Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 29

Thread: Need help removing search.conduit from my system

  1. #11
    Junior Member
    Join Date
    Dec 2013
    Posts
    17

    Default After running OTL Part 2 of 3

    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/12/25 16:31:42 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
    DRV:64bit: - [2013/12/25 16:31:42 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
    DRV:64bit: - [2013/12/25 16:31:42 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
    DRV:64bit: - [2013/12/25 16:31:42 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
    DRV:64bit: - [2013/12/25 16:31:42 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
    DRV:64bit: - [2013/12/13 10:23:36 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2013/12/13 10:23:36 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2013/12/09 10:27:56 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2013/11/14 01:28:58 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
    DRV:64bit: - [2013/11/14 01:25:25 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
    DRV:64bit: - [2013/11/14 01:25:25 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2013/11/14 01:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
    DRV:64bit: - [2013/11/14 01:23:24 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
    DRV:64bit: - [2013/11/14 01:16:57 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2013/11/14 01:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2013/08/22 07:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
    DRV:64bit: - [2013/08/22 07:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2013/08/22 06:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
    DRV:64bit: - [2013/08/22 06:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
    DRV:64bit: - [2013/08/22 06:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2013/08/22 06:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
    DRV:64bit: - [2013/08/22 06:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
    DRV:64bit: - [2013/08/22 06:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
    DRV:64bit: - [2013/08/22 06:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2013/08/22 06:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2013/08/22 06:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
    DRV:64bit: - [2013/08/22 06:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2013/08/22 06:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
    DRV:64bit: - [2013/08/22 06:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
    DRV:64bit: - [2013/08/22 06:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2013/08/22 06:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2013/08/22 06:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
    DRV:64bit: - [2013/08/22 06:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2013/08/22 06:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
    DRV:64bit: - [2013/08/22 06:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
    DRV:64bit: - [2013/08/22 06:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2013/08/22 06:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
    DRV:64bit: - [2013/08/22 06:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
    DRV:64bit: - [2013/08/22 06:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
    DRV:64bit: - [2013/08/22 06:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
    DRV:64bit: - [2013/08/22 06:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2013/08/22 06:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
    DRV:64bit: - [2013/08/22 06:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
    DRV:64bit: - [2013/08/22 06:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
    DRV:64bit: - [2013/08/22 06:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
    DRV:64bit: - [2013/08/22 06:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
    DRV:64bit: - [2013/08/22 06:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
    DRV:64bit: - [2013/08/22 06:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
    DRV:64bit: - [2013/08/22 06:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
    DRV:64bit: - [2013/08/22 06:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
    DRV:64bit: - [2013/08/22 06:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
    DRV:64bit: - [2013/08/22 06:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
    DRV:64bit: - [2013/08/22 06:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
    DRV:64bit: - [2013/08/22 05:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
    DRV:64bit: - [2013/08/22 05:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
    DRV:64bit: - [2013/08/22 05:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
    DRV:64bit: - [2013/08/22 05:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
    DRV:64bit: - [2013/08/22 05:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
    DRV:64bit: - [2013/08/22 05:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
    DRV:64bit: - [2013/08/22 05:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
    DRV:64bit: - [2013/08/22 05:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
    DRV:64bit: - [2013/08/22 05:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
    DRV:64bit: - [2013/08/22 05:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
    DRV:64bit: - [2013/08/22 05:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
    DRV:64bit: - [2013/08/22 05:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
    DRV:64bit: - [2013/08/22 05:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
    DRV:64bit: - [2013/08/22 05:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2013/08/22 05:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
    DRV:64bit: - [2013/08/22 05:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2013/08/22 05:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
    DRV:64bit: - [2013/08/22 05:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2013/08/22 05:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
    DRV:64bit: - [2013/08/22 05:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
    DRV:64bit: - [2013/08/22 05:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
    DRV:64bit: - [2013/08/22 05:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
    DRV:64bit: - [2013/08/22 05:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
    DRV:64bit: - [2013/08/22 02:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
    DRV:64bit: - [2013/08/12 17:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
    DRV:64bit: - [2013/08/09 18:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
    DRV:64bit: - [2013/08/07 20:41:38 | 003,915,264 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
    DRV:64bit: - [2013/07/30 12:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
    DRV:64bit: - [2013/07/25 13:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
    DRV:64bit: - [2013/06/18 08:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
    DRV:64bit: - [2013/05/22 23:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2013/05/20 23:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS)
    DRV:64bit: - [2013/05/16 21:12:22 | 000,524,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2013/05/15 23:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2013/05/07 18:41:48 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
    DRV:64bit: - [2013/05/07 18:41:48 | 000,029,424 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
    DRV:64bit: - [2013/04/24 18:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)
    DRV:64bit: - [2013/04/15 20:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)
    DRV:64bit: - [2013/03/04 19:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2013/03/04 19:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2013/02/14 06:41:14 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
    DRV:64bit: - [2013/01/23 18:29:56 | 000,288,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
    DRV:64bit: - [2012/11/30 01:31:02 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2012/11/30 01:31:00 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2012/09/01 20:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
    DRV:64bit: - [2012/08/31 10:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
    DRV:64bit: - [2012/08/28 07:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2012/06/25 11:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
    DRV:64bit: - [2012/06/20 15:27:30 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symelam.sys -- (SymELAM)
    DRV - [2013/12/12 23:05:29 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131227.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2013/12/09 18:15:12 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131227.009\ex64.sys -- (NAVEX15)
    DRV - [2013/12/09 18:15:12 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131227.009\eng64.sys -- (NAVENG)
    DRV - [2013/12/07 22:20:48 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2013/12/07 22:20:48 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2013/12/03 20:35:20 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131203.001\BHDrvx64.sys -- (BHDrvx64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
    IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
    IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Mack\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2013/12/08 08:15:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2013/12/28 11:36:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2013/12/26 12:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mack\AppData\Roaming\mozilla\Extensions
    [2013/12/26 12:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/12/26 12:29:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/gmail
    CHR - Extension: Google Docs = C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Gmail Offline = C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0\
    CHR - Extension: Crackle = C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
    CHR - Extension: Norton Identity Protection = C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.5.2_0\
    CHR - Extension: Google Wallet = C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
    CHR - Extension: Gmail = C:\Users\Mack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/08/22 07:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKCU..\Run: [SkyDrive] C:\Users\Mack\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GlobeTrotter Connect.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://taxdata.realtracs.net/realest...gaxctrlv65.cab (Autodesk MapGuide ActiveX Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.64.23 24.217.201.67 24.177.176.38
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAE7D2D1-F290-46B6-B75A-77D9925BE980}: DhcpNameServer = 24.159.64.23 24.217.201.67 24.177.176.38
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O30 - LSA: Security Packages - (livessp) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

