Need help removing search.conduit from my system [Archive]

View Full Version : Need help removing search.conduit from my system

Realtor

2013-12-27, 20:02

I tried several things none have worked. Why does virus and spyware not detect this malware? How can I remove it?:confused:http://forums.spybot.info/images/smilies/confused1.gif

ken545

2013-12-27, 20:24

:snwelcome:

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , Right Click and select RUN AS ADMINISTATOR

Download DDS from one of the links below to your desktop

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)

Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)

Information on A/V control Here (http://www.bleepingcomputer.com/forums/topic114351.html)

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

Realtor

2013-12-27, 20:46

I have windows 8.1 and have not been able to get it to run as Administrator in order for the DDS program to run. Can you assist?

ken545

2013-12-27, 21:16

Lets try this one instead

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Realtor

2013-12-28, 05:48

Results of the executing AdwCleaner.exe
# AdwCleaner v3.016 - Report created 27/12/2013 at 14:27:19
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Mack - WORKPC
# Running from : C:\Users\Mack\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : CltMngSvc

***** [ Files / Folders ] *****

File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found C:\Program Files (x86)\Searchprotect
Folder Found C:\Users\Mack\AppData\Local\Searchprotect

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\Software\SearchProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Mack\AppData\Roaming\Mozilla\Firefox\Profiles\o13s4y14.default\prefs.js ]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1660 octets] - [27/12/2013 14:27:19]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1720 octets] ##########

Thanks

Lets try this one instead

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

ken545

2013-12-28, 12:15

Good Morning,

No need to quote me as some of the logs we may ask for maybe large and with a quote may not fit into a reply.

Where you able to run aswMBR, if so run it and post that log please

Then.....

Double click on AdwCleaner.exe to run the tool again.

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Realtor

2013-12-28, 18:27

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-28 10:49:53
-----------------------------
10:49:53.462 OS Version: Windows x64 6.2.9200
10:49:53.462 Number of processors: 2 586 0x200
10:49:53.465 ComputerName: WORKPC UserName: Mack
10:49:54.100 Initialze error 1
11:19:09.915 AVAST engine defs: 13122800
11:19:18.220 The log file has been saved successfully to "C:\Users\Mack\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-28 10:49:53
-----------------------------
10:49:53.462 OS Version: Windows x64 6.2.9200
10:49:53.462 Number of processors: 2 586 0x200
10:49:53.465 ComputerName: WORKPC UserName: Mack
10:49:54.100 Initialze error 1
11:19:09.915 AVAST engine defs: 13122800
11:19:18.220 The log file has been saved successfully to "C:\Users\Mack\Desktop\aswMBR.txt"
11:19:41.829 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
11:19:41.837 Disk 0 Vendor: HGST_HTS545032A7E380 GGBOACA0 Size: 305245MB BusType: 11
11:19:41.898 Disk 0 MBR read successfully
11:19:41.905 Disk 0 MBR scan
11:19:41.932 Disk 0 unknown MBR code
11:19:41.940 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
11:19:41.957 Disk 0 scanning C:\WINDOWS\system32\drivers
11:19:41.968 Service scanning
11:19:42.523 Modules scanning
11:19:42.541 Disk 0 trace - called modules:
11:19:42.565 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
11:19:42.584 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000016ab5e0]
11:19:42.601 3 CLASSPNP.SYS[fffff80000646abb] -> nt!IofCallDriver -> [0xffffe000002e9b30]
11:19:42.617 5 amdxata.sys[fffff800007146b4] -> nt!IofCallDriver -> \Device\00000028[0xffffe0000139a060]
11:19:42.633 AVAST engine scan C:\WINDOWS
11:19:42.649 AVAST engine scan C:\WINDOWS\system32
11:19:42.666 AVAST engine scan C:\WINDOWS\system32\drivers
11:19:42.683 AVAST engine scan C:\Users\Mack
11:19:42.700 AVAST engine scan C:\ProgramData
11:19:42.717 Scan finished successfully
11:20:11.844 Disk 0 MBR fix error
11:20:41.924 Disk 0 MBR has been saved successfully to "C:\Users\Mack\Desktop\MBR.dat"
11:20:41.947 The log file has been saved successfully to "C:\Users\Mack\Desktop\aswMBR.txt"

Realtor

2013-12-28, 18:47

Results after running Adwcleaner and allowing it to clean.

# AdwCleaner v3.016 - Report created 28/12/2013 at 11:30:15
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Mack - WORKPC
# Running from : C:\Users\Mack\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Users\Mack\AppData\Local\Searchprotect
File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Mack\AppData\Roaming\Mozilla\Firefox\Profiles\o13s4y14.default\prefs.js ]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1808 octets] - [27/12/2013 14:27:19]
AdwCleaner[R1].txt - [1868 octets] - [28/12/2013 11:28:37]
AdwCleaner[S0].txt - [1704 octets] - [28/12/2013 11:30:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1764 octets] ##########

Realtor

2013-12-28, 19:12

Results from running JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8.1 x64
Ran by Mack on Sat 12/28/2013 at 11:50:36.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/28/2013 at 12:06:37.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Realtor

2013-12-28, 19:35

OTL logfile created on: 12/28/2013 12:13:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mack\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 69.75% Memory free
4.22 Gb Paging File | 2.95 Gb Available in Paging File | 69.89% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 275.02 Gb Total Space | 238.23 Gb Free Space | 86.62% Space Free | Partition Type: NTFS
Drive D: | 21.96 Gb Total Space | 2.18 Gb Free Space | 9.93% Space Free | Partition Type: NTFS

Computer Name: WORKPC | User Name: Mack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/28 10:43:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mack\Desktop\OTL.exe
PRC - [2013/12/09 09:40:07 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/12/06 15:47:44 | 020,203,904 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/09/05 08:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/02/25 13:39:26 | 001,045,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
PRC - [2013/02/01 17:00:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
PRC - [2012/07/13 16:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/06/07 21:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

========== Modules (No Company Name) ==========

MOD - [2013/12/28 11:42:20 | 001,153,024 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\_ssl.pyd
MOD - [2013/12/28 11:42:20 | 000,805,888 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._gdi_.pyd
MOD - [2013/12/28 11:42:20 | 000,711,680 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\_hashlib.pyd
MOD - [2013/12/28 11:42:20 | 000,110,080 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\pywintypes27.dll
MOD - [2013/12/28 11:42:20 | 000,026,624 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\_multiprocessing.pyd
MOD - [2013/12/28 11:42:19 | 001,175,040 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._core_.pyd
MOD - [2013/12/28 11:42:19 | 001,062,400 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._controls_.pyd
MOD - [2013/12/28 11:42:19 | 000,811,008 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._windows_.pyd
MOD - [2013/12/28 11:42:19 | 000,735,232 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._misc_.pyd
MOD - [2013/12/28 11:42:19 | 000,686,080 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\unicodedata.pyd
MOD - [2013/12/28 11:42:19 | 000,557,056 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\pysqlite2._sqlite.pyd
MOD - [2013/12/28 11:42:19 | 000,521,680 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\windows._lib_cacheinvalidation.pyd
MOD - [2013/12/28 11:42:19 | 000,364,544 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\pythoncom27.dll
MOD - [2013/12/28 11:42:19 | 000,320,512 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32com.shell.shell.pyd
MOD - [2013/12/28 11:42:19 | 000,128,512 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\_elementtree.pyd
MOD - [2013/12/28 11:42:19 | 000,127,488 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\pyexpat.pyd
MOD - [2013/12/28 11:42:19 | 000,122,368 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._wizard.pyd
MOD - [2013/12/28 11:42:19 | 000,119,808 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32file.pyd
MOD - [2013/12/28 11:42:19 | 000,108,544 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32security.pyd
MOD - [2013/12/28 11:42:19 | 000,098,816 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32api.pyd
MOD - [2013/12/28 11:42:19 | 000,087,040 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\_ctypes.pyd
MOD - [2013/12/28 11:42:19 | 000,070,656 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\wx._html2.pyd
MOD - [2013/12/28 11:42:19 | 000,044,032 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\_socket.pyd
MOD - [2013/12/28 11:42:19 | 000,038,912 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32inet.pyd
MOD - [2013/12/28 11:42:19 | 000,035,840 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32process.pyd
MOD - [2013/12/28 11:42:19 | 000,025,600 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32pdh.pyd
MOD - [2013/12/28 11:42:19 | 000,024,064 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32pipe.pyd
MOD - [2013/12/28 11:42:19 | 000,022,528 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32ts.pyd
MOD - [2013/12/28 11:42:19 | 000,018,432 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32event.pyd
MOD - [2013/12/28 11:42:19 | 000,017,408 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32profile.pyd
MOD - [2013/12/28 11:42:19 | 000,011,264 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\win32crypt.pyd
MOD - [2013/12/28 11:42:19 | 000,010,240 | ---- | M] () -- C:\Users\Mack\AppData\Local\Temp\_MEI43922\select.pyd
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/06/08 12:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 21:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/05/30 00:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll

========== Services (SafeList) ==========

SRV:[b]64bit: - [2013/12/25 16:31:42 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/12/25 16:25:30 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013/12/13 10:23:32 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/12/13 00:57:52 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2013/11/14 01:29:02 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/11/14 01:29:02 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/14 01:29:01 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/11/14 01:28:59 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/11/14 01:25:27 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/11/14 01:25:27 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/11/14 01:25:26 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/11/14 01:25:26 | 000,261,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/08/22 06:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 06:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 06:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 05:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 05:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 05:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 05:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 05:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 04:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 04:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 04:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 03:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 03:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/08/22 03:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 03:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 03:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 03:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 03:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 03:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 03:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 03:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 03:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 03:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/03/14 00:41:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/03/04 16:28:40 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2009/05/04 15:47:36 | 000,809,984 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2013/12/25 16:25:32 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2013/12/25 16:25:29 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2013/12/25 16:25:28 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013/12/05 13:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/14 01:25:25 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/09/05 08:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/08/22 06:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 21:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 20:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/02/01 17:00:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/11/15 17:49:48 | 002,468,496 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

