixer Receipt.pdf
[2014/12/12 14:59:01 | 000,046,897 | ---- | C] () -- C:\Users\Cliff\Desktop\Tech Support.JPG
[2014/12/12 14:59:01 | 000,002,523 | ---- | C] () -- C:\Users\Cliff\Desktop\Advanced Tech Support Rescue Connect.lnk
[2014/12/12 14:59:01 | 000,002,409 | ---- | C] () -- C:\Users\Cliff\Desktop\800.978.4501Advanced Tech Support Rescue Connect.lnk
[2014/12/12 14:31:28 | 000,001,417 | ---- | C] () -- C:\Users\Cliff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/12/12 14:25:43 | 000,000,180 | ---- | C] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2014/12/12 14:25:27 | 000,000,290 | ---- | C] () -- C:\Users\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/12/12 14:25:27 | 000,000,272 | ---- | C] () -- C:\Users\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/07/06 23:36:45 | 000,872,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/24 06:38:44 | 000,348,088 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2014/04/24 06:35:42 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/04/24 06:35:40 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/08/27 15:00:08 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ==========
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/12/15 14:16:19 | 000,000,000 | ---D | M] -- C:\Users\Cliff\AppData\Roaming\Panda Security
[2014/12/12 20:23:06 | 000,000,000 | ---D | M] -- C:\Users\Cliff\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014/12/12 14:25:36 | 000,000,000 | ---D | M] -- C:\Users\Cliff\AppData\Roaming\Synaptics
[2014/12/15 13:45:28 | 000,000,000 | ---D | M] -- C:\Users\Cliff\AppData\Roaming\WildTangent
========== Purity Check ==========
< End of report >