  2. #12
    Junior Member
    Join Date
    Dec 2013
    Posts
    17

    Default After running OTL Part 3 of 3

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/12/28 11:50:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2013/12/28 10:47:05 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Mack\Desktop\aswMBR.exe
    [2013/12/28 10:42:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mack\Desktop\OTL.exe
    [2013/12/28 10:42:41 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Mack\Desktop\JRT.exe
    [2013/12/27 14:27:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/12/27 13:34:00 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Mack\Desktop\dds.scr
    [2013/12/27 11:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013/12/27 11:24:18 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\SysNative\sdnclean64.exe
    [2013/12/27 11:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/12/27 11:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2013/12/27 11:23:32 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Programs
    [2013/12/26 18:07:40 | 000,000,000 | ---D | C] -- C:\Users\Mack\Documents\Training
    [2013/12/26 12:29:26 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Mozilla
    [2013/12/26 12:29:25 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\Mozilla
    [2013/12/26 12:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2013/12/26 12:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2013/12/26 12:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/12/26 12:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ACI
    [2013/12/26 12:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ACI
    [2013/12/26 11:46:39 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Cached Installations
    [2013/12/25 16:36:52 | 000,000,000 | -HSD | C] -- C:\Recovery
    [2013/12/25 16:36:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
    [2013/12/25 16:34:56 | 000,075,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\imagehlp.dll
    [2013/12/25 16:34:35 | 000,393,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPhoto.dll
    [2013/12/25 16:34:35 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPhoto.dll
    [2013/12/25 16:34:26 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\scrrun.dll
    [2013/12/25 16:34:26 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\scrrun.dll
    [2013/12/25 16:34:14 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe
    [2013/12/25 16:34:14 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmregistration.dll
    [2013/12/25 16:34:14 | 000,240,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mdmregistration.dll
    [2013/12/25 16:33:21 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
    [2013/12/25 16:33:21 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
    [2013/12/25 16:33:21 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
    [2013/12/25 16:33:21 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
    [2013/12/25 16:33:21 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
    [2013/12/25 16:33:21 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
    [2013/12/25 16:32:16 | 004,105,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
    [2013/12/25 16:32:16 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
    [2013/12/25 16:31:42 | 013,177,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
    [2013/12/25 16:31:42 | 011,674,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
    [2013/12/25 16:31:42 | 007,399,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
    [2013/12/25 16:31:42 | 002,896,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
    [2013/12/25 16:31:42 | 002,570,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
    [2013/12/25 16:31:42 | 002,266,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
    [2013/12/25 16:31:42 | 002,143,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
    [2013/12/25 16:31:42 | 002,140,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
    [2013/12/25 16:31:42 | 001,843,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
    [2013/12/25 16:31:42 | 001,816,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
    [2013/12/25 16:31:42 | 001,765,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
    [2013/12/25 16:31:42 | 001,765,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
    [2013/12/25 16:31:42 | 001,756,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPDMC.exe
    [2013/12/25 16:31:42 | 001,642,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
    [2013/12/25 16:31:42 | 001,506,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
    [2013/12/25 16:31:42 | 001,476,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
    [2013/12/25 16:31:42 | 001,391,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPDMC.exe
    [2013/12/25 16:31:42 | 001,345,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
    [2013/12/25 16:31:42 | 001,302,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
    [2013/12/25 16:31:42 | 000,922,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
    [2013/12/25 16:31:42 | 000,840,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
    [2013/12/25 16:31:42 | 000,747,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidcli.dll
    [2013/12/25 16:31:42 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
    [2013/12/25 16:31:42 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
    [2013/12/25 16:31:42 | 000,637,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
    [2013/12/25 16:31:42 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
    [2013/12/25 16:31:42 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
    [2013/12/25 16:31:42 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidcli.dll
    [2013/12/25 16:31:42 | 000,516,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
    [2013/12/25 16:31:42 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
    [2013/12/25 16:31:42 | 000,382,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
    [2013/12/25 16:31:42 | 000,372,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
    [2013/12/25 16:31:42 | 000,358,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcomp.dll
    [2013/12/25 16:31:42 | 000,325,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
    [2013/12/25 16:31:42 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
    [2013/12/25 16:31:42 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
    [2013/12/25 16:31:42 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dcomp.dll
    [2013/12/25 16:31:42 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
    [2013/12/25 16:31:42 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
    [2013/12/25 16:31:42 | 000,146,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\SerCx2.sys
    [2013/12/25 16:31:42 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winbici.dll
    [2013/12/25 16:31:42 | 000,086,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys
    [2013/12/25 16:31:42 | 000,039,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\intelpep.sys
    [2013/12/25 16:31:42 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredentialMigrationHandler.dll
    [2013/12/25 16:31:42 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredentialMigrationHandler.dll
    [2013/12/25 16:25:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
    [2013/12/25 16:25:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
    [2013/12/25 16:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
    [2013/12/25 16:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
    [2013/12/25 16:25:43 | 000,000,000 | ---D | C] -- C:\inetpub
    [2013/12/25 16:25:33 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisRtl.dll
    [2013/12/25 16:25:33 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ahadmin.dll
    [2013/12/25 16:25:33 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\admwprox.dll
    [2013/12/25 16:25:33 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisreset.exe
    [2013/12/25 16:25:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wamregps.dll
    [2013/12/25 16:25:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisrstap.dll
    [2013/12/25 16:25:32 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisRtl.dll
    [2013/12/25 16:25:32 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\admwprox.dll
    [2013/12/25 16:25:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wamregps.dll
    [2013/12/25 16:25:31 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ahadmin.dll
    [2013/12/25 16:25:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisreset.exe
    [2013/12/25 16:25:31 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisrstap.dll
    [2013/12/25 16:24:34 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TsWpfWrp.exe
    [2013/12/25 16:24:33 | 000,778,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
    [2013/12/25 16:24:33 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    [2013/12/25 16:24:32 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TsWpfWrp.exe
    [2013/12/25 16:24:31 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll
    [2013/12/25 16:24:30 | 001,166,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationNative_v0300.dll
    [2013/12/25 15:43:25 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\Identities
    [2013/12/25 14:52:44 | 000,000,000 | --SD | C] -- C:\Users\Mack\AppData\Roaming\Microsoft
    [2013/12/25 14:52:44 | 000,000,000 | R--D | C] -- C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    [2013/12/25 14:52:44 | 000,000,000 | R--D | C] -- C:\Users\Mack\Favorites
    [2013/12/25 14:52:44 | 000,000,000 | R--D | C] -- C:\Users\Mack\Documents
    [2013/12/25 14:52:44 | 000,000,000 | R--D | C] -- C:\Users\Mack\Desktop
    [2013/12/25 14:52:44 | 000,000,000 | R--D | C] -- C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2013/12/25 14:52:44 | 000,000,000 | R--D | C] -- C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    [2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\AppData\Local\Temporary Internet Files
    [2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\Templates
    [2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\Start Menu
    [2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\SendTo
    [2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\Recent
    [2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\PrintHood
    [2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\NetHood
    [2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\Documents\My Videos
    [2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\Documents\My Pictures
    [2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\Documents\My Music
    [2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\My Documents
    [2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\Local Settings
    [2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\AppData\Local\History
    [2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\Cookies
    [2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\Application Data
    [2013/12/25 14:52:44 | 000,000,000 | -HSD | C] -- C:\Users\Mack\AppData\Local\Application Data
    [2013/12/25 14:52:44 | 000,000,000 | -H-D | C] -- C:\Users\Mack\AppData
    [2013/12/25 14:52:44 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Temp
    [2013/12/25 14:52:44 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Microsoft
    [2013/12/25 14:52:44 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2013/12/25 14:41:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
    [2013/12/25 14:40:41 | 000,000,000 | ---D | C] -- C:\AMD
    [2013/12/25 14:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
    [2013/12/25 14:39:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\SRSLabs
    [2013/12/25 14:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2013/12/25 14:39:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
    [2013/12/25 14:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
    [2013/12/25 14:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2013/12/23 14:41:07 | 000,000,000 | ---D | C] -- C:\Users\Mack\Documents\Temp
    [2013/12/20 19:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlobeTrotter Connect
    [2013/12/20 19:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Option
    [2013/12/18 23:35:17 | 000,014,848 | ---- | C] (Microsoft) -- C:\WINDOWS\SysWow64\rars.rs
    [2013/12/18 23:35:17 | 000,014,848 | ---- | C] (Microsoft) -- C:\WINDOWS\SysNative\rars.rs
    [2013/12/18 09:29:55 | 000,000,000 | ---D | C] -- C:\Users\Mack\Documents\Personal
    [2013/12/15 15:21:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\MRT