Realtor

2013-12-28, 19:38

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/25 16:31:42 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/12/25 16:31:42 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/12/25 16:31:42 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/12/25 16:31:42 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/12/25 16:31:42 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/12/13 10:23:36 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/12/13 10:23:36 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/12/09 10:27:56 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/11/14 01:28:58 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/11/14 01:25:25 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/11/14 01:25:25 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/11/14 01:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/11/14 01:23:24 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/11/14 01:16:57 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/11/14 01:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 07:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 07:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 06:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 06:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 06:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 06:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 06:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 06:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 06:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 06:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 06:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 06:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 06:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 06:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 06:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 06:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 06:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 06:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 06:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 06:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 06:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 06:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 06:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 06:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 06:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 06:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 06:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 06:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 06:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 06:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 06:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 06:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 06:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 06:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 06:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 06:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/08/22 06:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/08/22 06:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/08/22 05:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 05:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 05:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 05:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 05:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 05:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 05:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 05:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 05:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 05:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 05:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 05:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 05:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 05:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 05:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 05:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 05:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 05:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 05:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 05:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 05:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 05:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 05:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 02:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 17:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 18:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/08/07 20:41:38 | 003,915,264 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
DRV:64bit: - [2013/07/30 12:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 13:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 08:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/05/22 23:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/20 23:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/16 21:12:22 | 000,524,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/05/15 23:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/05/07 18:41:48 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/05/07 18:41:48 | 000,029,424 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2013/04/24 18:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 20:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/03/04 19:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 19:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/02/14 06:41:14 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/01/23 18:29:56 | 000,288,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012/11/30 01:31:02 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/11/30 01:31:00 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/09/01 20:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/08/31 10:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/08/28 07:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/06/25 11:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/20 15:27:30 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symelam.sys -- (SymELAM)
DRV - [2013/12/12 23:05:29 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131227.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/12/09 18:15:12 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131227.009\ex64.sys -- (NAVEX15)
DRV - [2013/12/09 18:15:12 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131227.009\eng64.sys -- (NAVENG)
DRV - [2013/12/07 22:20:48 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/12/07 22:20:48 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/12/03 20:35:20 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131203.001\BHDrvx64.sys -- (BHDrvx64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Mack\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2013/12/08 08:15:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2013/12/28 11:36:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/12/26 12:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mack\AppData\Roaming\mozilla\Extensions
[2013/12/26 12:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/26 12:29:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/gmail
CHR - Extension: Google Docs = C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail Offline = C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0\
CHR - Extension: Crackle = C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
CHR - Extension: Norton Identity Protection = C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.5.2_0\
CHR - Extension: Google Wallet = C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/22 07:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [SkyDrive] C:\Users\Mack\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GlobeTrotter Connect.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://taxdata.realtracs.net/realestate/maps/downloads/mgaxctrlv65.cab (Autodesk MapGuide ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.64.23 24.217.201.67 24.177.176.38
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAE7D2D1-F290-46B6-B75A-77D9925BE980}: DhcpNameServer = 24.159.64.23 24.217.201.67 24.177.176.38
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Realtor