    [2013/12/13 10:24:06 | 000,129,536 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\coinst_13.251.dll
    [2013/12/13 10:24:06 | 000,099,840 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\OpenVideo64.dll
    [2013/12/13 10:24:06 | 000,086,528 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\OVDecode64.dll
    [2013/12/13 10:24:06 | 000,083,968 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\OpenVideo.dll
    [2013/12/13 10:24:06 | 000,073,728 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\OVDecode.dll
    [2013/12/13 10:23:54 | 008,287,008 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiumdva.dll
    [2013/12/13 10:23:54 | 000,143,304 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiuxp64.dll
    [2013/12/13 10:23:54 | 000,126,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiuxpag.dll
    [2013/12/13 10:23:50 | 008,927,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiumd6a.dll
    [2013/12/13 10:23:50 | 006,630,232 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiumdag.dll
    [2013/12/13 10:23:48 | 007,751,920 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiumd64.dll
    [2013/12/13 10:23:46 | 022,157,824 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysWow64\atioglxx.dll
    [2013/12/13 10:23:46 | 000,190,976 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\atitmm64.dll
    [2013/12/13 10:23:46 | 000,115,512 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiu9p64.dll
    [2013/12/13 10:23:46 | 000,098,496 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiu9pag.dll
    [2013/12/13 10:23:42 | 000,332,800 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\ATIODE.exe
    [2013/12/13 10:23:42 | 000,051,200 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\ATIODCLI.exe
    [2013/12/13 10:23:40 | 026,352,128 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atio6axx.dll
    [2013/12/13 10:23:36 | 013,207,552 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\drivers\atikmdag.sys
    [2013/12/13 10:23:36 | 000,626,176 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\drivers\atikmpag.sys
    [2013/12/13 10:23:36 | 000,078,432 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atimpc64.dll
    [2013/12/13 10:23:36 | 000,071,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atimpc32.dll
    [2013/12/13 10:23:36 | 000,031,232 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\atimuixx.dll
    [2013/12/13 10:23:34 | 000,100,352 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atig6txx.dll
    [2013/12/13 10:23:34 | 000,096,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atigktxx.dll
    [2013/12/13 10:23:34 | 000,074,752 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atig6pxx.dll
    [2013/12/13 10:23:34 | 000,069,632 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiglpxx.dll
    [2013/12/13 10:23:34 | 000,069,632 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiglpxx.dll
    [2013/12/13 10:23:32 | 009,753,752 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atidxx64.dll
    [2013/12/13 10:23:32 | 008,406,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atidxx32.dll
    [2013/12/13 10:23:32 | 000,588,288 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\atieclxx.exe
    [2013/12/13 10:23:32 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atidemgy.dll
    [2013/12/13 10:23:32 | 000,239,616 | ---- | C] (AMD) -- C:\WINDOWS\SysNative\atiesrxx.exe
    [2013/12/13 10:23:30 | 015,716,352 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\aticaldd64.dll
    [2013/12/13 10:23:30 | 001,318,552 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\aticfx64.dll
    [2013/12/13 10:23:30 | 001,100,216 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\aticfx32.dll
    [2013/12/13 10:23:30 | 000,062,464 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\aticalrt64.dll
    [2013/12/13 10:23:30 | 000,052,224 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticalrt.dll
    [2013/12/13 10:23:28 | 014,302,208 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticaldd.dll
    [2013/12/13 10:23:28 | 000,368,640 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atiapfxx.exe
    [2013/12/13 10:23:28 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atibtmon.exe
    [2013/12/13 10:23:28 | 000,055,808 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\aticalcl64.dll
    [2013/12/13 10:23:28 | 000,049,152 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticalcl.dll
    [2013/12/13 10:23:26 | 001,144,320 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atiadlxx.dll
    [2013/12/13 10:23:26 | 000,825,344 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysWow64\atiadlxy.dll
    [2013/12/13 10:23:26 | 000,078,432 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\amdpcom64.dll
    [2013/12/13 10:23:26 | 000,071,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\amdpcom32.dll
    [2013/12/13 10:23:26 | 000,063,488 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
    [2013/12/13 10:23:26 | 000,057,344 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
    [2013/12/13 10:23:26 | 000,043,520 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\drivers\ati2erec.dll
    [2013/12/13 10:23:24 | 029,382,144 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\amdocl64.dll
    [2013/12/13 10:23:20 | 024,860,160 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\amdocl.dll
    [2013/12/13 00:59:38 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\SRSTSX64.dll
    [2013/12/13 00:59:38 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\SRSWOW64.dll
    [2013/12/13 00:59:37 | 001,662,024 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RTSnMg64.cpl
    [2013/12/13 00:59:36 | 002,794,056 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtPgEx64.dll
    [2013/12/13 00:59:36 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtlCPAPI64.dll
    [2013/12/13 00:59:36 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkCfg64.dll
    [2013/12/13 00:59:36 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkCoLDR64.dll
    [2013/12/13 00:59:35 | 003,744,328 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkAPO64.dll
    [2013/12/13 00:59:35 | 001,284,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RTCOM64.dll
    [2013/12/13 00:59:35 | 001,003,592 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkApi64.dll
    [2013/12/13 00:59:35 | 000,613,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtDataProc64.dll
    [2013/12/13 00:59:35 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEEP64A.dll
    [2013/12/13 00:59:35 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RP3DHT64.dll
    [2013/12/13 00:59:35 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RP3DAA64.dll
    [2013/12/13 00:59:35 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEED64A.dll
    [2013/12/13 00:59:35 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEEL64A.dll
    [2013/12/13 00:59:35 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEEG64A.dll
    [2013/12/13 00:59:34 | 026,987,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RCoRes64.dat
    [2013/12/13 00:59:33 | 000,142,920 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RCoInstII64.dll
    [2013/12/13 00:59:29 | 000,208,072 | ---- | C] (Andrea Electronics Corporation) -- C:\WINDOWS\SysNative\AERTAC64.dll
    [2013/12/13 00:59:29 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\WINDOWS\SysNative\CONEQMSAPOGUILibrary.dll
    [2013/12/13 00:59:29 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\WINDOWS\SysNative\AERTAR64.dll
    [2013/12/12 23:36:22 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\ElevatedDiagnostics
    [2013/12/12 23:30:33 | 000,000,000 | R--D | C] -- C:\Users\Mack\Documents\Notes
    [2013/12/12 18:16:59 | 003,915,264 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\WINDOWS\SysNative\drivers\athw8x.sys
    [2013/12/12 17:49:25 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\HP Quick Start
    [2013/12/12 08:38:44 | 000,000,000 | ---D | C] -- C:\Users\Mack\.pdfsam
    [2013/12/11 12:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2013/12/11 12:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2013/12/11 12:47:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2013/12/11 12:47:21 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
    [2013/12/11 12:46:56 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
    [2013/12/11 12:46:56 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
    [2013/12/11 12:46:56 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
    [2013/12/11 12:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2013/12/11 12:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2013/12/11 10:54:57 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Citrix
    [2013/12/09 12:36:34 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\OpenOffice
    [2013/12/09 12:19:59 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
    [2013/12/09 12:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
    [2013/12/09 11:37:35 | 000,000,000 | ---D | C] -- C:\Users\Mack\Desktop\OpenOffice 4.0.1 (en-US) Installation Files
    [2013/12/09 10:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2013/12/08 18:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2013/12/08 18:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2013/12/08 18:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2013/12/08 18:23:53 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Adobe
    [2013/12/08 15:11:02 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\hpqlog
    [2013/12/08 15:11:00 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Hewlett-Packard
    [2013/12/08 08:21:09 | 000,000,000 | R--D | C] -- C:\Users\Mack\SkyDrive
    [2013/12/08 08:16:26 | 000,000,000 | ---D | C] -- C:\Users\Mack\Documents\Youcam
    [2013/12/08 08:16:26 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\CyberLink
    [2013/12/08 08:16:25 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\CyberLink
    [2013/12/07 23:28:14 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\Macromedia
    [2013/12/07 22:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
    [2013/12/07 22:38:13 | 000,000,000 | R--D | C] -- C:\Users\Mack\Google Drive
    [2013/12/07 22:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    [2013/12/07 22:34:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2013/12/07 22:34:08 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Google
    [2013/12/07 22:21:53 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\Hewlett-Packard
    [2013/12/07 22:06:10 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\AMD
    [2013/12/07 22:05:31 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\ATI
    [2013/12/07 22:05:31 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\ATI
    [2013/12/07 22:03:49 | 000,000,000 | R--D | C] -- C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2013/12/07 22:03:49 | 000,000,000 | R--D | C] -- C:\Users\Mack\Searches
    [2013/12/07 22:03:49 | 000,000,000 | R--D | C] -- C:\Users\Mack\Contacts
    [2013/12/07 22:03:49 | 000,000,000 | R--D | C] -- C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2013/12/07 22:03:49 | 000,000,000 | -H-D | C] -- C:\Users\Mack\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2013/12/07 22:03:32 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\Adobe
    [2013/12/07 22:02:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
    [2013/12/07 21:59:40 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Power2Go8
    [2013/12/07 21:59:25 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Roaming\Synaptics
    [2013/12/07 21:58:39 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\VirtualStore
    [2013/12/07 21:58:08 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
    [2013/12/07 21:58:06 | 000,000,000 | ---D | C] -- C:\Users\Mack\AppData\Local\Packages
    [2013/12/07 21:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
    [2013/12/07 21:57:24 | 000,000,000 | R--D | C] -- C:\Users\Mack\Videos
    [2013/12/07 21:57:24 | 000,000,000 | R--D | C] -- C:\Users\Mack\Saved Games
    [2013/12/07 21:57:24 | 000,000,000 | R--D | C] -- C:\Users\Mack\Pictures
    [2013/12/07 21:57:24 | 000,000,000 | R--D | C] -- C:\Users\Mack\Music
    [2013/12/07 21:57:24 | 000,000,000 | R--D | C] -- C:\Users\Mack\Links
    [2013/12/07 21:57:24 | 000,000,000 | R--D | C] -- C:\Users\Mack\Downloads
    [2013/12/07 21:57:24 | 000,000,000 | -H-D | C] -- C:\Users\Mack\Documents\hp.system.package.metadata
    [2013/12/07 21:57:24 | 000,000,000 | -H-D | C] -- C:\Users\Mack\Documents\hp.applications.package.appdata

    ========== Files - Modified Within 30 Days ==========

    [2013/12/28 11:46:00 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/12/28 11:42:09 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/12/28 11:42:01 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/12/28 11:41:25 | 000,956,412 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
    [2013/12/28 11:41:25 | 000,796,126 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
    [2013/12/28 11:41:25 | 000,161,346 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
    [2013/12/28 11:36:15 | 004,424,328 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1404000.028\Cat.DB
    [2013/12/28 11:35:23 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/12/28 11:33:44 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForMack.job
    [2013/12/28 11:33:18 | 000,360,960 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
    [2013/12/28 11:33:06 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
    [2013/12/28 11:33:05 | 3088,900,096 | -HS- | M] () -- C:\hiberfil.sys
    [2013/12/28 11:20:41 | 000,000,512 | ---- | M] () -- C:\Users\Mack\Desktop\MBR.dat
    [2013/12/28 10:49:08 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Mack\Desktop\aswMBR.exe
    [2013/12/28 10:43:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mack\Desktop\OTL.exe
    [2013/12/28 10:42:48 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Mack\Desktop\JRT.exe
    [2013/12/27 14:26:46 | 001,233,962 | ---- | M] () -- C:\Users\Mack\Desktop\AdwCleaner.exe
    [2013/12/27 13:34:12 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Mack\Desktop\dds.scr
    [2013/12/27 11:24:27 | 000,001,402 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/12/26 12:29:16 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/12/26 11:38:07 | 000,001,720 | ---- | M] () -- C:\Users\Mack\Desktop\Continue Firefox.lnk
    [2013/12/25 17:01:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
    [2013/12/25 16:34:56 | 000,075,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\imagehlp.dll
    [2013/12/25 16:34:35 | 000,393,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPhoto.dll
    [2013/12/25 16:34:35 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPhoto.dll
    [2013/12/25 16:34:26 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\scrrun.dll
    [2013/12/25 16:34:26 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\scrrun.dll
    [2013/12/25 16:34:14 | 000,615,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe
    [2013/12/25 16:34:14 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmregistration.dll
    [2013/12/25 16:34:14 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mdmregistration.dll
    [2013/12/25 16:33:21 | 005,769,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
    [2013/12/25 16:33:21 | 001,995,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
    [2013/12/25 16:33:21 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
    [2013/12/25 16:33:21 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
    [2013/12/25 16:33:21 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
    [2013/12/25 16:33:21 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
    [2013/12/25 16:32:16 | 004,105,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
    [2013/12/25 16:32:16 | 000,568,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
    [2013/12/25 16:31:42 | 013,177,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
    [2013/12/25 16:31:42 | 011,674,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
    [2013/12/25 16:31:42 | 007,399,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
    [2013/12/25 16:31:42 | 002,896,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
    [2013/12/25 16:31:42 | 002,570,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
    [2013/12/25 16:31:42 | 002,266,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
    [2013/12/25 16:31:42 | 002,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
    [2013/12/25 16:31:42 | 002,140,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
    [2013/12/25 16:31:42 | 001,843,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
    [2013/12/25 16:31:42 | 001,816,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
    [2013/12/25 16:31:42 | 001,765,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
    [2013/12/25 16:31:42 | 001,765,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
    [2013/12/25 16:31:42 | 001,756,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPDMC.exe
    [2013/12/25 16:31:42 | 001,642,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
    [2013/12/25 16:31:42 | 001,506,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
    [2013/12/25 16:31:42 | 001,476,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
    [2013/12/25 16:31:42 | 001,391,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPDMC.exe
    [2013/12/25 16:31:42 | 001,345,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
    [2013/12/25 16:31:42 | 001,302,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
    [2013/12/25 16:31:42 | 000,922,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
    [2013/12/25 16:31:42 | 000,840,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
    [2013/12/25 16:31:42 | 000,747,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidcli.dll
    [2013/12/25 16:31:42 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
    [2013/12/25 16:31:42 | 000,701,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
    [2013/12/25 16:31:42 | 000,637,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
    [2013/12/25 16:31:42 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
    [2013/12/25 16:31:42 | 000,566,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
    [2013/12/25 16:31:42 | 000,544,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidcli.dll
    [2013/12/25 16:31:42 | 000,516,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
    [2013/12/25 16:31:42 | 000,479,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
    [2013/12/25 16:31:42 | 000,382,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
    [2013/12/25 16:31:42 | 000,372,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
    [2013/12/25 16:31:42 | 000,358,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcomp.dll
    [2013/12/25 16:31:42 | 000,325,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
    [2013/12/25 16:31:42 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
    [2013/12/25 16:31:42 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
    [2013/12/25 16:31:42 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dcomp.dll
    [2013/12/25 16:31:42 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
    [2013/12/25 16:31:42 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
    [2013/12/25 16:31:42 | 000,146,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\SerCx2.sys
    [2013/12/25 16:31:42 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winbici.dll
    [2013/12/25 16:31:42 | 000,086,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys
    [2013/12/25 16:31:42 | 000,039,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\intelpep.sys
    [2013/12/25 16:31:42 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredentialMigrationHandler.dll
    [2013/12/25 16:31:42 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredentialMigrationHandler.dll
    [2013/12/25 16:25:33 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisRtl.dll
    [2013/12/25 16:25:33 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ahadmin.dll
    [2013/12/25 16:25:33 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\admwprox.dll
    [2013/12/25 16:25:33 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisreset.exe
    [2013/12/25 16:25:33 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wamregps.dll
    [2013/12/25 16:25:33 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iisrstap.dll
    [2013/12/25 16:25:32 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisRtl.dll
    [2013/12/25 16:25:32 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\admwprox.dll
    [2013/12/25 16:25:32 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wamregps.dll
    [2013/12/25 16:25:31 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ahadmin.dll
    [2013/12/25 16:25:31 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisreset.exe
    [2013/12/25 16:25:31 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iisrstap.dll
    [2013/12/25 15:11:37 | 000,020,958 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
    [2013/12/25 15:11:37 | 000,020,958 | ---- | M] () -- C:\WINDOWS\diagerr.xml
    [2013/12/25 15:11:09 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
    [2013/12/25 14:43:35 | 000,930,400 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
    [2013/12/25 14:40:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
    [2013/12/25 14:39:47 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
    [2013/12/25 14:39:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
    [2013/12/23 14:45:31 | 000,008,675 | ---- | M] () -- C:\Users\Mack\Documents\481-322499_PCR_26491820.pdf
    [2013/12/20 19:07:03 | 000,001,197 | ---- | M] () -- C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GlobeTrotter Connect.lnk
    [2013/12/20 19:06:33 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\GlobeTrotter Connect.lnk
    [2013/12/14 10:53:35 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
    [2013/12/14 10:53:35 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
    [2013/12/14 10:53:35 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
    [2013/12/13 10:24:06 | 000,230,912 | ---- | M] () -- C:\WINDOWS\SysNative\clinfo.exe
    [2013/12/13 10:24:06 | 000,129,536 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\coinst_13.251.dll
    [2013/12/13 10:24:06 | 000,099,840 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\OpenVideo64.dll
    [2013/12/13 10:24:06 | 000,086,528 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\OVDecode64.dll
    [2013/12/13 10:24:06 | 000,083,968 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\OpenVideo.dll
    [2013/12/13 10:24:06 | 000,073,728 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\OVDecode.dll
    [2013/12/13 10:23:56 | 000,204,952 | ---- | M] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
    [2013/12/13 10:23:56 | 000,204,952 | ---- | M] () -- C:\WINDOWS\SysNative\ativvsvl.dat
    [2013/12/13 10:23:54 | 008,287,008 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiumdva.dll
    [2013/12/13 10:23:54 | 000,234,036 | ---- | M] () -- C:\WINDOWS\SysNative\ativvaxy_cik.dat
    [2013/12/13 10:23:54 | 000,233,776 | ---- | M] () -- C:\WINDOWS\SysNative\ativvaxy_cik_nd.dat
    [2013/12/13 10:23:54 | 000,157,144 | ---- | M] () -- C:\WINDOWS\SysWow64\ativvsva.dat
    [2013/12/13 10:23:54 | 000,157,144 | ---- | M] () -- C:\WINDOWS\SysNative\ativvsva.dat
    [2013/12/13 10:23:54 | 000,143,304 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiuxp64.dll
    [2013/12/13 10:23:54 | 000,126,336 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiuxpag.dll
    [2013/12/13 10:23:54 | 000,083,552 | ---- | M] () -- C:\WINDOWS\SysNative\ativce02.dat
    [2013/12/13 10:23:52 | 003,461,040 | ---- | M] () -- C:\WINDOWS\SysWow64\atiumdva.cap
    [2013/12/13 10:23:50 | 008,927,704 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiumd6a.dll
    [2013/12/13 10:23:50 | 006,630,232 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiumdag.dll
    [2013/12/13 10:23:48 | 007,751,920 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiumd64.dll
    [2013/12/13 10:23:48 | 003,426,688 | ---- | M] () -- C:\WINDOWS\SysNative\atiumd6a.cap
    [2013/12/13 10:23:46 | 022,157,824 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysWow64\atioglxx.dll
    [2013/12/13 10:23:46 | 000,190,976 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\atitmm64.dll
    [2013/12/13 10:23:46 | 000,115,512 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiu9p64.dll
    [2013/12/13 10:23:46 | 000,098,496 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiu9pag.dll
    [2013/12/13 10:23:46 | 000,003,917 | ---- | M] () -- C:\WINDOWS\SysWow64\atipblag.dat
    [2013/12/13 10:23:46 | 000,003,917 | ---- | M] () -- C:\WINDOWS\SysNative\atipblag.dat
    [2013/12/13 10:23:42 | 000,332,800 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\ATIODE.exe
    [2013/12/13 10:23:42 | 000,051,200 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\ATIODCLI.exe
    [2013/12/13 10:23:42 | 000,047,887 | ---- | M] () -- C:\WINDOWS\atiogl.xml
    [2013/12/13 10:23:40 | 026,352,128 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atio6axx.dll
    [2013/12/13 10:23:36 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\drivers\atikmdag.sys
    [2013/12/13 10:23:36 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\drivers\atikmpag.sys
    [2013/12/13 10:23:36 | 000,078,432 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atimpc64.dll
    [2013/12/13 10:23:36 | 000,071,704 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atimpc32.dll
    [2013/12/13 10:23:36 | 000,031,232 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\atimuixx.dll
    [2013/12/13 10:23:34 | 000,721,296 | ---- | M] () -- C:\WINDOWS\SysNative\atiicdxx.dat
    [2013/12/13 10:23:34 | 000,100,352 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atig6txx.dll
    [2013/12/13 10:23:34 | 000,096,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atigktxx.dll
    [2013/12/13 10:23:34 | 000,074,752 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atig6pxx.dll
    [2013/12/13 10:23:34 | 000,069,632 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atiglpxx.dll
    [2013/12/13 10:23:34 | 000,069,632 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atiglpxx.dll
    [2013/12/13 10:23:32 | 009,753,752 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\atidxx64.dll
    [2013/12/13 10:23:32 | 008,406,024 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\atidxx32.dll
    [2013/12/13 10:23:32 | 000,588,288 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\atieclxx.exe
    [2013/12/13 10:23:32 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atidemgy.dll
    [2013/12/13 10:23:32 | 000,239,616 | ---- | M] (AMD) -- C:\WINDOWS\SysNative\atiesrxx.exe
    [2013/12/13 10:23:30 | 015,716,352 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\aticaldd64.dll
    [2013/12/13 10:23:30 | 001,318,552 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\aticfx64.dll
    [2013/12/13 10:23:30 | 001,100,216 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\aticfx32.dll
    [2013/12/13 10:23:30 | 000,062,464 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\aticalrt64.dll
    [2013/12/13 10:23:30 | 000,052,224 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticalrt.dll
    [2013/12/13 10:23:28 | 014,302,208 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticaldd.dll
    [2013/12/13 10:23:28 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atiapfxx.exe
    [2013/12/13 10:23:28 | 000,118,784 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atibtmon.exe
    [2013/12/13 10:23:28 | 000,055,808 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\aticalcl64.dll
    [2013/12/13 10:23:28 | 000,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\aticalcl.dll
    [2013/12/13 10:23:26 | 001,144,320 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\atiadlxx.dll
    [2013/12/13 10:23:26 | 000,825,344 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysWow64\atiadlxy.dll
    [2013/12/13 10:23:26 | 000,550,456 | ---- | M] () -- C:\WINDOWS\SysWow64\atiapfxx.blb
    [2013/12/13 10:23:26 | 000,550,456 | ---- | M] () -- C:\WINDOWS\SysNative\atiapfxx.blb
    [2013/12/13 10:23:26 | 000,078,432 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysNative\amdpcom64.dll
    [2013/12/13 10:23:26 | 000,071,704 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\SysWow64\amdpcom32.dll
    [2013/12/13 10:23:26 | 000,063,488 | ---- | M] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
    [2013/12/13 10:23:26 | 000,057,344 | ---- | M] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
    [2013/12/13 10:23:26 | 000,043,520 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SysNative\drivers\ati2erec.dll
    [2013/12/13 10:23:24 | 029,382,144 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysNative\amdocl64.dll
    [2013/12/13 10:23:24 | 001,187,342 | ---- | M] () -- C:\WINDOWS\SysNative\amdocl_as64.exe
    [2013/12/13 10:23:24 | 001,061,902 | ---- | M] () -- C:\WINDOWS\SysNative\amdocl_ld64.exe
    [2013/12/13 10:23:24 | 000,995,342 | ---- | M] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
    [2013/12/13 10:23:24 | 000,798,734 | ---- | M] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
    [2013/12/13 10:23:20 | 024,860,160 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\SysWow64\amdocl.dll
    [2013/12/13 10:23:16 | 000,412,672 | ---- | M] () -- C:\WINDOWS\SysNative\amdmiracast.dll
    [2013/12/13 10:23:16 | 000,134,656 | ---- | M] () -- C:\WINDOWS\SysNative\amdhdl64.dll
    [2013/12/13 10:23:14 | 000,123,392 | ---- | M] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
    [2013/12/13 00:58:33 | 000,518,896 | ---- | M] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\SRSTSX64.dll
    [2013/12/13 00:58:33 | 000,155,888 | ---- | M] (SRS Labs, Inc.) -- C:\WINDOWS\SysNative\SRSWOW64.dll
    [2013/12/13 00:58:29 | 001,662,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RTSnMg64.cpl
    [2013/12/13 00:58:28 | 002,794,056 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtPgEx64.dll
    [2013/12/13 00:58:28 | 000,331,880 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtlCPAPI64.dll
    [2013/12/13 00:58:26 | 000,149,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkCfg64.dll
    [2013/12/13 00:58:26 | 000,014,952 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkCoLDR64.dll
    [2013/12/13 00:58:25 | 003,744,328 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkAPO64.dll
    [2013/12/13 00:58:24 | 001,003,592 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkApi64.dll
    [2013/12/13 00:58:24 | 000,613,448 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtDataProc64.dll
    [2013/12/13 00:58:24 | 000,375,128 | ---- | M] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEEP64A.dll
    [2013/12/13 00:58:24 | 000,204,120 | ---- | M] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEED64A.dll
    [2013/12/13 00:58:24 | 000,101,208 | ---- | M] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEEL64A.dll
    [2013/12/13 00:58:24 | 000,078,680 | ---- | M] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RTEEG64A.dll
    [2013/12/13 00:58:23 | 026,987,520 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RCoRes64.dat
    [2013/12/13 00:58:23 | 001,284,680 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RTCOM64.dll
    [2013/12/13 00:58:23 | 000,583,849 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\RTAIODAT.DAT
    [2013/12/13 00:58:23 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RP3DHT64.dll
    [2013/12/13 00:58:23 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\WINDOWS\SysNative\RP3DAA64.dll
    [2013/12/13 00:58:21 | 000,142,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RCoInstII64.dll
    [2013/12/13 00:57:53 | 000,110,592 | ---- | M] (Real Sound Lab SIA) -- C:\WINDOWS\SysNative\CONEQMSAPOGUILibrary.dll
    [2013/12/13 00:57:52 | 000,208,072 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\SysNative\AERTAC64.dll
    [2013/12/13 00:57:52 | 000,108,640 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\SysNative\AERTAR64.dll
    [2013/12/13 00:57:40 | 002,079,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
    [2013/12/13 00:57:40 | 000,000,712 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\RTEQEX0.dat
    [2013/12/13 00:57:40 | 000,000,016 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\rtkhdaud.dat
    [2013/12/12 23:30:24 | 000,004,544 | ---- | M] () -- C:\Users\Mack\Desktop\New Journal Document.jnt
    [2013/12/12 10:20:38 | 000,002,508 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
    [2013/12/12 10:14:45 | 000,020,410 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1404000.028\VT20131125.019
    [2013/12/11 12:46:37 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
    [2013/12/11 12:46:35 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
    [2013/12/11 12:46:35 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
    [2013/12/11 12:46:34 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
    [2013/12/09 13:33:02 | 000,002,290 | ---- | M] () -- C:\Users\Mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/12/09 12:20:02 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
    [2013/12/09 10:27:56 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS
    [2013/12/09 10:27:56 | 000,007,631 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT
    [2013/12/09 10:27:56 | 000,000,854 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF
    [2013/12/08 20:25:23 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2013/12/07 22:38:14 | 000,002,000 | ---- | M] () -- C:\Users\Mack\Desktop\Google Drive.lnk
    [2013/12/07 22:11:16 | 000,001,435 | ---- | M] () -- C:\Users\Mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/12/07 22:11:16 | 000,000,223 | -HS- | M] () -- C:\Users\Mack\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
    [2013/12/07 22:03:26 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\HP Games.lnk