2013-12-28, 19:40

========== Files/Folders - Created Within 30 Days ==========

[2013/12/28 11:50:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/12/28 10:47:05 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Mack\Desktop\aswMBR.exe
[2013/12/28 10:42:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mack\Desktop\OTL.exe
[2013/12/28 10:42:41 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Mack\Desktop\JRT.exe
[2013/12/27 14:27:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/27 13:34:00 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Mack\Desktop\dds.scr
[2013/12/27 11:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/12/27 11:24:18 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\SysNative\sdnclean64.exe
[2013/12/27 11:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/12/27 11:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/12/27 11:23:32 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Programs
[2013/12/26 18:07:40 | 000,000,000 | ---D | C] -- C:\Users\Mack\Documents\Training
[2013/12/26 12:29:26 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Mozilla
[2013/12/26 12:29:25 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\Mozilla
[2013/12/26 12:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/12/26 12:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/12/26 12:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/26 12:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ACI
[2013/12/26 12:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ACI
[2013/12/26 11:46:39 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Cached Installations
[2013/12/25 16:36:52 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/12/25 16:36:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2013/12/25 16:34:56 | 000,075,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\imagehlp.dll
[2013/12/25 16:34:35 | 000,393,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPhoto.dll
[2013/12/25 16:34:35 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPhoto.dll
[2013/12/25 16:34:26 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\scrrun.dll
[2013/12/25 16:34:26 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\scrrun.dll
[2013/12/25 16:34:14 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe
[2013/12/25 16:34:14 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmregistration.dll
[2013/12/25 16:34:14 | 000,240,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mdmregistration.dll
[2013/12/25 16:33:21 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013/12/25 16:33:21 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2013/12/25 16:33:21 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2013/12/25 16:33:21 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2013/12/25 16:33:21 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2013/12/25 16:33:21 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013/12/25 16:32:16 | 004,105,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2013/12/25 16:32:16 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
[2013/12/25 16:31:42 | 013,177,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2013/12/25 16:31:42 | 011,674,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2013/12/25 16:31:42 | 007,399,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2013/12/25 16:31:42 | 002,896,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
[2013/12/25 16:31:42 | 002,570,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
[2013/12/25 16:31:42 | 002,266,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
[2013/12/25 16:31:42 | 002,143,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2013/12/25 16:31:42 | 002,140,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2013/12/25 16:31:42 | 001,843,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2013/12/25 16:31:42 | 001,816,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
[2013/12/25 16:31:42 | 001,765,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2013/12/25 16:31:42 | 001,765,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2013/12/25 16:31:42 | 001,756,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPDMC.exe
[2013/12/25 16:31:42 | 001,642,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2013/12/25 16:31:42 | 001,506,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2013/12/25 16:31:42 | 001,476,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2013/12/25 16:31:42 | 001,391,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPDMC.exe
[2013/12/25 16:31:42 | 001,345,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2013/12/25 16:31:42 | 001,302,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2013/12/25 16:31:42 | 000,922,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2013/12/25 16:31:42 | 000,840,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2013/12/25 16:31:42 | 000,747,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidcli.dll
[2013/12/25 16:31:42 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
[2013/12/25 16:31:42 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2013/12/25 16:31:42 | 000,637,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2013/12/25 16:31:42 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
[2013/12/25 16:31:42 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
[2013/12/25 16:31:42 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidcli.dll
[2013/12/25 16:31:42 | 000,516,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2013/12/25 16:31:42 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
[2013/12/25 16:31:42 | 000,382,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2013/12/25 16:31:42 | 000,372,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2013/12/25 16:31:42 | 000,358,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcomp.dll
[2013/12/25 16:31:42 | 000,325,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2013/12/25 16:31:42 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2013/12/25 16:31:42 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/12/25 16:31:42 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dcomp.dll
[2013/12/25 16:31:42 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2013/12/25 16:31:42 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/12/25 16:31:42 | 000,146,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\SerCx2.sys
[2013/12/25 16:31:42 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winbici.dll
[2013/12/25 16:31:42 | 000,086,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys
[2013/12/25 16:31:42 | 000,039,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\intelpep.sys
[2013/12/25 16:31:42 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredentialMigrationHandler.dll
[2013/12/25 16:31:42 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredentialMigrationHandler.dll
[2013/12/25 16:25:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2013/12/25 16:25:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2013/12/25 16:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/12/25 16:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/12/25 16:25:43 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/12/25 16:25:33 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisRtl.dll
[2013/12/25 16:25:33 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ahadmin.dll
[2013/12/25 16:25:33 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\admwprox.dll
[2013/12/25 16:25:33 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisreset.exe
[2013/12/25 16:25:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wamregps.dll
[2013/12/25 16:25:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisrstap.dll
[2013/12/25 16:25:32 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisRtl.dll
[2013/12/25 16:25:32 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\admwprox.dll
[2013/12/25 16:25:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wamregps.dll
[2013/12/25 16:25:31 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ahadmin.dll
[2013/12/25 16:25:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisreset.exe
[2013/12/25 16:25:31 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisrstap.dll
[2013/12/25 16:24:34 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TsWpfWrp.exe
[2013/12/25 16:24:33 | 000,778,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
[2013/12/25 16:24:33 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/12/25 16:24:32 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TsWpfWrp.exe
[2013/12/25 16:24:31 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/12/25 16:24:30 | 001,166,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationNative_v0300.dll
[2013/12/25 15:43:25 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\Identities
[2013/12/25 14:52:44 | 000,000,000 | --SD | C] -- C:\Users\Mack\AppData\Roaming\Microsoft
[2013/12/25 14:52:44 | 000,000,000 | R--D | C] -- C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/12/25 14:52:44 | 000,000,000 | R--D | C] -- C:\Users\Mack\Favorites
[2013/12/25 14:52:44 | 000,000,000 | R--D | C] -- C:\Users\Mack\Documents
[2013/12/25 14:52:44 | 000,000,000 | R--D | C] -- C:\Users\Mack\Desktop
[2013/12/25 14:52:44 | 000,000,000 | R--D | C] -- C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/12/25 14:52:44 | 000,000,000 | R--D | C] -- C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\AppData\Local\Temporary Internet Files
[2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\Templates
[2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\Start Menu
[2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\SendTo
[2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\Recent
[2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\PrintHood
[2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\NetHood
[2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\Documents\My Videos
[2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\Documents\My Pictures
[2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\Documents\My Music
[2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\My Documents
[2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\Local Settings
[2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\AppData\Local\History
[2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\Cookies
[2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\Application Data
[2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\AppData\Local\Application Data
[2013/12/25 14:52:44 | 000,000,000 | -H-D | C] -- C:\Users\Mack\AppData
[2013/12/25 14:52:44 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Temp
[2013/12/25 14:52:44 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Microsoft
[2013/12/25 14:52:44 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/12/25 14:41:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/12/25 14:40:41 | 000,000,000 | ---D | C] -- C:\AMD
[2013/12/25 14:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2013/12/25 14:39:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\SRSLabs
[2013/12/25 14:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/12/25 14:39:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2013/12/25 14:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/12/25 14:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/12/23 14:41:07 | 000,000,000 | ---D | C] -- C:\Users\Mack\Documents\Temp
[2013/12/20 19:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlobeTrotter Connect
[2013/12/20 19:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Option
[2013/12/18 23:35:17 | 000,014,848 | ---- | C] (Microsoft) -- C:\WINDOWS\SysWow64\rars.rs
[2013/12/18 23:35:17 | 000,014,848 | ---- | C] (Microsoft) -- C:\WINDOWS\SysNative\rars.rs
[2013/12/18 09:29:55 | 000,000,000 | ---D | C] -- C:\Users\Mack\Documents\Personal
[2013/12/15 15:21:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\MRT
[2013/12/13 10:24:06 | 000,129,536 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\coinst_13.251.dll
[2013/12/13 10:24:06 | 000,099,840 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\OpenVideo64.dll
[2013/12/13 10:24:06 | 000,086,528 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\OVDecode64.dll
[2013/12/13 10:24:06 | 000,083,968 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\OpenVideo.dll
[2013/12/13 10:24:06 | 000,073,728 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\OVDecode.dll
[2013/12/13 10:23:54 | 008,287,008 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiumdva.dll
[2013/12/13 10:23:54 | 000,143,304 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiuxp64.dll
[2013/12/13 10:23:54 | 000,126,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiuxpag.dll
[2013/12/13 10:23:50 | 008,927,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiumd6a.dll
[2013/12/13 10:23:50 | 006,630,232 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiumdag.dll
[2013/12/13 10:23:48 | 007,751,920 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiumd64.dll
[2013/12/13 10:23:46 | 022,157,824 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysWow64\atioglxx.dll
[2013/12/13 10:23:46 | 000,190,976 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\atitmm64.dll
[2013/12/13 10:23:46 | 000,115,512 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiu9p64.dll
[2013/12/13 10:23:46 | 000,098,496 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiu9pag.dll
[2013/12/13 10:23:42 | 000,332,800 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\ATIODE.exe
[2013/12/13 10:23:42 | 000,051,200 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\ATIODCLI.exe
[2013/12/13 10:23:40 | 026,352,128 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atio6axx.dll
[2013/12/13 10:23:36 | 013,207,552 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\drivers\atikmdag.sys
[2013/12/13 10:23:36 | 000,626,176 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\drivers\atikmpag.sys
[2013/12/13 10:23:36 | 000,078,432 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atimpc64.dll
[2013/12/13 10:23:36 | 000,071,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atimpc32.dll
[2013/12/13 10:23:36 | 000,031,232 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\atimuixx.dll
[2013/12/13 10:23:34 | 000,100,352 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atig6txx.dll
[2013/12/13 10:23:34 | 000,096,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atigktxx.dll
[2013/12/13 10:23:34 | 000,074,752 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atig6pxx.dll
[2013/12/13 10:23:34 | 000,069,632 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiglpxx.dll
[2013/12/13 10:23:34 | 000,069,632 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiglpxx.dll
[2013/12/13 10:23:32 | 009,753,752 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atidxx64.dll
[2013/12/13 10:23:32 | 008,406,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atidxx32.dll
[2013/12/13 10:23:32 | 000,588,288 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\atieclxx.exe
[2013/12/13 10:23:32 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atidemgy.dll
[2013/12/13 10:23:32 | 000,239,616 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\atiesrxx.exe
[2013/12/13 10:23:30 | 015,716,352 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\aticaldd64.dll
[2013/12/13 10:23:30 | 001,318,552 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\aticfx64.dll
[2013/12/13 10:23:30 | 001,100,216 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\aticfx32.dll
[2013/12/13 10:23:30 | 000,062,464 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\aticalrt64.dll
[2013/12/13 10:23:30 | 000,052,224 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticalrt.dll
[2013/12/13 10:23:28 | 014,302,208 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticaldd.dll
[2013/12/13 10:23:28 | 000,368,640 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atiapfxx.exe
[2013/12/13 10:23:28 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atibtmon.exe
[2013/12/13 10:23:28 | 000,055,808 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\aticalcl64.dll
[2013/12/13 10:23:28 | 000,049,152 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticalcl.dll
[2013/12/13 10:23:26 | 001,144,320 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atiadlxx.dll
[2013/12/13 10:23:26 | 000,825,344 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysWow64\atiadlxy.dll
[2013/12/13 10:23:26 | 000,078,432 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\amdpcom64.dll
[2013/12/13 10:23:26 | 000,071,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\amdpcom32.dll
[2013/12/13 10:23:26 | 000,063,488 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
[2013/12/13 10:23:26 | 000,057,344 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
[2013/12/13 10:23:26 | 000,043,520 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\drivers\ati2erec.dll
[2013/12/13 10:23:24 | 029,382,144 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\amdocl64.dll
[2013/12/13 10:23:20 | 024,860,160 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\amdocl.dll
[2013/12/13 00:59:38 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\SRSTSX64.dll
[2013/12/13 00:59:38 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\SRSWOW64.dll
[2013/12/13 00:59:37 | 001,662,024 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RTSnMg64.cpl
[2013/12/13 00:59:36 | 002,794,056 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtPgEx64.dll
[2013/12/13 00:59:36 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtlCPAPI64.dll
[2013/12/13 00:59:36 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkCfg64.dll
[2013/12/13 00:59:36 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkCoLDR64.dll
[2013/12/13 00:59:35 | 003,744,328 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkAPO64.dll
[2013/12/13 00:59:35 | 001,284,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RTCOM64.dll
[2013/12/13 00:59:35 | 001,003,592 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkApi64.dll
[2013/12/13 00:59:35 | 000,613,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtDataProc64.dll
[2013/12/13 00:59:35 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEEP64A.dll
[2013/12/13 00:59:35 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RP3DHT64.dll
[2013/12/13 00:59:35 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RP3DAA64.dll
[2013/12/13 00:59:35 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEED64A.dll
[2013/12/13 00:59:35 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEEL64A.dll
[2013/12/13 00:59:35 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEEG64A.dll
[2013/12/13 00:59:34 | 026,987,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RCoRes64.dat
[2013/12/13 00:59:33 | 000,142,920 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RCoInstII64.dll
[2013/12/13 00:59:29 | 000,208,072 | ---- | C] (Andrea Electronics Corporation) -- C:\WINDOWS\SysNative\AERTAC64.dll
[2013/12/13 00:59:29 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\WINDOWS\SysNative\CONEQMSAPOGUILibrary.dll
[2013/12/13 00:59:29 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\WINDOWS\SysNative\AERTAR64.dll
[2013/12/12 23:36:22 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\ElevatedDiagnostics
[2013/12/12 23:30:33 | 000,000,000 | R--D | C] -- C:\Users\Mack\Documents\Notes
[2013/12/12 18:16:59 | 003,915,264 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\WINDOWS\SysNative\drivers\athw8x.sys
[2013/12/12 17:49:25 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\HP Quick Start
[2013/12/12 08:38:44 | 000,000,000 | ---D | C] -- C:\Users\Mack\.pdfsam
[2013/12/11 12:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/12/11 12:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/12/11 12:47:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/12/11 12:47:21 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2013/12/11 12:46:56 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2013/12/11 12:46:56 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2013/12/11 12:46:56 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2013/12/11 12:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/12/11 12:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/12/11 10:54:57 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Citrix
[2013/12/09 12:36:34 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\OpenOffice
[2013/12/09 12:19:59 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
[2013/12/09 12:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2013/12/09 11:37:35 | 000,000,000 | ---D | C] -- C:\Users\Mack\Desktop\OpenOffice 4.0.1 (en-US) Installation Files
[2013/12/09 10:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/12/08 18:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/12/08 18:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/12/08 18:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/12/08 18:23:53 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Adobe
[2013/12/08 15:11:02 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\hpqlog
[2013/12/08 15:11:00 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Hewlett-Packard
[2013/12/08 08:21:09 | 000,000,000 | R--D | C] -- C:\Users\Mack\SkyDrive
[2013/12/08 08:16:26 | 000,000,000 | ---D | C] -- C:\Users\Mack\Documents\Youcam
[2013/12/08 08:16:26 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\CyberLink
[2013/12/08 08:16:25 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\CyberLink
[2013/12/07 23:28:14 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\Macromedia
[2013/12/07 22:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/12/07 22:38:13 | 000,000,000 | R--D | C] -- C:\Users\Mack\Google Drive
[2013/12/07 22:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/12/07 22:34:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/12/07 22:34:08 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Google
[2013/12/07 22:21:53 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\Hewlett-Packard
[2013/12/07 22:06:10 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\AMD
[2013/12/07 22:05:31 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\ATI
[2013/12/07 22:05:31 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\ATI
[2013/12/07 22:03:49 | 000,000,000 | R--D | C] -- C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/12/07 22:03:49 | 000,000,000 | R--D | C] -- C:\Users\Mack\Searches
[2013/12/07 22:03:49 | 000,000,000 | R--D | C] -- C:\Users\Mack\Contacts
[2013/12/07 22:03:49 | 000,000,000 | R--D | C] -- C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/12/07 22:03:49 | 000,000,000 | -H-D | C] -- C:\Users\Mack\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/12/07 22:03:32 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\Adobe
[2013/12/07 22:02:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2013/12/07 21:59:40 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Power2Go8
[2013/12/07 21:59:25 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\Synaptics
[2013/12/07 21:58:39 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\VirtualStore
[2013/12/07 21:58:08 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2013/12/07 21:58:06 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Packages
[2013/12/07 21:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/12/07 21:57:24 | 000,000,000 | R--D | C] -- C:\Users\Mack\Videos
[2013/12/07 21:57:24 | 000,000,000 | R--D | C] -- C:\Users\Mack\Saved Games
[2013/12/07 21:57:24 | 000,000,000 | R--D | C] -- C:\Users\Mack\Pictures
[2013/12/07 21:57:24 | 000,000,000 | R--D | C] -- C:\Users\Mack\Music
[2013/12/07 21:57:24 | 000,000,000 | R--D | C] -- C:\Users\Mack\Links
[2013/12/07 21:57:24 | 000,000,000 | R--D | C] -- C:\Users\Mack\Downloads
[2013/12/07 21:57:24 | 000,000,000 | -H-D | C] -- C:\Users\Mack\Documents\hp.system.package.metadata
[2013/12/07 21:57:24 | 000,000,000 | -H-D | C] -- C:\Users\Mack\Documents\hp.applications.package.appdata

========== Files - Modified Within 30 Days ==========

[2013/12/28 11:46:00 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/28 11:42:09 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/28 11:42:01 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/28 11:41:25 | 000,956,412 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013/12/28 11:41:25 | 000,796,126 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013/12/28 11:41:25 | 000,161,346 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013/12/28 11:36:15 | 004,424,328 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013/12/28 11:35:23 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/28 11:33:44 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForMack.job
[2013/12/28 11:33:18 | 000,360,960 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013/12/28 11:33:06 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/12/28 11:33:05 | 3088,900,096 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/28 11:20:41 | 000,000,512 | ---- | M] () -- C:\Users\Mack\Desktop\MBR.dat
[2013/12/28 10:49:08 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Mack\Desktop\aswMBR.exe
[2013/12/28 10:43:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mack\Desktop\OTL.exe
[2013/12/28 10:42:48 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Mack\Desktop\JRT.exe
[2013/12/27 14:26:46 | 001,233,962 | ---- | M] () -- C:\Users\Mack\Desktop\AdwCleaner.exe
[2013/12/27 13:34:12 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Mack\Desktop\dds.scr
[2013/12/27 11:24:27 | 000,001,402 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/12/26 12:29:16 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/26 11:38:07 | 000,001,720 | ---- | M] () -- C:\Users\Mack\Desktop\Continue Firefox.lnk
[2013/12/25 17:01:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013/12/25 16:34:56 | 000,075,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\imagehlp.dll
[2013/12/25 16:34:35 | 000,393,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPhoto.dll
[2013/12/25 16:34:35 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPhoto.dll
[2013/12/25 16:34:26 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\scrrun.dll
[2013/12/25 16:34:26 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\scrrun.dll
[2013/12/25 16:34:14 | 000,615,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe
[2013/12/25 16:34:14 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmregistration.dll
[2013/12/25 16:34:14 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mdmregistration.dll
[2013/12/25 16:33:21 | 005,769,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013/12/25 16:33:21 | 001,995,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2013/12/25 16:33:21 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2013/12/25 16:33:21 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2013/12/25 16:33:21 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2013/12/25 16:33:21 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013/12/25 16:32:16 | 004,105,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2013/12/25 16:32:16 | 000,568,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
[2013/12/25 16:31:42 | 013,177,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2013/12/25 16:31:42 | 011,674,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2013/12/25 16:31:42 | 007,399,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2013/12/25 16:31:42 | 002,896,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
[2013/12/25 16:31:42 | 002,570,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
[2013/12/25 16:31:42 | 002,266,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
[2013/12/25 16:31:42 | 002,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2013/12/25 16:31:42 | 002,140,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2013/12/25 16:31:42 | 001,843,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2013/12/25 16:31:42 | 001,816,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
[2013/12/25 16:31:42 | 001,765,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2013/12/25 16:31:42 | 001,765,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2013/12/25 16:31:42 | 001,756,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPDMC.exe
[2013/12/25 16:31:42 | 001,642,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2013/12/25 16:31:42 | 001,506,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2013/12/25 16:31:42 | 001,476,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2013/12/25 16:31:42 | 001,391,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPDMC.exe
[2013/12/25 16:31:42 | 001,345,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2013/12/25 16:31:42 | 001,302,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2013/12/25 16:31:42 | 000,922,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2013/12/25 16:31:42 | 000,840,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2013/12/25 16:31:42 | 000,747,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidcli.dll
[2013/12/25 16:31:42 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
[2013/12/25 16:31:42 | 000,701,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2013/12/25 16:31:42 | 000,637,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2013/12/25 16:31:42 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
[2013/12/25 16:31:42 | 000,566,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
[2013/12/25 16:31:42 | 000,544,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidcli.dll
[2013/12/25 16:31:42 | 000,516,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2013/12/25 16:31:42 | 000,479,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
[2013/12/25 16:31:42 | 000,382,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2013/12/25 16:31:42 | 000,372,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2013/12/25 16:31:42 | 000,358,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcomp.dll
[2013/12/25 16:31:42 | 000,325,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2013/12/25 16:31:42 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2013/12/25 16:31:42 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/12/25 16:31:42 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dcomp.dll
[2013/12/25 16:31:42 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2013/12/25 16:31:42 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/12/25 16:31:42 | 000,146,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\SerCx2.sys
[2013/12/25 16:31:42 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winbici.dll
[2013/12/25 16:31:42 | 000,086,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys
[2013/12/25 16:31:42 | 000,039,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\intelpep.sys
[2013/12/25 16:31:42 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredentialMigrationHandler.dll
[2013/12/25 16:31:42 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredentialMigrationHandler.dll
[2013/12/25 16:25:33 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisRtl.dll
[2013/12/25 16:25:33 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ahadmin.dll
[2013/12/25 16:25:33 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\admwprox.dll
[2013/12/25 16:25:33 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisreset.exe
[2013/12/25 16:25:33 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wamregps.dll
[2013/12/25 16:25:33 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisrstap.dll
[2013/12/25 16:25:32 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisRtl.dll
[2013/12/25 16:25:32 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\admwprox.dll
[2013/12/25 16:25:32 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wamregps.dll
[2013/12/25 16:25:31 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ahadmin.dll
[2013/12/25 16:25:31 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisreset.exe
[2013/12/25 16:25:31 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisrstap.dll
[2013/12/25 15:11:37 | 000,020,958 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2013/12/25 15:11:37 | 000,020,958 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2013/12/25 15:11:09 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013/12/25 14:43:35 | 000,930,400 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/12/25 14:40:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2013/12/25 14:39:47 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
[2013/12/25 14:39:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/12/23 14:45:31 | 000,008,675 | ---- | M] () -- C:\Users\Mack\Documents\481-322499_PCR_26491820.pdf
[2013/12/20 19:07:03 | 000,001,197 | ---- | M] () -- C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GlobeTrotter Connect.lnk
[2013/12/20 19:06:33 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\GlobeTrotter Connect.lnk
[2013/12/14 10:53:35 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2013/12/14 10:53:35 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2013/12/14 10:53:35 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2013/12/13 10:24:06 | 000,230,912 | ---- | M] () -- C:\WINDOWS\SysNative\clinfo.exe
[2013/12/13 10:24:06 | 000,129,536 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\coinst_13.251.dll
[2013/12/13 10:24:06 | 000,099,840 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\OpenVideo64.dll
[2013/12/13 10:24:06 | 000,086,528 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\OVDecode64.dll
[2013/12/13 10:24:06 | 000,083,968 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\OpenVideo.dll
[2013/12/13 10:24:06 | 000,073,728 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\OVDecode.dll
[2013/12/13 10:23:56 | 000,204,952 | ---- | M] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013/12/13 10:23:56 | 000,204,952 | ---- | M] () -- C:\WINDOWS\SysNative\ativvsvl.dat
[2013/12/13 10:23:54 | 008,287,008 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiumdva.dll
[2013/12/13 10:23:54 | 000,234,036 | ---- | M] () -- C:\WINDOWS\SysNative\ativvaxy_cik.dat
[2013/12/13 10:23:54 | 000,233,776 | ---- | M] () -- C:\WINDOWS\SysNative\ativvaxy_cik_nd.dat
[2013/12/13 10:23:54 | 000,157,144 | ---- | M] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013/12/13 10:23:54 | 000,157,144 | ---- | M] () -- C:\WINDOWS\SysNative\ativvsva.dat
[2013/12/13 10:23:54 | 000,143,304 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiuxp64.dll
[2013/12/13 10:23:54 | 000,126,336 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiuxpag.dll
[2013/12/13 10:23:54 | 000,083,552 | ---- | M] () -- C:\WINDOWS\SysNative\ativce02.dat
[2013/12/13 10:23:52 | 003,461,040 | ---- | M] () -- C:\WINDOWS\SysWow64\atiumdva.cap
[2013/12/13 10:23:50 | 008,927,704 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiumd6a.dll
[2013/12/13 10:23:50 | 006,630,232 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiumdag.dll
[2013/12/13 10:23:48 | 007,751,920 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiumd64.dll
[2013/12/13 10:23:48 | 003,426,688 | ---- | M] () -- C:\WINDOWS\SysNative\atiumd6a.cap
[2013/12/13 10:23:46 | 022,157,824 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysWow64\atioglxx.dll
[2013/12/13 10:23:46 | 000,190,976 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\atitmm64.dll
[2013/12/13 10:23:46 | 000,115,512 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiu9p64.dll
[2013/12/13 10:23:46 | 000,098,496 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiu9pag.dll
[2013/12/13 10:23:46 | 000,003,917 | ---- | M] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013/12/13 10:23:46 | 000,003,917 | ---- | M] () -- C:\WINDOWS\SysNative\atipblag.dat
[2013/12/13 10:23:42 | 000,332,800 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\ATIODE.exe
[2013/12/13 10:23:42 | 000,051,200 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\ATIODCLI.exe
[2013/12/13 10:23:42 | 000,047,887 | ---- | M] () -- C:\WINDOWS\atiogl.xml
[2013/12/13 10:23:40 | 026,352,128 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atio6axx.dll
[2013/12/13 10:23:36 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\drivers\atikmdag.sys
[2013/12/13 10:23:36 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\drivers\atikmpag.sys
[2013/12/13 10:23:36 | 000,078,432 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atimpc64.dll
[2013/12/13 10:23:36 | 000,071,704 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atimpc32.dll
[2013/12/13 10:23:36 | 000,031,232 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\atimuixx.dll
[2013/12/13 10:23:34 | 000,721,296 | ---- | M] () -- C:\WINDOWS\SysNative\atiicdxx.dat
[2013/12/13 10:23:34 | 000,100,352 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atig6txx.dll
[2013/12/13 10:23:34 | 000,096,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atigktxx.dll
[2013/12/13 10:23:34 | 000,074,752 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atig6pxx.dll
[2013/12/13 10:23:34 | 000,069,632 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiglpxx.dll
[2013/12/13 10:23:34 | 000,069,632 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiglpxx.dll
[2013/12/13 10:23:32 | 009,753,752 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atidxx64.dll
[2013/12/13 10:23:32 | 008,406,024 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atidxx32.dll
[2013/12/13 10:23:32 | 000,588,288 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\atieclxx.exe
[2013/12/13 10:23:32 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atidemgy.dll
[2013/12/13 10:23:32 | 000,239,616 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\atiesrxx.exe
[2013/12/13 10:23:30 | 015,716,352 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\aticaldd64.dll
[2013/12/13 10:23:30 | 001,318,552 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\aticfx64.dll
[2013/12/13 10:23:30 | 001,100,216 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\aticfx32.dll
[2013/12/13 10:23:30 | 000,062,464 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\aticalrt64.dll
[2013/12/13 10:23:30 | 000,052,224 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticalrt.dll
[2013/12/13 10:23:28 | 014,302,208 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticaldd.dll
[2013/12/13 10:23:28 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atiapfxx.exe
[2013/12/13 10:23:28 | 000,118,784 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atibtmon.exe
[2013/12/13 10:23:28 | 000,055,808 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\aticalcl64.dll
[2013/12/13 10:23:28 | 000,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticalcl.dll
[2013/12/13 10:23:26 | 001,144,320 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atiadlxx.dll
[2013/12/13 10:23:26 | 000,825,344 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysWow64\atiadlxy.dll
[2013/12/13 10:23:26 | 000,550,456 | ---- | M] () -- C:\WINDOWS\SysWow64\atiapfxx.blb
[2013/12/13 10:23:26 | 000,550,456 | ---- | M] () -- C:\WINDOWS\SysNative\atiapfxx.blb
[2013/12/13 10:23:26 | 000,078,432 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\amdpcom64.dll
[2013/12/13 10:23:26 | 000,071,704 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\amdpcom32.dll
[2013/12/13 10:23:26 | 000,063,488 | ---- | M] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
[2013/12/13 10:23:26 | 000,057,344 | ---- | M] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
[2013/12/13 10:23:26 | 000,043,520 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\drivers\ati2erec.dll
[2013/12/13 10:23:24 | 029,382,144 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\amdocl64.dll
[2013/12/13 10:23:24 | 001,187,342 | ---- | M] () -- C:\WINDOWS\SysNative\amdocl_as64.exe
[2013/12/13 10:23:24 | 001,061,902 | ---- | M] () -- C:\WINDOWS\SysNative\amdocl_ld64.exe
[2013/12/13 10:23:24 | 000,995,342 | ---- | M] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013/12/13 10:23:24 | 000,798,734 | ---- | M] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013/12/13 10:23:20 | 024,860,160 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\amdocl.dll
[2013/12/13 10:23:16 | 000,412,672 | ---- | M] () -- C:\WINDOWS\SysNative\amdmiracast.dll
[2013/12/13 10:23:16 | 000,134,656 | ---- | M] () -- C:\WINDOWS\SysNative\amdhdl64.dll
[2013/12/13 10:23:14 | 000,123,392 | ---- | M] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013/12/13 00:58:33 | 000,518,896 | ---- | M] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\SRSTSX64.dll
[2013/12/13 00:58:33 | 000,155,888 | ---- | M] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\SRSWOW64.dll
[2013/12/13 00:58:29 | 001,662,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RTSnMg64.cpl
[2013/12/13 00:58:28 | 002,794,056 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtPgEx64.dll
[2013/12/13 00:58:28 | 000,331,880 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtlCPAPI64.dll
[2013/12/13 00:58:26 | 000,149,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkCfg64.dll
[2013/12/13 00:58:26 | 000,014,952 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkCoLDR64.dll
[2013/12/13 00:58:25 | 003,744,328 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkAPO64.dll
[2013/12/13 00:58:24 | 001,003,592 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkApi64.dll
[2013/12/13 00:58:24 | 000,613,448 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtDataProc64.dll
[2013/12/13 00:58:24 | 000,375,128 | ---- | M] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEEP64A.dll
[2013/12/13 00:58:24 | 000,204,120 | ---- | M] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEED64A.dll
[2013/12/13 00:58:24 | 000,101,208 | ---- | M] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEEL64A.dll
[2013/12/13 00:58:24 | 000,078,680 | ---- | M] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEEG64A.dll
[2013/12/13 00:58:23 | 026,987,520 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RCoRes64.dat
[2013/12/13 00:58:23 | 001,284,680 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RTCOM64.dll
[2013/12/13 00:58:23 | 000,583,849 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\RTAIODAT.DAT
[2013/12/13 00:58:23 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RP3DHT64.dll
[2013/12/13 00:58:23 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RP3DAA64.dll
[2013/12/13 00:58:21 | 000,142,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RCoInstII64.dll
[2013/12/13 00:57:53 | 000,110,592 | ---- | M] (Real Sound Lab SIA) -- C:\WINDOWS\SysNative\CONEQMSAPOGUILibrary.dll
[2013/12/13 00:57:52 | 000,208,072 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\SysNative\AERTAC64.dll
[2013/12/13 00:57:52 | 000,108,640 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\SysNative\AERTAR64.dll
[2013/12/13 00:57:40 | 002,079,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2013/12/13 00:57:40 | 000,000,712 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\RTEQEX0.dat
[2013/12/13 00:57:40 | 000,000,016 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\rtkhdaud.dat
[2013/12/12 23:30:24 | 000,004,544 | ---- | M] () -- C:\Users\Mack\Desktop\New Journal Document.jnt
[2013/12/12 10:20:38 | 000,002,508 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/12/12 10:14:45 | 000,020,410 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1404000.028\VT20131125.019
[2013/12/11 12:46:37 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2013/12/11 12:46:35 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2013/12/11 12:46:35 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2013/12/11 12:46:34 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2013/12/09 13:33:02 | 000,002,290 | ---- | M] () -- C:\Users\Mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/09 12:20:02 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
[2013/12/09 10:27:56 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS
[2013/12/09 10:27:56 | 000,007,631 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT
[2013/12/09 10:27:56 | 000,000,854 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF
[2013/12/08 20:25:23 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/12/07 22:38:14 | 000,002,000 | ---- | M] () -- C:\Users\Mack\Desktop\Google Drive.lnk
[2013/12/07 22:11:16 | 000,001,435 | ---- | M] () -- C:\Users\Mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/07 22:11:16 | 000,000,223 | -HS- | M] () -- C:\Users\Mack\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2013/12/07 22:03:26 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\HP Games.lnk