    ========== Files Created - No Company Name ==========

    [2013/12/28 11:20:41 | 000,000,512 | ---- | C] () -- C:\Users\Mack\Desktop\MBR.dat
    [2013/12/27 14:26:37 | 001,233,962 | ---- | C] () -- C:\Users\Mack\Desktop\AdwCleaner.exe
    [2013/12/27 11:24:27 | 000,001,414 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013/12/27 11:24:27 | 000,001,402 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/12/26 12:29:15 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/12/26 12:29:14 | 000,001,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/12/26 11:38:07 | 000,001,720 | ---- | C] () -- C:\Users\Mack\Desktop\Continue Firefox.lnk
    [2013/12/25 17:01:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
    [2013/12/25 15:43:30 | 000,001,453 | ---- | C] () -- C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2013/12/25 15:11:09 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
    [2013/12/25 14:59:39 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2013/12/25 14:52:44 | 000,000,352 | ---- | C] () -- C:\Users\Mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2013/12/25 14:52:44 | 000,000,334 | ---- | C] () -- C:\Users\Mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2013/12/25 14:52:20 | 000,020,958 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
    [2013/12/25 14:52:20 | 000,020,958 | ---- | C] () -- C:\WINDOWS\diagerr.xml
    [2013/12/25 14:43:35 | 000,930,400 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
    [2013/12/25 14:40:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2013/12/25 14:39:47 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
    [2013/12/25 14:39:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
    [2013/12/23 14:45:31 | 000,008,675 | ---- | C] () -- C:\Users\Mack\Documents\481-322499_PCR_26491820.pdf
    [2013/12/20 19:07:03 | 000,001,197 | ---- | C] () -- C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GlobeTrotter Connect.lnk
    [2013/12/20 19:06:33 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\GlobeTrotter Connect.lnk
    [2013/12/13 14:09:03 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\HPCeeScheduleForMack.job
    [2013/12/13 10:24:06 | 000,230,912 | ---- | C] () -- C:\WINDOWS\SysNative\clinfo.exe
    [2013/12/13 10:23:56 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
    [2013/12/13 10:23:56 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysNative\ativvsvl.dat
    [2013/12/13 10:23:54 | 000,234,036 | ---- | C] () -- C:\WINDOWS\SysNative\ativvaxy_cik.dat
    [2013/12/13 10:23:54 | 000,233,776 | ---- | C] () -- C:\WINDOWS\SysNative\ativvaxy_cik_nd.dat
    [2013/12/13 10:23:54 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
    [2013/12/13 10:23:54 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysNative\ativvsva.dat
    [2013/12/13 10:23:54 | 000,083,552 | ---- | C] () -- C:\WINDOWS\SysNative\ativce02.dat
    [2013/12/13 10:23:52 | 003,461,040 | ---- | C] () -- C:\WINDOWS\SysWow64\atiumdva.cap
    [2013/12/13 10:23:48 | 003,426,688 | ---- | C] () -- C:\WINDOWS\SysNative\atiumd6a.cap
    [2013/12/13 10:23:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
    [2013/12/13 10:23:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysNative\atipblag.dat
    [2013/12/13 10:23:42 | 000,047,887 | ---- | C] () -- C:\WINDOWS\atiogl.xml
    [2013/12/13 10:23:34 | 000,721,296 | ---- | C] () -- C:\WINDOWS\SysNative\atiicdxx.dat
    [2013/12/13 10:23:26 | 000,550,456 | ---- | C] () -- C:\WINDOWS\SysWow64\atiapfxx.blb
    [2013/12/13 10:23:26 | 000,550,456 | ---- | C] () -- C:\WINDOWS\SysNative\atiapfxx.blb
    [2013/12/13 10:23:24 | 001,187,342 | ---- | C] () -- C:\WINDOWS\SysNative\amdocl_as64.exe
    [2013/12/13 10:23:24 | 001,061,902 | ---- | C] () -- C:\WINDOWS\SysNative\amdocl_ld64.exe
    [2013/12/13 10:23:24 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
    [2013/12/13 10:23:24 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
    [2013/12/13 10:23:16 | 000,412,672 | ---- | C] () -- C:\WINDOWS\SysNative\amdmiracast.dll
    [2013/12/13 10:23:16 | 000,134,656 | ---- | C] () -- C:\WINDOWS\SysNative\amdhdl64.dll
    [2013/12/13 10:23:14 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
    [2013/12/13 00:59:35 | 000,583,849 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\RTAIODAT.DAT
    [2013/12/12 23:30:24 | 000,004,544 | ---- | C] () -- C:\Users\Mack\Desktop\New Journal Document.jnt
    [2013/12/09 12:20:02 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
    [2013/12/09 10:17:52 | 000,002,290 | ---- | C] () -- C:\Users\Mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/12/09 10:17:51 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/12/08 20:25:21 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2013/12/08 18:25:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    [2013/12/07 22:38:14 | 000,002,000 | ---- | C] () -- C:\Users\Mack\Desktop\Google Drive.lnk
    [2013/12/07 22:34:50 | 000,002,049 | ---- | C] () -- C:\Users\Public\Desktop\Google Slides.lnk
    [2013/12/07 22:34:50 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Google Sheets.lnk
    [2013/12/07 22:34:50 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Google Docs.lnk
    [2013/12/07 22:34:27 | 000,000,908 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/12/07 22:34:26 | 000,000,904 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/12/07 22:11:16 | 000,001,435 | ---- | C] () -- C:\Users\Mack\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/12/07 22:03:26 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\HP Games.lnk
    [2013/12/07 22:02:54 | 000,002,375 | ---- | C] () -- C:\Users\Public\Desktop\Walmart Photo Center.lnk
    [2013/12/07 21:57:24 | 000,000,223 | -HS- | C] () -- C:\Users\Mack\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
    [2013/08/22 09:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
    [2013/08/22 09:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
    [2013/08/22 08:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2013/08/22 01:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
    [2013/08/21 21:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
    [2013/08/21 21:17:46 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
    [2013/08/21 17:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
    [2013/08/21 17:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
    [2012/07/25 14:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
    [2012/07/25 14:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
    [2012/07/25 14:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin

    ========== ZeroAccess Check ==========


    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/11/14 01:38:19 | 021,196,664 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/11/14 01:38:19 | 018,642,504 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 03:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 20:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 03:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 199 bytes -> C:\Users\Mack\SkyDrive:ms-properties

    < End of report >

  3. #13
    Junior Member
    Join Date
    Dec 2013
    Posts
    17

    Default Results after running OTL Extra Log File

    OTL Extras logfile created on: 12/28/2013 12:13:39 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mack\Desktop
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16476)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.60 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 69.75% Memory free
    4.22 Gb Paging File | 2.95 Gb Available in Paging File | 69.89% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 275.02 Gb Total Space | 238.23 Gb Free Space | 86.62% Space Free | Partition Type: NTFS
    Drive D: | 21.96 Gb Total Space | 2.18 Gb Free Space | 9.93% Space Free | Partition Type: NTFS

    Computer Name: WORKPC | User Name: Mack | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
    "UpgradeTime" = [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
    "UpgradeTime" = Reg Error: Unknown registry data type -- File not found

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0FC732FA-4D06-439B-95AF-8687C28C3567}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{17FBEFE2-4834-4FB0-99AA-5041F32A27D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{664D0B8A-AB35-488E-8F2A-BF12772E07F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{789BA4A6-BED5-4ECB-86FD-285DD15C1ABC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A3D2BFA3-9BD9-474F-853C-E604963C89E5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{A94213C9-9CDE-46EE-95F7-7A7B309D51ED}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{BF437D01-272D-4006-893B-1DDD22BF5A45}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C51B2D57-002A-4A83-8B1B-DCC765FEA4D5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C6458CDA-80B7-4C43-AAE8-FF111BCA92A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CBE3E77D-88FC-4F91-BF1E-610B4196FBA8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{E5A4217C-0105-4D9F-8D81-83E4500320EF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FE4306C7-9B4B-4ECA-923B-F1583582CBF9}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{FFEDE632-A17B-40BA-81BB-0A6B4803AF9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0B2F3416-A2F6-466B-9B6A-54F9921171EA}" = dir=in | name=box |
    "{0BF36677-FF46-4E14-97C6-228D1063DC6D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{0EE9F234-1D73-4F4A-BF1D-56A9783D16FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{10538B74-4755-46DB-ADBD-38C44B74280D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1A1F100E-CD0C-4F41-8A31-EBEE79290555}" = dir=in | app=c:\users\mack\appdata\local\microsoft\skydrive\skydrive.exe |
    "{1B0F3AAA-1262-46E7-83CB-B7D7FAE57617}" = dir=in | name=hp connected photo powered by snapfish |
    "{1E47A746-A45B-4C6B-9B8E-F506C296B728}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{2081D9B1-44FF-4713-B87D-C2E1574E4183}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
    "{22CF1EEB-9745-468D-B3B8-45DDEFCC3BA0}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.337_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
    "{22F3A1C6-2C9E-4987-A6AD-B385B922BE32}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{24045D66-6AE0-4638-B7FA-1648E2209737}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe |
    "{24359218-18A2-49BC-9E06-F979874A4097}" = dir=out | name=hp games |
    "{243664C4-F14F-4447-A6A2-C2806301920D}" = dir=in | name=juniper networks junos pulse |
    "{2855CC97-8D91-47F9-B555-EF5842DFBD01}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{2865A4A3-156B-4EE1-806E-B1DA604280C5}" = dir=out | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
    "{3DC20D18-E4AC-4BCF-AEA2-BFFF7A508706}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{404ABA56-84E9-4870-9A69-E3E4B4D29C0B}" = dir=out | name=box |
    "{422FD124-8435-42E2-984D-90288550BD53}" = dir=out | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
    "{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
    "{43AAA923-F487-4334-9556-1A2E6AC53D46}" = dir=out | name=@{microsoft.bingweather_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
    "{471C42E4-C90C-4AD1-8EDB-5773D48F8179}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
    "{49F76B39-7C58-465D-AC48-8108C053CD0B}" = dir=in | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
    "{4A771044-DBA8-4488-92F4-2029422C595B}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
    "{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{55A3145C-6FAC-47A6-8B6A-F5F48F21DF3A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
    "{5B29955A-A8E3-4234-AA35-D56491A91727}" = dir=out | name=norton studio |
    "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
    "{5FCCBC0B-CE46-426E-838D-689D84D5A7C3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{646DCA5B-A2AB-42EE-A80C-0608583F8EEE}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
    "{6886ED8A-3CCF-438E-B20B-DFB2CA83C157}" = dir=out | name=youcam for hp |
    "{6EA0681A-EB8F-48DE-B66A-9753DCD389AE}" = dir=out | name=juniper networks junos pulse |
    "{718102D2-4F39-44E3-834B-1EAC31261E2A}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
    "{75240D9D-2261-4740-9ACE-31E018312C3A}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
    "{7EED17DA-155B-4C72-8FBD-CC51230315C8}" = dir=out | name=microsoft solitaire collection |
    "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{8132300B-4A0B-4EF3-BBCF-9E54B195A110}" = dir=out | name=@{microsoft.zunevideo_2.2.338.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
    "{8258D31C-ECF7-4C1E-B01A-A760087C814F}" = dir=in | name=microsoft solitaire collection |
    "{83CAB00A-C944-4000-887A-557B76D87BFC}" = dir=out | name=windows_ie_ac_001 |
    "{8483F45A-6170-4066-805A-BD1CCFAB4336}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{866BEDCE-1CDF-4863-917F-E4FC422C661E}" = dir=out | name=hp registration |
    "{8F471966-D400-4ECF-B2E2-6A5A536980FD}" = dir=in | name=check point vpn |
    "{91D4FFEE-297A-4015-A2C5-B25908183D4F}" = dir=out | name=microsoft mahjong |
    "{91DA9A1B-7F22-4061-A62C-373B9C1995B9}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.335_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
    "{97C47A6F-0637-417C-AA41-3385B4B93EDD}" = dir=out | name=f5 vpn |
    "{9B0F7E67-F78F-4A21-B86F-5106C2B49B1A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{A1BFE048-380E-4A98-8F46-3E9C5D8E675C}" = dir=out | name=ebay |
    "{A2561BAA-858E-493C-94B4-A998DF42070B}" = dir=out | name=netflix |
    "{A31C3CF0-09EC-4099-86BB-20F6933D403B}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{A57BAA1A-E709-431F-AB9A-26162AD79C75}" = dir=in | name=microsoft mahjong |
    "{AA213117-DCC7-4927-9E97-D8D1AC1D2E5A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{ABD7379F-827D-46C6-9E3E-C0FA895BED2B}" = dir=out | name=hp connected photo powered by snapfish |
    "{B1A62FC2-C129-4C15-BCF9-EA26AD608603}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B24E5B94-EDDC-498F-92CD-72728DB19FB7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B2D2A6EA-76C8-4D14-AA2A-F2645F1870ED}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
    "{B335D197-69BB-4D1A-AA80-0EF2985C6540}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
    "{B6366D6C-00E1-4F29-80A5-B14852F1988B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
    "{B8F943F2-F763-4EA1-B6CA-4049E1C18495}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
    "{B921E4BE-DA9F-441E-9F37-5F073A30967A}" = dir=out | name=@{microsoft.bingsports_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
    "{BB58D2F1-0423-4653-AD75-7E6DA7746F03}" = dir=out | name=@{microsoft.bingnews_3.0.1.321_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} |
    "{BCB2A231-A187-43AA-8961-69FE13AEC512}" = dir=out | name=windows_ie_ac_001 |
    "{BE4CB309-E8D5-4D50-B488-38F0800EE992}" = dir=out | name=getting started with windows 8 |
    "{C215F47A-4672-4924-848C-07E412E2E743}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{C3F3F73C-3E69-44EC-9130-C5EC29FF6787}" = dir=in | name=hp+ |
    "{C95DEA79-D8F8-4FB8-8F22-5A27E3DA877A}" = dir=out | name=sonicwall mobile connect |
    "{CA828E1C-A9A5-4FC3-AC89-9B5F6A6DA2E4}" = dir=out | name=check point vpn |