========== Files Created - No Company Name ==========

[2013/12/28 11:20:41 | 000,000,512 | ---- | C] () -- C:\Users\Mack\Desktop\MBR.dat
[2013/12/27 14:26:37 | 001,233,962 | ---- | C] () -- C:\Users\Mack\Desktop\AdwCleaner.exe
[2013/12/27 11:24:27 | 000,001,414 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/12/27 11:24:27 | 000,001,402 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/12/26 12:29:15 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/26 12:29:14 | 000,001,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/12/26 11:38:07 | 000,001,720 | ---- | C] () -- C:\Users\Mack\Desktop\Continue Firefox.lnk
[2013/12/25 17:01:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013/12/25 15:43:30 | 000,001,453 | ---- | C] () -- C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/25 15:11:09 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013/12/25 14:59:39 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/12/25 14:52:44 | 000,000,352 | ---- | C] () -- C:\Users\Mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/12/25 14:52:44 | 000,000,334 | ---- | C] () -- C:\Users\Mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/12/25 14:52:20 | 000,020,958 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2013/12/25 14:52:20 | 000,020,958 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2013/12/25 14:43:35 | 000,930,400 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/12/25 14:40:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/12/25 14:39:47 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
[2013/12/25 14:39:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/12/23 14:45:31 | 000,008,675 | ---- | C] () -- C:\Users\Mack\Documents\481-322499_PCR_26491820.pdf
[2013/12/20 19:07:03 | 000,001,197 | ---- | C] () -- C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GlobeTrotter Connect.lnk
[2013/12/20 19:06:33 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\GlobeTrotter Connect.lnk
[2013/12/13 14:09:03 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\HPCeeScheduleForMack.job
[2013/12/13 10:24:06 | 000,230,912 | ---- | C] () -- C:\WINDOWS\SysNative\clinfo.exe
[2013/12/13 10:23:56 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013/12/13 10:23:56 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysNative\ativvsvl.dat
[2013/12/13 10:23:54 | 000,234,036 | ---- | C] () -- C:\WINDOWS\SysNative\ativvaxy_cik.dat
[2013/12/13 10:23:54 | 000,233,776 | ---- | C] () -- C:\WINDOWS\SysNative\ativvaxy_cik_nd.dat
[2013/12/13 10:23:54 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013/12/13 10:23:54 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysNative\ativvsva.dat
[2013/12/13 10:23:54 | 000,083,552 | ---- | C] () -- C:\WINDOWS\SysNative\ativce02.dat
[2013/12/13 10:23:52 | 003,461,040 | ---- | C] () -- C:\WINDOWS\SysWow64\atiumdva.cap
[2013/12/13 10:23:48 | 003,426,688 | ---- | C] () -- C:\WINDOWS\SysNative\atiumd6a.cap
[2013/12/13 10:23:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013/12/13 10:23:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysNative\atipblag.dat
[2013/12/13 10:23:42 | 000,047,887 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2013/12/13 10:23:34 | 000,721,296 | ---- | C] () -- C:\WINDOWS\SysNative\atiicdxx.dat
[2013/12/13 10:23:26 | 000,550,456 | ---- | C] () -- C:\WINDOWS\SysWow64\atiapfxx.blb
[2013/12/13 10:23:26 | 000,550,456 | ---- | C] () -- C:\WINDOWS\SysNative\atiapfxx.blb
[2013/12/13 10:23:24 | 001,187,342 | ---- | C] () -- C:\WINDOWS\SysNative\amdocl_as64.exe
[2013/12/13 10:23:24 | 001,061,902 | ---- | C] () -- C:\WINDOWS\SysNative\amdocl_ld64.exe
[2013/12/13 10:23:24 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013/12/13 10:23:24 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013/12/13 10:23:16 | 000,412,672 | ---- | C] () -- C:\WINDOWS\SysNative\amdmiracast.dll
[2013/12/13 10:23:16 | 000,134,656 | ---- | C] () -- C:\WINDOWS\SysNative\amdhdl64.dll
[2013/12/13 10:23:14 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013/12/13 00:59:35 | 000,583,849 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\RTAIODAT.DAT
[2013/12/12 23:30:24 | 000,004,544 | ---- | C] () -- C:\Users\Mack\Desktop\New Journal Document.jnt
[2013/12/09 12:20:02 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
[2013/12/09 10:17:52 | 000,002,290 | ---- | C] () -- C:\Users\Mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/09 10:17:51 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/08 20:25:21 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/12/08 18:25:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/12/07 22:38:14 | 000,002,000 | ---- | C] () -- C:\Users\Mack\Desktop\Google Drive.lnk
[2013/12/07 22:34:50 | 000,002,049 | ---- | C] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2013/12/07 22:34:50 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2013/12/07 22:34:50 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2013/12/07 22:34:27 | 000,000,908 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/07 22:34:26 | 000,000,904 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/07 22:11:16 | 000,001,435 | ---- | C] () -- C:\Users\Mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/07 22:03:26 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\HP Games.lnk
[2013/12/07 22:02:54 | 000,002,375 | ---- | C] () -- C:\Users\Public\Desktop\Walmart Photo Center.lnk
[2013/12/07 21:57:24 | 000,000,223 | -HS- | C] () -- C:\Users\Mack\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2013/08/22 09:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 09:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 08:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 01:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 21:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 21:17:46 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/08/21 17:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 17:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012/07/25 14:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012/07/25 14:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012/07/25 14:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/14 01:38:19 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/14 01:38:19 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 03:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 20:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 03:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 199 bytes -> C:\Users\Mack\SkyDrive:ms-properties

< End of report >

Realtor

2013-12-28, 19:43

OTL Extras logfile created on: 12/28/2013 12:13:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mack\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 69.75% Memory free
4.22 Gb Paging File | 2.95 Gb Available in Paging File | 69.89% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 275.02 Gb Total Space | 238.23 Gb Free Space | 86.62% Space Free | Partition Type: NTFS
Drive D: | 21.96 Gb Total Space | 2.18 Gb Free Space | 9.93% Space Free | Partition Type: NTFS

Computer Name: WORKPC | User Name: Mack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FC732FA-4D06-439B-95AF-8687C28C3567}" = lport=2869 | protocol=6 | dir=in | app=system |
"{17FBEFE2-4834-4FB0-99AA-5041F32A27D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{664D0B8A-AB35-488E-8F2A-BF12772E07F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{789BA4A6-BED5-4ECB-86FD-285DD15C1ABC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3D2BFA3-9BD9-474F-853C-E604963C89E5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A94213C9-9CDE-46EE-95F7-7A7B309D51ED}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BF437D01-272D-4006-893B-1DDD22BF5A45}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C51B2D57-002A-4A83-8B1B-DCC765FEA4D5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6458CDA-80B7-4C43-AAE8-FF111BCA92A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CBE3E77D-88FC-4F91-BF1E-610B4196FBA8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E5A4217C-0105-4D9F-8D81-83E4500320EF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE4306C7-9B4B-4ECA-923B-F1583582CBF9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FFEDE632-A17B-40BA-81BB-0A6B4803AF9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B2F3416-A2F6-466B-9B6A-54F9921171EA}" = dir=in | name=box |
"{0BF36677-FF46-4E14-97C6-228D1063DC6D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0EE9F234-1D73-4F4A-BF1D-56A9783D16FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10538B74-4755-46DB-ADBD-38C44B74280D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A1F100E-CD0C-4F41-8A31-EBEE79290555}" = dir=in | app=c:\users\mack\appdata\local\microsoft\skydrive\skydrive.exe |
"{1B0F3AAA-1262-46E7-83CB-B7D7FAE57617}" = dir=in | name=hp connected photo powered by snapfish |
"{1E47A746-A45B-4C6B-9B8E-F506C296B728}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{2081D9B1-44FF-4713-B87D-C2E1574E4183}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{22CF1EEB-9745-468D-B3B8-45DDEFCC3BA0}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.337_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{22F3A1C6-2C9E-4987-A6AD-B385B922BE32}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{24045D66-6AE0-4638-B7FA-1648E2209737}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe |
"{24359218-18A2-49BC-9E06-F979874A4097}" = dir=out | name=hp games |
"{243664C4-F14F-4447-A6A2-C2806301920D}" = dir=in | name=juniper networks junos pulse |
"{2855CC97-8D91-47F9-B555-EF5842DFBD01}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2865A4A3-156B-4EE1-806E-B1DA604280C5}" = dir=out | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{3DC20D18-E4AC-4BCF-AEA2-BFFF7A508706}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{404ABA56-84E9-4870-9A69-E3E4B4D29C0B}" = dir=out | name=box |
"{422FD124-8435-42E2-984D-90288550BD53}" = dir=out | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{43AAA923-F487-4334-9556-1A2E6AC53D46}" = dir=out | name=@{microsoft.bingweather_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{471C42E4-C90C-4AD1-8EDB-5773D48F8179}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{49F76B39-7C58-465D-AC48-8108C053CD0B}" = dir=in | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{4A771044-DBA8-4488-92F4-2029422C595B}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{55A3145C-6FAC-47A6-8B6A-F5F48F21DF3A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{5B29955A-A8E3-4234-AA35-D56491A91727}" = dir=out | name=norton studio |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{5FCCBC0B-CE46-426E-838D-689D84D5A7C3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{646DCA5B-A2AB-42EE-A80C-0608583F8EEE}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{6886ED8A-3CCF-438E-B20B-DFB2CA83C157}" = dir=out | name=youcam for hp |
"{6EA0681A-EB8F-48DE-B66A-9753DCD389AE}" = dir=out | name=juniper networks junos pulse |
"{718102D2-4F39-44E3-834B-1EAC31261E2A}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{75240D9D-2261-4740-9ACE-31E018312C3A}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{7EED17DA-155B-4C72-8FBD-CC51230315C8}" = dir=out | name=microsoft solitaire collection |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8132300B-4A0B-4EF3-BBCF-9E54B195A110}" = dir=out | name=@{microsoft.zunevideo_2.2.338.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{8258D31C-ECF7-4C1E-B01A-A760087C814F}" = dir=in | name=microsoft solitaire collection |
"{83CAB00A-C944-4000-887A-557B76D87BFC}" = dir=out | name=windows_ie_ac_001 |
"{8483F45A-6170-4066-805A-BD1CCFAB4336}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{866BEDCE-1CDF-4863-917F-E4FC422C661E}" = dir=out | name=hp registration |
"{8F471966-D400-4ECF-B2E2-6A5A536980FD}" = dir=in | name=check point vpn |
"{91D4FFEE-297A-4015-A2C5-B25908183D4F}" = dir=out | name=microsoft mahjong |
"{91DA9A1B-7F22-4061-A62C-373B9C1995B9}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.335_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{97C47A6F-0637-417C-AA41-3385B4B93EDD}" = dir=out | name=f5 vpn |
"{9B0F7E67-F78F-4A21-B86F-5106C2B49B1A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A1BFE048-380E-4A98-8F46-3E9C5D8E675C}" = dir=out | name=ebay |
"{A2561BAA-858E-493C-94B4-A998DF42070B}" = dir=out | name=netflix |
"{A31C3CF0-09EC-4099-86BB-20F6933D403B}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{A57BAA1A-E709-431F-AB9A-26162AD79C75}" = dir=in | name=microsoft mahjong |
"{AA213117-DCC7-4927-9E97-D8D1AC1D2E5A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{ABD7379F-827D-46C6-9E3E-C0FA895BED2B}" = dir=out | name=hp connected photo powered by snapfish |
"{B1A62FC2-C129-4C15-BCF9-EA26AD608603}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B24E5B94-EDDC-498F-92CD-72728DB19FB7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B2D2A6EA-76C8-4D14-AA2A-F2645F1870ED}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{B335D197-69BB-4D1A-AA80-0EF2985C6540}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{B6366D6C-00E1-4F29-80A5-B14852F1988B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{B8F943F2-F763-4EA1-B6CA-4049E1C18495}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{B921E4BE-DA9F-441E-9F37-5F073A30967A}" = dir=out | name=@{microsoft.bingsports_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{BB58D2F1-0423-4653-AD75-7E6DA7746F03}" = dir=out | name=@{microsoft.bingnews_3.0.1.321_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} |
"{BCB2A231-A187-43AA-8961-69FE13AEC512}" = dir=out | name=windows_ie_ac_001 |
"{BE4CB309-E8D5-4D50-B488-38F0800EE992}" = dir=out | name=getting started with windows 8 |
"{C215F47A-4672-4924-848C-07E412E2E743}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{C3F3F73C-3E69-44EC-9130-C5EC29FF6787}" = dir=in | name=hp+ |
"{C95DEA79-D8F8-4FB8-8F22-5A27E3DA877A}" = dir=out | name=sonicwall mobile connect |
"{CA828E1C-A9A5-4FC3-AC89-9B5F6A6DA2E4}" = dir=out | name=check point vpn |
"{CC71389B-CE2B-4C16-A583-3F1F90B4A830}" = protocol=6 | dir=out | app=system |
"{D0853DA5-E7C9-4D93-8C41-991D3F4E594D}" = dir=in | name=sonicwall mobile connect |
"{D1B7B526-4B34-4085-883E-8B8951C1C928}" = dir=out | name=kindle |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D7C8EB41-B749-4B4A-8026-23266EA1759D}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{D8568D4F-EAE5-48EB-ADC2-F97DD359AAD4}" = dir=in | name=f5 vpn |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DE9B8516-BE87-4572-ABE2-F9E404156DCE}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{DF341E2D-407C-41DA-B1F9-C3E5E8D9C7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6D35D5D-2206-4E82-B788-60102A99760F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EA20F023-90C0-4AF9-9E5E-E2C6427BCF41}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{EAE8C249-67B1-41E6-BDDE-BD0DAD609A32}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{EAFD7E92-9768-4663-9782-F0ABB73C19AE}" = dir=out | name=@{microsoft.bingtravel_3.0.1.202_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{EC55479D-6E1C-4B9E-82D9-1CB7C647A057}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{EED14B96-2ADF-48CC-92F1-8A7359AB5913}" = dir=out | name=@{microsoft.bingfinance_3.0.1.299_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{F4677521-53BC-48BF-8714-E5A0FDB6DBC0}" = dir=in | name=skype |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F6B6819F-CDC3-4B0A-901C-60BA6CB48883}" = dir=out | name=windows_ie_ac_001 |
"{F6C3C3BB-778B-466E-BE12-3AEB7BAC3C95}" = dir=out | name=skype |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F7C4FE2E-EADF-4839-AD0D-185CEF1222B2}" = dir=out | name=@{microsoft.zunemusic_2.2.339.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{F843CCE6-3392-40E1-8063-5CCCC4C38F37}" = dir=out | name=hp+ |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{50268784-08D9-2A2F-9ECE-EADFC45DC50C}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{727E94E5-584F-4463-B4F5-93D3779C610B}_x" = GlobeTrotter Connect
"{73237EBB-B26F-4628-8754-4EFE563D72E9}" = HP Utility Center
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CBEB415-30E0-B748-8FAB-0575E433E9DE}" = AMD Fuel
"{CB4C08E3-800F-65F6-9C00-06814A6B7CE7}" = AMD Catalyst Install Manager
"{CB882D6E-45B8-4E1F-828E-D13648394AB6}" = GlobeTrotter Connect
"{D1E8F2D7-7794-4245-B286-87ED86C1893C}" = HP Registration Service
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B4A6673-753A-9533-45BA-1F355715D9FC}" = CCC Help English
"{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}" = Realtek PCIE Card Reader
"{108B9AEB-5E19-1A4D-BE19-4856C0DCE6F3}" = CCC Help Thai
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1AE37508-089E-41AC-95BD-99FF06887C2F}" = HP Recovery Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{1FE80340-264B-4374-8F1C-252931AB3C6A}" = CCC Help Japanese
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{34C4C52E-E614-E554-2536-0ABAA2D68CE4}" = CCC Help Russian
"{35D41250-CC6E-D266-4A00-958F52562A20}" = CCC Help Korean
"{3D10A855-D379-A188-EE50-64548E1B1976}" = CCC Help Italian
"{3E2EE595-F2BD-8D77-EA86-5B48D407D548}" = Catalyst Control Center InstallProxy
"{4780D5B0-1CE0-CE1A-2F0A-047D12ED04E3}" = CCC Help Czech
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5342F310-0B71-761E-48AC-4FBB9D4AD080}" = Catalyst Control Center Localization All
"{56D4499E-AC3E-4B8D-91C9-C700C148C44B}" = Google Drive
"{574F0207-8E98-46CD-8F79-318348C98C46}" = HP Quick Start
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77750E8C-A73A-1DEE-DA3E-6B6FB768A4C0}" = CCC Help Chinese Standard
"{7B902CB5-6016-71B6-7388-33D8BDD58D4A}" = CCC Help German
"{7F1EE4DD-4801-DDF7-1083-0AF6C246EA61}" = CCC Help Turkish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8A96F685-A07B-2546-54A6-4CCBD119FA41}" = CCC Help Finnish
"{8C1ADF61-4F87-44BC-804C-C20FC70D98BB}" = HP Documentation
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
"{97D1CCA5-296D-361F-7A5C-D33B7653EDF5}" = CCC Help Norwegian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{A4B72B94-7745-4CA8-A4D6-D8AC2442451C}" = Citrix Online Launcher
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AD59E2EF-0022-6194-C57D-8A3B9140E13F}" = CCC Help Greek
"{AED76532-7302-D855-4780-DB177924E005}" = CCC Help French
"{B27332E6-6781-8804-2355-CB678E218065}" = CCC Help Chinese Traditional
"{B2F0406F-1609-489A-8626-7DB46776AB57}" = HP System Event Utility
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B7BF553F-6C08-42DA-FDB2-49C9467070D9}" = CCC Help Spanish
"{BBFFE0C6-CDB9-AD66-18AA-F88D28DAC4C0}" = CCC Help Hungarian
"{BD3F9DD5-C3A6-3CA1-8523-6121F30781DC}" = CCC Help Swedish
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C89A97B6-F991-EBB5-77B7-927BCF420EBE}" = OEM Application Profile
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D2993435-FC5D-DFA8-67CB-586957B9302F}" = CCC Help Portuguese
"{D55561A2-139B-481A-BEB9-193034A02B7A}" = ACI Forms Client
"{D65D424F-72E7-09A3-4BD4-52331A919873}" = CCC Help Danish
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DB751A71-541C-176C-6DBC-13C061769FA1}" = AMD VISION Engine Control Center
"{DE0887C8-0A44-2CAA-40EB-340BEE05B0D0}" = Catalyst Control Center Graphics Previews Common
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EC63AB5A-9694-DA16-6942-43AA10BE5710}" = CCC Help Dutch
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EEEDA52B-3C42-4BD7-BE42-FDB596EAFCEF}" = Catalyst Control Center - Branding
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4B9B49F-20C7-6FD5-2973-787322D4B53B}" = CCC Help Polish
"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0a314f35-ef5e-4c6c-833a-a24a80fe7a65" = Zuma's Revenge
"WTA-0d042821-e5d0-4050-bd92-1162637bd9c0" = Farm Frenzy
"WTA-228410ec-d7d9-4317-876b-62a7cd04447c" = Bounce Symphony
"WTA-2353306b-0f8c-413b-86d6-03f2c12b6d04" = Luxor Evolved
"WTA-2d250a85-130f-4286-90f6-a0eeaf2af42c" = Cradle of Rome 2
"WTA-375a0e55-cd3a-4c16-9a2b-90fc87ad3251" = Airport Mania
"WTA-41bc01bd-aec8-403e-b222-8ba0f4d48094" = Mystery P.I. - Curious Case of Counterfeit Cove
"WTA-45f7cc77-68d0-4870-bed3-8dd9d4cbc120" = Polar Bowler
"WTA-48b4081b-9ba4-4d1a-a4ad-2fb3bea18eca" = Bejeweled 3
"WTA-630ca1fd-7cac-459e-b73f-23591c93a24e" = Build-a-lot
"WTA-6326e85e-a93a-42b9-9d55-6001fce85592" = Governor of Poker 2 Premium Edition
"WTA-69038ccf-b460-4b33-b8a7-f5b664264ee2" = Plants vs. Zombies - Game of the Year
"WTA-6b165739-cc17-44fb-9161-0b91e6f35d1f" = 4 Elements II
"WTA-9158d569-bf86-4837-bdd4-5d0f1357d8ca" = Curse at Twilight
"WTA-a411b977-fa79-400a-97c9-66ad88b4f055" = Jewel Match 3
"WTA-ba445468-a111-4898-9a78-1bc254c48580" = Peggle Nights
"WTA-bd098083-8aec-4116-bc7f-838892f2e5b1" = Azteca
"WTA-c31e055b-bd5d-4cf5-957b-f989a59a9b4b" = House of 1000 Doors: Family Secrets
"WTA-cc8f5fe4-f5e0-41b3-a0b8-5132e9fbb7c2" = Tales of Lagoona
"WTA-e34e6e84-4c0e-4852-a3d0-7d7b2d50a91c" = Roads of Rome 3
"WTA-e81c4185-304c-4c8f-8b1a-103914a79607" = Mahjongg Dimensions Deluxe: Tiles in Time
"WTA-eaca0cc1-df9b-4fec-acec-3e74dce6e89d" = Royal Envoy 2 Collector's Edition
"WTA-eb90b425-3b16-4c96-b888-94de9a596323" = Delicious: Emily's Childhood Memories Premium Edition
"WTA-f2881011-c386-4e19-9ebc-e80298e43475" = Mah Jong Medley
"WTA-f59e06a0-0f6c-4733-90e7-ae6f9c5c5649" = Vacation Quest™ - Australia
"WTA-fae39fc5-aca2-481b-851d-241514319e1b" = Youda Jewel Shop
"WTA-fd9dff3b-1e28-4fe7-bf1d-3aac9b60fd53" = Cradle Of Egypt Collector's Edition

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 6.0.0.1259
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/11/2013 12:10:57 PM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1841

Error - 12/11/2013 3:35:49 PM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/11/2013 3:35:49 PM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2418

Error - 12/11/2013 3:35:49 PM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2418

Error - 12/12/2013 1:35:27 PM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/12/2013 1:35:27 PM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1841

Error - 12/12/2013 1:35:27 PM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1841

Error - 12/13/2013 5:26:49 AM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/13/2013 5:26:49 AM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1809

Error - 12/13/2013 5:26:49 AM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1809

[ System Events ]
Error - 12/18/2013 11:39:57 AM | Computer Name = WorkPc | Source = DCOM | ID = 10016
Description =

Error - 12/18/2013 11:40:08 AM | Computer Name = WorkPc | Source = DCOM | ID = 10016
Description =

Error - 12/18/2013 12:06:48 PM | Computer Name = WorkPc | Source = DCOM | ID = 10016
Description =

Error - 12/18/2013 12:06:49 PM | Computer Name = WorkPc | Source = DCOM | ID = 10016
Description =

Error - 12/18/2013 12:06:49 PM | Computer Name = WorkPc | Source = DCOM | ID = 10016
Description =

Error - 12/18/2013 12:10:51 PM | Computer Name = WorkPc | Source = DCOM | ID = 10016
Description =

Error - 12/18/2013 12:10:51 PM | Computer Name = WorkPc | Source = DCOM | ID = 10016
Description =

Error - 12/18/2013 12:10:51 PM | Computer Name = WorkPc | Source = DCOM | ID = 10016
Description =

Error - 12/18/2013 12:11:16 PM | Computer Name = WorkPc | Source = DCOM | ID = 10016
Description =

Error - 12/18/2013 12:11:27 PM | Computer Name = WorkPc | Source = DCOM | ID = 10016
Description =

< End of report >

ken545

2013-12-28, 20:48

I am having some concerns about your MBR (Master Boot Record). Its possible its corrupted or maybe infected. Is your computer starting up ok, any lags or problems with it starting ?

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-28 10:49:53
-----------------------------
10:49:53.462 OS Version: Windows x64 6.2.9200
10:49:53.462 Number of processors: 2 586 0x200
10:49:53.465 ComputerName: WORKPC UserName: Mack
10:49:54.100 Initialze error 1
11:19:09.915 AVAST engine defs: 13122800
11:19:18.220 The log file has been saved successfully to "C:\Users\Mack\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-28 10:49:53
-----------------------------
10:49:53.462 OS Version: Windows x64 6.2.9200
10:49:53.462 Number of processors: 2 586 0x200
10:49:53.465 ComputerName: WORKPC UserName: Mack
10:49:54.100 Initialze error 1
11:19:09.915 AVAST engine defs: 13122800
11:19:18.220 The log file has been saved successfully to "C:\Users\Mack\Desktop\aswMBR.txt"
11:19:41.829 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
11:19:41.837 Disk 0 Vendor: HGST_HTS545032A7E380 GGBOACA0 Size: 305245MB BusType: 11
11:19:41.898 Disk 0 MBR read successfully
11:19:41.905 Disk 0 MBR scan
11:19:41.932 Disk 0 unknown MBR code
11:19:41.940 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
11:19:41.957 Disk 0 scanning C:\WINDOWS\system32\drivers
11:19:41.968 Service scanning
11:19:42.523 Modules scanning
11:19:42.541 Disk 0 trace - called modules:
11:19:42.565 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
11:19:42.584 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000016ab5e0]
11:19:42.601 3 CLASSPNP.SYS[fffff80000646abb] -> nt!IofCallDriver -> [0xffffe000002e9b30]
11:19:42.617 5 amdxata.sys[fffff800007146b4] -> nt!IofCallDriver -> \Device\00000028[0xffffe0000139a060]
11:19:42.633 AVAST engine scan C:\WINDOWS
11:19:42.649 AVAST engine scan C:\WINDOWS\system32
11:19:42.666 AVAST engine scan C:\WINDOWS\system32\drivers
11:19:42.683 AVAST engine scan C:\Users\Mack
11:19:42.700 AVAST engine scan C:\ProgramData
11:19:42.717 Scan finished successfully
11:20:11.844 Disk 0 MBR fix error
11:20:41.924 Disk 0 MBR has been saved successfully to "C:\Users\Mack\Desktop\MBR.dat"
11:20:41.947 The log file has been saved successfully to "C:\Users\Mack\Desktop\aswMBR.txt"

Lets run a few more tools, lets do this one first

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

Download Malwarebytes Anti-Rootkit from Here (http://downloads.malwarebytes.org/file/mbar)

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

Realtor

2013-12-28, 23:29

This is a new system and first time with Win 8.1 operating system. I have nothing to measure the start up time against. It does not seem to take an unusually long time. Is there a amount of time that it should take?

Also, I have a Dell Laptop that has the same problem with search.conduit. Can I run the same processes on it and remove the malware?
Thank you for your help!

ken545

2013-12-28, 23:53

I just got a new Dell All in One about 2 months ago, upgraded to 8.1 and my system boots up from when I press the power button until I log into windows in about 30 seconds. As far as your other computer, you need to hang off on that one until we are done here or it can get confusing.

Trying to determine whats going on with this from your aswMBR log
11:20:11.844 Disk 0 MBR fix error

Go ahead and run Malwarebytes Anti Rootkit and post the log

Realtor

2013-12-29, 00:18

From pressing power button until desktop screen took about 45 seconds.
I have looked and read and have been unable to find where to reply to post without quotes. I have been replying and deleting the quoted text. Is there an easier way?
Thanks

ken545

2013-12-29, 00:58

Over on the bottom left there is an icon that says REPLY TO THREAD, use that one and after you type in your remarks and or a log from a scan then click on Submit Reply

That entry on your aswMBR may be a false positive, not sure, I am asking around but if the MBR is infected ( which I kind of doubt ) then the next few scans will tell us. Personally I have viewed 100s of aswMBR logs and never have seen that entry before, might be a win 8 thing or the MBR that came from the manufacturer of your computer

ken545

2013-12-29, 03:01

Let me ask you this

Go back to my first reply with instructions for running aswMBR

When you ran aswMBR and the scan finished, did you by chance accidentally click on the FIXMBR OR FIX button prior to SAVE LOG ???

Run aswMBR again, when the scan is finished be sure to just click on SAVE LOG and post the new log for me to see

Realtor

2013-12-30, 16:23

I was using Google Chrome as the web browser and it did not display the reply button. I have changed to explorer and you guessed it. The reply button was visible. Thanks,

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-30 08:46:33
-----------------------------
08:46:33.055 OS Version: Windows x64 6.2.9200
08:46:33.055 Number of processors: 2 586 0x200
08:46:33.055 ComputerName: WORKPC UserName: Mack
08:46:33.617 Initialze error 1
09:11:47.679 AVAST engine defs: 13123000
09:15:19.057 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
09:15:19.073 Disk 0 Vendor: HGST_HTS545032A7E380 GGBOACA0 Size: 305245MB BusType: 11
09:15:19.136 Disk 0 MBR read successfully
09:15:19.151 Disk 0 MBR scan
09:15:19.182 Disk 0 unknown MBR code
09:15:19.198 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
09:15:19.214 Disk 0 scanning C:\WINDOWS\system32\drivers
09:15:19.214 Service scanning
09:15:19.823 Modules scanning
09:15:19.839 Disk 0 trace - called modules:
09:15:19.870 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
09:15:19.870 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000016bd060]
09:15:19.885 3 CLASSPNP.SYS[fffff80000001abb] -> nt!IofCallDriver -> [0xffffe00000fd32c0]
09:15:19.901 5 amdxata.sys[fffff8000071b6b4] -> nt!IofCallDriver -> \Device\00000028[0xffffe00000fd5060]
09:15:19.917 AVAST engine scan C:\WINDOWS
09:15:19.932 AVAST engine scan C:\WINDOWS\system32
09:15:19.948 AVAST engine scan C:\WINDOWS\system32\drivers
09:15:19.964 AVAST engine scan C:\Users\Mack
09:15:19.979 AVAST engine scan C:\ProgramData
09:15:19.995 Scan finished successfully
09:15:47.198 Disk 0 MBR has been saved successfully to "C:\Users\Mack\Desktop\MBR.dat"
09:15:47.214 The log file has been saved successfully to "C:\Users\Mack\Desktop\aswMBR1.txt"

ken545

2013-12-30, 19:00

Hi, that's all I use is Chrome and the icons show up just fine, you may have your resolution set wrong

OK, aswMBR looks just fine now.

Any other issues , how is your computer working now ?

Realtor

2013-12-30, 22:08

For some reason the reply button does not present itself. I tried three different browsers and all three failed to display the reply button. I had to reply with Quote again.
The system is working great with one exception which may not be related to the problem with search.container. It appears to take a very long time to down load a file. I have cable internet and the down load rate was like 74 bps. It takes a long time to down load. Wireless connection showed good reception.
Thanks

Hi, that's all I use is Chrome and the icons show up just fine, you may have your resolution set wrong

OK, aswMBR looks just fine now.

Any other issues , how is your computer working now ?

ken545

2013-12-31, 00:12

Hey,

How are ya doing. Lets check your screen resolution. First, is your computer a laptop or a desktop, if its a laptop what is the size of the screen ? If its a desktop whats the size of your monitor.

With all programs closed , right click anywhere on your desktop and select Resolution, what resolution size is it showing ?

Realtor

2013-12-31, 15:37

I am doing great thanks to your help. I am using a laptop computer. Screen resolution is 1366 x 768. This is the recommended setting. Thanks

Hey,

How are ya doing. Lets check your screen resolution. First, is your computer a laptop or a desktop, if its a laptop what is the size of the screen ? If its a desktop whats the size of your monitor.

With all programs closed , right click anywhere on your desktop and select Resolution, what resolution size is it showing ?

ken545

2013-12-31, 16:33

What size is your laptop , 15" or 17" ?

My laptop is a 17" and my resolution is set to 1440 x 900 and I can see everything fine

Realtor

2013-12-31, 18:07

My screen size if 15 inch, HP laptop. Purchased less than a month ago. The resolution appears good. But the no button shows on the left at the bottom. Without seeing a picture of what the screen is to look like I can't tell if anything else is missing. I have only seen the post button one time and it may have been on a different machine that I was answering email on. Thanks

I am doing great thanks to your help. I am using a laptop computer. Screen resolution is 1366 x 768. This is the recommended setting. Thanks

ken545

2013-12-31, 18:28

Try changing the resolution to either 1440x900, 1680x1050, try them both, you can always switch back to 1366 x 768 if you dont care for the other two, try it, you cant hurt anything.

Realtor

2013-12-31, 18:37

The resolution is as high as it will go. I tried lesser settings but still it does not display the post button. I have checked the help files on google and performed some of their suggestions but still nothing. Thanks

I have windows 8.1 and have not been able to get it to run as Administrator in order for the DDS program to run. Can you assist?

ken545

2013-12-31, 18:42

OK, thanks for letting me know

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.

Malwarebytes is the free version and yours to keep and will not be removed

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)

Safe Surfn
Ken