    "{CC71389B-CE2B-4C16-A583-3F1F90B4A830}" = protocol=6 | dir=out | app=system |
    "{D0853DA5-E7C9-4D93-8C41-991D3F4E594D}" = dir=in | name=sonicwall mobile connect |
    "{D1B7B526-4B34-4085-883E-8B8951C1C928}" = dir=out | name=kindle |
    "{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
    "{D7C8EB41-B749-4B4A-8026-23266EA1759D}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
    "{D8568D4F-EAE5-48EB-ADC2-F97DD359AAD4}" = dir=in | name=f5 vpn |
    "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
    "{DE9B8516-BE87-4572-ABE2-F9E404156DCE}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
    "{DF341E2D-407C-41DA-B1F9-C3E5E8D9C7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E6D35D5D-2206-4E82-B788-60102A99760F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{EA20F023-90C0-4AF9-9E5E-E2C6427BCF41}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{EAE8C249-67B1-41E6-BDDE-BD0DAD609A32}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
    "{EAFD7E92-9768-4663-9782-F0ABB73C19AE}" = dir=out | name=@{microsoft.bingtravel_3.0.1.202_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
    "{EC55479D-6E1C-4B9E-82D9-1CB7C647A057}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
    "{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
    "{EED14B96-2ADF-48CC-92F1-8A7359AB5913}" = dir=out | name=@{microsoft.bingfinance_3.0.1.299_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
    "{F4677521-53BC-48BF-8714-E5A0FDB6DBC0}" = dir=in | name=skype |
    "{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
    "{F6B6819F-CDC3-4B0A-901C-60BA6CB48883}" = dir=out | name=windows_ie_ac_001 |
    "{F6C3C3BB-778B-466E-BE12-3AEB7BAC3C95}" = dir=out | name=skype |
    "{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
    "{F7C4FE2E-EADF-4839-AD0D-185CEF1222B2}" = dir=out | name=@{microsoft.zunemusic_2.2.339.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
    "{F843CCE6-3392-40E1-8063-5CCCC4C38F37}" = dir=out | name=hp+ |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{50268784-08D9-2A2F-9ECE-EADFC45DC50C}" = ccc-utility64
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{727E94E5-584F-4463-B4F5-93D3779C610B}_x" = GlobeTrotter Connect
    "{73237EBB-B26F-4628-8754-4EFE563D72E9}" = HP Utility Center
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9CBEB415-30E0-B748-8FAB-0575E433E9DE}" = AMD Fuel
    "{CB4C08E3-800F-65F6-9C00-06814A6B7CE7}" = AMD Catalyst Install Manager
    "{CB882D6E-45B8-4E1F-828E-D13648394AB6}" = GlobeTrotter Connect
    "{D1E8F2D7-7794-4245-B286-87ED86C1893C}" = HP Registration Service
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0B4A6673-753A-9533-45BA-1F355715D9FC}" = CCC Help English
    "{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}" = Realtek PCIE Card Reader
    "{108B9AEB-5E19-1A4D-BE19-4856C0DCE6F3}" = CCC Help Thai
    "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1AE37508-089E-41AC-95BD-99FF06887C2F}" = HP Recovery Manager
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
    "{1FE80340-264B-4374-8F1C-252931AB3C6A}" = CCC Help Japanese
    "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
    "{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
    "{34C4C52E-E614-E554-2536-0ABAA2D68CE4}" = CCC Help Russian
    "{35D41250-CC6E-D266-4A00-958F52562A20}" = CCC Help Korean
    "{3D10A855-D379-A188-EE50-64548E1B1976}" = CCC Help Italian
    "{3E2EE595-F2BD-8D77-EA86-5B48D407D548}" = Catalyst Control Center InstallProxy
    "{4780D5B0-1CE0-CE1A-2F0A-047D12ED04E3}" = CCC Help Czech
    "{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
    "{5342F310-0B71-761E-48AC-4FBB9D4AD080}" = Catalyst Control Center Localization All
    "{56D4499E-AC3E-4B8D-91C9-C700C148C44B}" = Google Drive
    "{574F0207-8E98-46CD-8F79-318348C98C46}" = HP Quick Start
    "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{77750E8C-A73A-1DEE-DA3E-6B6FB768A4C0}" = CCC Help Chinese Standard
    "{7B902CB5-6016-71B6-7388-33D8BDD58D4A}" = CCC Help German
    "{7F1EE4DD-4801-DDF7-1083-0AF6C246EA61}" = CCC Help Turkish
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
    "{8A96F685-A07B-2546-54A6-4CCBD119FA41}" = CCC Help Finnish
    "{8C1ADF61-4F87-44BC-804C-C20FC70D98BB}" = HP Documentation
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
    "{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
    "{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
    "{97D1CCA5-296D-361F-7A5C-D33B7653EDF5}" = CCC Help Norwegian
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
    "{A4B72B94-7745-4CA8-A4D6-D8AC2442451C}" = Citrix Online Launcher
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
    "{AD59E2EF-0022-6194-C57D-8A3B9140E13F}" = CCC Help Greek
    "{AED76532-7302-D855-4780-DB177924E005}" = CCC Help French
    "{B27332E6-6781-8804-2355-CB678E218065}" = CCC Help Chinese Traditional
    "{B2F0406F-1609-489A-8626-7DB46776AB57}" = HP System Event Utility
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
    "{B7BF553F-6C08-42DA-FDB2-49C9467070D9}" = CCC Help Spanish
    "{BBFFE0C6-CDB9-AD66-18AA-F88D28DAC4C0}" = CCC Help Hungarian
    "{BD3F9DD5-C3A6-3CA1-8523-6121F30781DC}" = CCC Help Swedish
    "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program
    "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C89A97B6-F991-EBB5-77B7-927BCF420EBE}" = OEM Application Profile
    "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
    "{D2993435-FC5D-DFA8-67CB-586957B9302F}" = CCC Help Portuguese
    "{D55561A2-139B-481A-BEB9-193034A02B7A}" = ACI Forms Client
    "{D65D424F-72E7-09A3-4BD4-52331A919873}" = CCC Help Danish
    "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
    "{DB751A71-541C-176C-6DBC-13C061769FA1}" = AMD VISION Engine Control Center
    "{DE0887C8-0A44-2CAA-40EB-340BEE05B0D0}" = Catalyst Control Center Graphics Previews Common
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{EC63AB5A-9694-DA16-6942-43AA10BE5710}" = CCC Help Dutch
    "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
    "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
    "{EEEDA52B-3C42-4BD7-BE42-FDB596EAFCEF}" = Catalyst Control Center - Branding
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4B9B49F-20C7-6FD5-2973-787322D4B53B}" = CCC Help Polish
    "{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star
    "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
    "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Google Chrome" = Google Chrome
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
    "InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
    "Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NIS" = Norton Internet Security
    "WildTangent wildgames Master Uninstall" = WildTangent Games
    "WinLiveSuite" = Windows Live Essentials
    "WTA-0a314f35-ef5e-4c6c-833a-a24a80fe7a65" = Zuma's Revenge
    "WTA-0d042821-e5d0-4050-bd92-1162637bd9c0" = Farm Frenzy
    "WTA-228410ec-d7d9-4317-876b-62a7cd04447c" = Bounce Symphony
    "WTA-2353306b-0f8c-413b-86d6-03f2c12b6d04" = Luxor Evolved
    "WTA-2d250a85-130f-4286-90f6-a0eeaf2af42c" = Cradle of Rome 2
    "WTA-375a0e55-cd3a-4c16-9a2b-90fc87ad3251" = Airport Mania
    "WTA-41bc01bd-aec8-403e-b222-8ba0f4d48094" = Mystery P.I. - Curious Case of Counterfeit Cove
    "WTA-45f7cc77-68d0-4870-bed3-8dd9d4cbc120" = Polar Bowler
    "WTA-48b4081b-9ba4-4d1a-a4ad-2fb3bea18eca" = Bejeweled 3
    "WTA-630ca1fd-7cac-459e-b73f-23591c93a24e" = Build-a-lot
    "WTA-6326e85e-a93a-42b9-9d55-6001fce85592" = Governor of Poker 2 Premium Edition
    "WTA-69038ccf-b460-4b33-b8a7-f5b664264ee2" = Plants vs. Zombies - Game of the Year
    "WTA-6b165739-cc17-44fb-9161-0b91e6f35d1f" = 4 Elements II
    "WTA-9158d569-bf86-4837-bdd4-5d0f1357d8ca" = Curse at Twilight
    "WTA-a411b977-fa79-400a-97c9-66ad88b4f055" = Jewel Match 3
    "WTA-ba445468-a111-4898-9a78-1bc254c48580" = Peggle Nights
    "WTA-bd098083-8aec-4116-bc7f-838892f2e5b1" = Azteca
    "WTA-c31e055b-bd5d-4cf5-957b-f989a59a9b4b" = House of 1000 Doors: Family Secrets
    "WTA-cc8f5fe4-f5e0-41b3-a0b8-5132e9fbb7c2" = Tales of Lagoona
    "WTA-e34e6e84-4c0e-4852-a3d0-7d7b2d50a91c" = Roads of Rome 3
    "WTA-e81c4185-304c-4c8f-8b1a-103914a79607" = Mahjongg Dimensions Deluxe: Tiles in Time
    "WTA-eaca0cc1-df9b-4fec-acec-3e74dce6e89d" = Royal Envoy 2 Collector's Edition
    "WTA-eb90b425-3b16-4c96-b888-94de9a596323" = Delicious: Emily's Childhood Memories Premium Edition
    "WTA-f2881011-c386-4e19-9ebc-e80298e43475" = Mah Jong Medley
    "WTA-f59e06a0-0f6c-4733-90e7-ae6f9c5c5649" = Vacation Quest™ - Australia
    "WTA-fae39fc5-aca2-481b-851d-241514319e1b" = Youda Jewel Shop
    "WTA-fd9dff3b-1e28-4fe7-bf1d-3aac9b60fd53" = Cradle Of Egypt Collector's Edition

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 6.0.0.1259
    "SkyDriveSetup.exe" = Microsoft SkyDrive

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/11/2013 12:10:57 PM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1841

    Error - 12/11/2013 3:35:49 PM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 12/11/2013 3:35:49 PM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2418

    Error - 12/11/2013 3:35:49 PM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2418

    Error - 12/12/2013 1:35:27 PM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 12/12/2013 1:35:27 PM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1841

    Error - 12/12/2013 1:35:27 PM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1841

    Error - 12/13/2013 5:26:49 AM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 12/13/2013 5:26:49 AM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1809

    Error - 12/13/2013 5:26:49 AM | Computer Name = WorkPc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1809

    [ System Events ]
    Error - 12/18/2013 11:39:57 AM | Computer Name = WorkPc | Source = DCOM | ID = 10016
    Description =

    Error - 12/18/2013 11:40:08 AM | Computer Name = WorkPc | Source = DCOM | ID = 10016
    Description =

    Error - 12/18/2013 12:06:48 PM | Computer Name = WorkPc | Source = DCOM | ID = 10016
    Description =

    Error - 12/18/2013 12:06:49 PM | Computer Name = WorkPc | Source = DCOM | ID = 10016
    Description =

    Error - 12/18/2013 12:06:49 PM | Computer Name = WorkPc | Source = DCOM | ID = 10016
    Description =

    Error - 12/18/2013 12:10:51 PM | Computer Name = WorkPc | Source = DCOM | ID = 10016
    Description =

    Error - 12/18/2013 12:10:51 PM | Computer Name = WorkPc | Source = DCOM | ID = 10016
    Description =

    Error - 12/18/2013 12:10:51 PM | Computer Name = WorkPc | Source = DCOM | ID = 10016
    Description =

    Error - 12/18/2013 12:11:16 PM | Computer Name = WorkPc | Source = DCOM | ID = 10016
    Description =

    Error - 12/18/2013 12:11:27 PM | Computer Name = WorkPc | Source = DCOM | ID = 10016
    Description =


    < End of report >

  4. #14
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I am having some concerns about your MBR (Master Boot Record). Its possible its corrupted or maybe infected. Is your computer starting up ok, any lags or problems with it starting ?

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-12-28 10:49:53
    -----------------------------
    10:49:53.462 OS Version: Windows x64 6.2.9200
    10:49:53.462 Number of processors: 2 586 0x200
    10:49:53.465 ComputerName: WORKPC UserName: Mack
    10:49:54.100 Initialze error 1
    11:19:09.915 AVAST engine defs: 13122800
    11:19:18.220 The log file has been saved successfully to "C:\Users\Mack\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-12-28 10:49:53
    -----------------------------
    10:49:53.462 OS Version: Windows x64 6.2.9200
    10:49:53.462 Number of processors: 2 586 0x200
    10:49:53.465 ComputerName: WORKPC UserName: Mack
    10:49:54.100 Initialze error 1
    11:19:09.915 AVAST engine defs: 13122800
    11:19:18.220 The log file has been saved successfully to "C:\Users\Mack\Desktop\aswMBR.txt"
    11:19:41.829 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
    11:19:41.837 Disk 0 Vendor: HGST_HTS545032A7E380 GGBOACA0 Size: 305245MB BusType: 11
    11:19:41.898 Disk 0 MBR read successfully
    11:19:41.905 Disk 0 MBR scan
    11:19:41.932 Disk 0 unknown MBR code
    11:19:41.940 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
    11:19:41.957 Disk 0 scanning C:\WINDOWS\system32\drivers
    11:19:41.968 Service scanning
    11:19:42.523 Modules scanning
    11:19:42.541 Disk 0 trace - called modules:
    11:19:42.565 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
    11:19:42.584 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000016ab5e0]
    11:19:42.601 3 CLASSPNP.SYS[fffff80000646abb] -> nt!IofCallDriver -> [0xffffe000002e9b30]
    11:19:42.617 5 amdxata.sys[fffff800007146b4] -> nt!IofCallDriver -> \Device\00000028[0xffffe0000139a060]
    11:19:42.633 AVAST engine scan C:\WINDOWS
    11:19:42.649 AVAST engine scan C:\WINDOWS\system32
    11:19:42.666 AVAST engine scan C:\WINDOWS\system32\drivers
    11:19:42.683 AVAST engine scan C:\Users\Mack
    11:19:42.700 AVAST engine scan C:\ProgramData
    11:19:42.717 Scan finished successfully
    11:20:11.844 Disk 0 MBR fix error
    11:20:41.924 Disk 0 MBR has been saved successfully to "C:\Users\Mack\Desktop\MBR.dat"
    11:20:41.947 The log file has been saved successfully to "C:\Users\Mack\Desktop\aswMBR.txt"



    Lets run a few more tools, lets do this one first

    Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

    Download Malwarebytes Anti-Rootkit from Here
    • Unzip the contents to a folder in a convenient location.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #15
    Junior Member
    Join Date
    Dec 2013
    Posts
    17

    Default Help in removing search.conduit ...

    This is a new system and first time with Win 8.1 operating system. I have nothing to measure the start up time against. It does not seem to take an unusually long time. Is there a amount of time that it should take?

    Also, I have a Dell Laptop that has the same problem with search.conduit. Can I run the same processes on it and remove the malware?
    Thank you for your help!

  6. #16
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I just got a new Dell All in One about 2 months ago, upgraded to 8.1 and my system boots up from when I press the power button until I log into windows in about 30 seconds. As far as your other computer, you need to hang off on that one until we are done here or it can get confusing.

    Trying to determine whats going on with this from your aswMBR log
    11:20:11.844 Disk 0 MBR fix error


    Go ahead and run Malwarebytes Anti Rootkit and post the log
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #17
    Junior Member
    Join Date
    Dec 2013
    Posts
    17

    Default Just checked boot time

    From pressing power button until desktop screen took about 45 seconds.
    I have looked and read and have been unable to find where to reply to post without quotes. I have been replying and deleting the quoted text. Is there an easier way?
    Thanks

  8. #18
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Over on the bottom left there is an icon that says REPLY TO THREAD, use that one and after you type in your remarks and or a log from a scan then click on Submit Reply

    That entry on your aswMBR may be a false positive, not sure, I am asking around but if the MBR is infected ( which I kind of doubt ) then the next few scans will tell us. Personally I have viewed 100s of aswMBR logs and never have seen that entry before, might be a win 8 thing or the MBR that came from the manufacturer of your computer
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #19
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Let me ask you this

    Go back to my first reply with instructions for running aswMBR

    When you ran aswMBR and the scan finished, did you by chance accidentally click on the FIXMBR OR FIX button prior to SAVE LOG ???


    Run aswMBR again, when the scan is finished be sure to just click on SAVE LOG and post the new log for me to see
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #20
    Junior Member
    Join Date
    Dec 2013
    Posts
    17

    Default aswMBR ran for the second time as administrator

    I was using Google Chrome as the web browser and it did not display the reply button. I have changed to explorer and you guessed it. The reply button was visible. Thanks,


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-12-30 08:46:33
    -----------------------------
    08:46:33.055 OS Version: Windows x64 6.2.9200
    08:46:33.055 Number of processors: 2 586 0x200
    08:46:33.055 ComputerName: WORKPC UserName: Mack
    08:46:33.617 Initialze error 1
    09:11:47.679 AVAST engine defs: 13123000
    09:15:19.057 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
    09:15:19.073 Disk 0 Vendor: HGST_HTS545032A7E380 GGBOACA0 Size: 305245MB BusType: 11
    09:15:19.136 Disk 0 MBR read successfully
    09:15:19.151 Disk 0 MBR scan
    09:15:19.182 Disk 0 unknown MBR code
    09:15:19.198 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
    09:15:19.214 Disk 0 scanning C:\WINDOWS\system32\drivers
    09:15:19.214 Service scanning
    09:15:19.823 Modules scanning
    09:15:19.839 Disk 0 trace - called modules:
    09:15:19.870 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
    09:15:19.870 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000016bd060]
    09:15:19.885 3 CLASSPNP.SYS[fffff80000001abb] -> nt!IofCallDriver -> [0xffffe00000fd32c0]
    09:15:19.901 5 amdxata.sys[fffff8000071b6b4] -> nt!IofCallDriver -> \Device\00000028[0xffffe00000fd5060]
    09:15:19.917 AVAST engine scan C:\WINDOWS
    09:15:19.932 AVAST engine scan C:\WINDOWS\system32
    09:15:19.948 AVAST engine scan C:\WINDOWS\system32\drivers
    09:15:19.964 AVAST engine scan C:\Users\Mack
    09:15:19.979 AVAST engine scan C:\ProgramData
    09:15:19.995 Scan finished successfully
    09:15:47.198 Disk 0 MBR has been saved successfully to "C:\Users\Mack\Desktop\MBR.dat"
    09:15:47.214 The log file has been saved successfully to "C:\Users\Mack\Desktop\aswMBR1.txt"

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •