Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trouble with potential hackers

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trouble with potential hackers

Unread postby milkmaid » November 3rd, 2013, 1:43 pm

My computer has had problems since shortly after I got it. I think someone got in somewhere and did something to the websites to which I connect to--they are not authentic. Nothing else worked. My word files are scattered throughout my computer. Itunes music is on google music and google play has things I never ordered. In addition, my google drive has documents from all over the place--my email, c-drive and the documents have been disorganized. The OTL is below.


OTL logfile created on: 11/3/2013 12:20:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kgarr_000\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.89 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 46.24% Memory free
11.89 Gb Paging File | 8.65 Gb Available in Paging File | 72.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 675.08 Gb Total Space | 630.77 Gb Free Space | 93.44% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: kgarretttgould | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/11/03 12:19:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kgarr_000\Downloads\OTL.exe
PRC - [2013/11/01 09:23:42 | 000,756,840 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2013/10/21 20:07:30 | 003,018,800 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
PRC - [2013/10/15 15:19:25 | 000,194,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
PRC - [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/25 16:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/09/11 18:41:24 | 004,728,368 | ---- | M] (SparkTrust) -- C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe
PRC - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/26 13:18:50 | 001,157,496 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2013/08/26 13:18:28 | 001,137,016 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2013/08/07 13:24:00 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/08/07 13:24:00 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/01/31 20:52:54 | 001,594,416 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
PRC - [2013/01/31 20:52:48 | 000,085,040 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
PRC - [2013/01/14 13:29:50 | 000,165,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2013/01/14 13:29:50 | 000,131,032 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/11/03 11:36:51 | 001,175,040 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\wx._core_.pyd
MOD - [2013/11/03 11:36:51 | 001,153,024 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\_ssl.pyd
MOD - [2013/11/03 11:36:51 | 000,811,008 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\wx._windows_.pyd
MOD - [2013/11/03 11:36:51 | 000,805,888 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\wx._gdi_.pyd
MOD - [2013/11/03 11:36:51 | 000,735,232 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\wx._misc_.pyd
MOD - [2013/11/03 11:36:51 | 000,711,680 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\_hashlib.pyd
MOD - [2013/11/03 11:36:51 | 000,557,056 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\pysqlite2._sqlite.pyd
MOD - [2013/11/03 11:36:51 | 000,504,832 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\windows._cacheinvalidation.pyd
MOD - [2013/11/03 11:36:51 | 000,364,544 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\pythoncom27.dll
MOD - [2013/11/03 11:36:51 | 000,320,512 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\win32com.shell.shell.pyd
MOD - [2013/11/03 11:36:51 | 000,128,512 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\_elementtree.pyd
MOD - [2013/11/03 11:36:51 | 000,110,080 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\pywintypes27.dll
MOD - [2013/11/03 11:36:51 | 000,108,544 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\win32security.pyd
MOD - [2013/11/03 11:36:51 | 000,098,816 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\win32api.pyd
MOD - [2013/11/03 11:36:51 | 000,087,040 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\_ctypes.pyd
MOD - [2013/11/03 11:36:51 | 000,070,656 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\wx._html2.pyd
MOD - [2013/11/03 11:36:51 | 000,044,032 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\_socket.pyd
MOD - [2013/11/03 11:36:51 | 000,035,840 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\win32process.pyd
MOD - [2013/11/03 11:36:51 | 000,026,624 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\_multiprocessing.pyd
MOD - [2013/11/03 11:36:51 | 000,025,600 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\win32pdh.pyd
MOD - [2013/11/03 11:36:51 | 000,022,528 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\win32ts.pyd
MOD - [2013/11/03 11:36:51 | 000,017,408 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\win32profile.pyd
MOD - [2013/11/03 11:36:51 | 000,011,264 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\win32crypt.pyd
MOD - [2013/11/03 11:36:50 | 001,062,400 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\wx._controls_.pyd
MOD - [2013/11/03 11:36:50 | 000,686,080 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\unicodedata.pyd
MOD - [2013/11/03 11:36:50 | 000,127,488 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\pyexpat.pyd
MOD - [2013/11/03 11:36:50 | 000,122,368 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\wx._wizard.pyd
MOD - [2013/11/03 11:36:50 | 000,119,808 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\win32file.pyd
MOD - [2013/11/03 11:36:50 | 000,038,912 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\win32inet.pyd
MOD - [2013/11/03 11:36:50 | 000,018,432 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\win32event.pyd
MOD - [2013/11/03 11:36:50 | 000,010,240 | ---- | M] () -- C:\Users\KGARR_~1\AppData\Local\Temp\_MEI44602\select.pyd
MOD - [2013/10/28 08:02:09 | 000,785,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\6f148949888c20d25b9292ea5b80b9cb\System.ServiceModel.Internals.ni.dll
MOD - [2013/10/28 08:02:08 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\347c1cd4d2f491bbf28168f51c3e8da1\SMDiagnostics.ni.dll
MOD - [2013/10/26 09:52:32 | 007,803,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e6b0fac086c9f63921dc57ccb85a0ee4\System.Xml.ni.dll
MOD - [2013/10/26 09:52:21 | 012,856,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\af4e47767c78d7335dc160fbe925558c\System.Windows.Forms.ni.dll
MOD - [2013/10/26 09:52:05 | 019,566,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\46b4609a23cd36da267dacc7db3be849\System.ServiceModel.ni.dll
MOD - [2013/10/26 09:51:34 | 002,804,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\d5ec652ee752e275276098614a3b07a6\System.Runtime.Serialization.ni.dll
MOD - [2013/10/26 09:51:26 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\5d9c806d510ce30645b2118d96589486\System.Drawing.ni.dll
MOD - [2013/10/26 09:51:14 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\a651a53f70ec4356e530497679d60d59\System.Configuration.ni.dll
MOD - [2013/10/26 09:50:31 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\b23c1312ec0a64893e596e2fc2aa875b\System.Core.ni.dll
MOD - [2013/10/26 09:50:22 | 010,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\220f99197372e34d3a6ca5005e7ef1f0\System.ni.dll
MOD - [2013/10/26 09:50:11 | 017,360,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\9ce38091b2e714845369c9bc3b5b5395\mscorlib.ni.dll
MOD - [2013/10/15 15:17:11 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
MOD - [2013/10/15 15:17:10 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2013/10/08 19:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/08 19:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/08 19:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/08 19:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/08 19:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/09/11 18:41:42 | 000,045,616 | ---- | M] () -- C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\LiteZip.dll
MOD - [2013/09/11 18:41:40 | 000,053,296 | ---- | M] () -- C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\LiteUnzip.dll
MOD - [2013/09/11 18:41:38 | 000,554,032 | ---- | M] () -- C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\7ZipDLL.dll
MOD - [2013/09/11 18:41:36 | 000,925,744 | ---- | M] () -- C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\Utility.pxt
MOD - [2013/09/11 18:41:32 | 000,138,800 | ---- | M] () -- C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\RegHookSpecialist.pxt
MOD - [2013/09/11 18:41:30 | 000,083,504 | ---- | M] () -- C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\ExtensionManager.dll
MOD - [2013/09/11 18:41:28 | 000,153,648 | ---- | M] () -- C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\CommonSpecialist.pxt
MOD - [2013/09/11 18:41:24 | 000,155,184 | ---- | M] () -- C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\CommonLoggingExtension.pxt
MOD - [2013/08/22 00:27:39 | 000,762,720 | ---- | M] () -- C:\Windows\SysWOW64\Speech\Engines\TTS\MSTTSEngine.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:[b]64bit:[/b] - [2013/11/01 09:23:42 | 000,756,840 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV:[b]64bit:[/b] - [2013/09/29 23:03:29 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2013/09/29 23:03:28 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2013/09/29 23:03:28 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2013/09/29 23:03:27 | 001,302,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2013/09/29 23:03:27 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2013/09/29 23:03:27 | 000,261,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2013/09/06 17:52:46 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:[b]64bit:[/b] - [2013/08/23 10:02:40 | 003,667,696 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:[b]64bit:[/b] - [2013/08/23 10:02:18 | 000,284,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:[b]64bit:[/b] - [2013/08/23 10:02:04 | 000,631,024 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:[b]64bit:[/b] - [2013/08/23 10:01:36 | 000,154,864 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:[b]64bit:[/b] - [2013/08/22 07:39:24 | 003,395,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2013/08/22 07:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:[b]64bit:[/b] - [2013/08/22 07:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2013/08/22 07:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2013/08/22 06:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2013/08/22 06:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2013/08/22 06:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2013/08/22 06:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2013/08/22 06:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2013/08/22 06:03:23 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2013/08/22 05:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2013/08/22 05:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2013/08/22 05:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2013/08/22 04:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2013/08/22 04:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2013/08/22 04:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2013/08/22 04:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2013/08/22 04:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2013/08/22 04:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2013/08/22 04:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2013/08/22 04:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2013/08/22 04:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2013/08/22 04:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2013/08/22 04:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2013/08/22 04:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2013/08/07 13:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:[b]64bit:[/b] - [2012/12/10 00:31:44 | 000,803,872 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2012/12/10 00:31:28 | 000,732,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2013/10/21 20:07:30 | 003,018,800 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe -- (SWUpdateService)
SRV - [2013/10/03 22:43:02 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/09/29 23:03:26 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/09/19 17:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/09/18 21:38:44 | 000,157,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe -- (Intel(R)
SRV - [2013/09/16 11:20:16 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/09/05 09:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/08/26 13:18:50 | 001,157,496 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2013/08/26 13:18:28 | 001,137,016 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2013/08/22 07:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 22:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 21:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/01/31 20:52:54 | 001,594,416 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)
SRV - [2013/01/14 13:29:50 | 000,165,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2013/01/14 13:29:50 | 000,131,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/04/24 00:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2013/11/01 09:23:43 | 000,114,720 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)
DRV:[b]64bit:[/b] - [2013/10/03 22:42:44 | 004,185,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2013/09/29 23:03:28 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2013/09/29 23:03:25 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2013/09/29 23:03:25 | 000,371,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2013/09/29 23:03:25 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2013/09/29 23:03:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2013/09/29 23:03:25 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2013/09/29 23:03:25 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2013/09/29 22:51:06 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2013/09/29 22:51:01 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2013/09/26 04:08:22 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:[b]64bit:[/b] - [2013/09/26 04:08:22 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:[b]64bit:[/b] - [2013/09/16 11:20:12 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2013/09/05 15:37:40 | 001,390,904 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:[b]64bit:[/b] - [2013/09/04 17:03:50 | 003,345,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwew00.sys -- (NETwNe64)
DRV:[b]64bit:[/b] - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:34 | 000,325,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:31 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:31 | 000,056,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2013/08/22 07:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2013/08/22 07:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2013/08/22 07:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:[b]64bit:[/b] - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2013/08/22 07:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2013/08/22 07:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2013/08/22 07:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2013/08/22 07:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2013/08/22 06:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:[b]64bit:[/b] - [2013/08/22 06:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2013/08/22 06:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2013/08/22 06:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2013/08/22 06:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2013/08/22 06:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2013/08/22 06:36:37 | 000,224,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:[b]64bit:[/b] - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2013/08/22 06:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2013/08/22 06:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2013/08/22 06:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:[b]64bit:[/b] - [2013/08/07 13:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2013/07/26 14:07:30 | 000,827,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:[b]64bit:[/b] - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2013/07/22 17:56:48 | 000,140,600 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:[b]64bit:[/b] - [2013/05/21 07:14:00 | 000,165,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:[b]64bit:[/b] - [2013/04/23 12:24:26 | 000,069,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:[b]64bit:[/b] - [2013/01/22 21:22:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2012/10/16 05:02:04 | 000,457,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2012/10/09 04:48:48 | 000,188,896 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xHCIPort.sys -- (XHCIPort)
DRV:[b]64bit:[/b] - [2012/10/09 04:48:48 | 000,047,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb3Hub.sys -- (usb3Hub)
DRV:[b]64bit:[/b] - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/07/27 07:00:03 | 000,023,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RadioHIDMini.sys -- (RadioHIDMini)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {1BA53427-B6E1-451F-AB82-C73F394352B1}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{1BA53427-B6E1-451F-AB82-C73F394352B1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {1BA53427-B6E1-451F-AB82-C73F394352B1}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1BA53427-B6E1-451F-AB82-C73F394352B1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
IE - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com
IE - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\..\SearchScopes,DefaultScope = {3DDDEA70-695C-499B-89B4-A0F82AF0B8F4}
IE - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\..\SearchScopes\{3DDDEA70-695C-499B-89B4-A0F82AF0B8F4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\kgarr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: No name found = C:\Users\kgarr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\kgarr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdkpinfdldjdngmgfbifbdbgaoampkan\0.42_0\
CHR - Extension: No name found = C:\Users\kgarr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdiaibgndcpagmnpkjoelgfkommjbni\3_0\
CHR - Extension: No name found = C:\Users\kgarr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0\
CHR - Extension: No name found = C:\Users\kgarr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: No name found = C:\Users\kgarr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\3.2_0\
CHR - Extension: No name found = C:\Users\kgarr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk\1.0_0\
CHR - Extension: No name found = C:\Users\kgarr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: No name found = C:\Users\kgarr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Users\kgarr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\
CHR - Extension: No name found = C:\Users\kgarr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.0.15_0\
CHR - Extension: No name found = C:\Users\kgarr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\piiokbhpgldooopjdacdondngonfljoc\19.6_0\
CHR - Extension: No name found = C:\Users\kgarr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/08/22 08:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll ()
O2:[b]64bit:[/b] - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll ()
O4:[b]64bit:[/b] - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004..\Run: [GoogleChromeAutoLaunch_FE925D4A4232B6DF120A2CEA5831DFFF] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004..\Run: [Quick Starter] C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe (Samsung Electronics CO., LTD.)
O4 - Startup: C:\Users\kgarr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O4 - Startup: C:\Users\kgarr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar64.dll ()
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar64.dll ()
O9:[b]64bit:[/b] - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87B14FC2-5E78-47CF-8E06-F6742359975E}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\osf - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-653373433-2252124362-1593081999-1004\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/11/03 12:06:05 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Roaming\SparkTrust
[2013/11/03 12:05:28 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
[2013/11/03 12:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust
[2013/11/03 12:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
[2013/11/03 12:05:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SparkTrust
[2013/11/03 08:45:28 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Roaming\SpeedMaxPc
[2013/11/03 08:45:28 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Roaming\DriverCure
[2013/11/03 08:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2013/11/01 09:39:23 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Local\ElevatedDiagnostics
[2013/10/30 10:05:53 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/10/29 09:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/10/29 07:27:40 | 002,103,040 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\WavesGUILib64.dll
[2013/10/29 07:27:40 | 000,947,248 | ---- | C] (Sony Corporation) -- C:\WINDOWS\SysNative\SFSS_APO.dll
[2013/10/29 07:27:39 | 002,809,048 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtPgEx64.dll
[2013/10/29 07:27:39 | 002,586,840 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkAPO64.dll
[2013/10/29 07:27:39 | 001,662,024 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RTSnMg64.cpl
[2013/10/29 07:27:39 | 001,284,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RTCOM64.dll
[2013/10/29 07:27:39 | 001,021,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtkApi64.dll
[2013/10/29 07:27:39 | 000,617,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RtDataProc64.dll
[2013/10/29 07:27:38 | 033,917,440 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RCoRes64.dat
[2013/10/29 07:27:38 | 000,150,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysNative\RCoInstII64.dll
[2013/10/29 07:27:37 | 000,662,784 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxVolumeSDAPO.dll
[2013/10/29 07:27:36 | 014,048,512 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioRealtek64.dll
[2013/10/29 07:27:35 | 002,032,896 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioEQ64.dll
[2013/10/29 07:27:35 | 000,922,880 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioAPOShell64.dll
[2013/10/29 07:27:35 | 000,663,296 | ---- | C] (Waves Audio Ltd.) -- C:\WINDOWS\SysNative\MaxxAudioAPO30.dll
[2013/10/29 07:27:33 | 006,217,904 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\DDPP64A.dll
[2013/10/29 07:27:33 | 002,743,328 | ---- | C] (Fortemedia Corporation) -- C:\WINDOWS\SysNative\FMAPO64.dll
[2013/10/29 07:27:33 | 001,938,608 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\DDPD64A.dll
[2013/10/29 07:27:33 | 000,313,520 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\DDPO64A.dll
[2013/10/29 07:27:33 | 000,260,272 | ---- | C] (Dolby Laboratories) -- C:\WINDOWS\SysNative\DDPA64.dll
[2013/10/29 07:27:32 | 000,209,096 | ---- | C] (Andrea Electronics Corporation) -- C:\WINDOWS\SysNative\AERTAC64.dll
[2013/10/29 07:27:32 | 000,113,576 | ---- | C] (Real Sound Lab SIA) -- C:\WINDOWS\SysNative\CONEQMSAPOGUILibrary.dll
[2013/10/29 07:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/10/29 07:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/10/29 07:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013/10/29 07:16:04 | 000,827,096 | ---- | C] (Realtek ) -- C:\WINDOWS\SysNative\drivers\Rt630x64.sys
[2013/10/29 07:16:04 | 000,074,456 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\SysNative\RtNicProp64.dll
[2013/10/29 07:16:01 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Roaming\Intel Corporation
[2013/10/29 07:15:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\RSTLog
[2013/10/29 06:58:09 | 003,154,552 | ---- | C] (Samsung Electronics CO.,LTD) -- C:\Users\kgarr_000\Desktop\SecSWMgrGuide.exe
[2013/10/29 06:27:27 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\AppData\Roaming\Brother
[2013/10/29 05:18:57 | 000,872,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2013/10/29 05:18:57 | 000,698,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2013/10/27 18:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2013/10/27 18:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/10/27 18:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/10/27 16:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2013/10/27 12:46:38 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\Documents\OneNote Notebooks
[2013/10/27 10:04:05 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\Documents\My Received Files
[2013/10/27 10:01:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013/10/27 10:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel.sav
[2013/10/26 09:08:14 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Roaming\No Company Name
[2013/10/26 08:41:03 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Local\Cyberlink
[2013/10/26 08:40:58 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Roaming\CyberLink
[2013/10/26 08:14:59 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Local\Adobe
[2013/10/26 00:22:22 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/10/26 00:22:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2013/10/26 00:20:16 | 002,144,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2013/10/26 00:20:16 | 002,140,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2013/10/26 00:20:16 | 001,765,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2013/10/26 00:20:16 | 001,765,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2013/10/26 00:20:16 | 001,286,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2013/10/26 00:20:16 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Streaming.dll
[2013/10/26 00:20:16 | 000,977,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll
[2013/10/26 00:20:16 | 000,909,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2013/10/26 00:20:16 | 000,837,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2013/10/26 00:20:16 | 000,698,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2013/10/26 00:20:16 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll
[2013/10/26 00:20:16 | 000,516,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2013/10/26 00:20:16 | 000,382,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2013/10/26 00:20:16 | 000,294,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Sensors.dll
[2013/10/26 00:20:16 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/10/26 00:20:16 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
[2013/10/26 00:20:16 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/10/26 00:16:14 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/10/26 00:15:11 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/26 00:15:11 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TsWpfWrp.exe
[2013/10/26 00:15:10 | 000,778,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
[2013/10/26 00:15:09 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TsWpfWrp.exe
[2013/10/26 00:15:08 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/26 00:15:07 | 001,166,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationNative_v0300.dll
[2013/10/25 21:02:56 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\SkyDrive
[2013/10/25 21:00:43 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Roaming\Synaptics
[2013/10/25 20:29:32 | 000,000,000 | --SD | C] -- C:\Users\kgarr_000\AppData\Roaming\Microsoft
[2013/10/25 20:29:32 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/10/25 20:29:32 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\Saved Games
[2013/10/25 20:29:32 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\Favorites
[2013/10/25 20:29:32 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\Documents
[2013/10/25 20:29:32 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\Desktop
[2013/10/25 20:29:32 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/10/25 20:29:32 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/10/25 20:29:32 | 000,000,000 | -HSD | C] -- C:\Users\kgarr_000\AppData\Local\Temporary Internet Files
[2013/10/25 20:29:32 | 000,000,000 | -HSD | C] -- C:\Users\kgarr_000\Templates
[2013/10/25 20:29:32 | 000,000,000 | -HSD | C] -- C:\Users\kgarr_000\Start Menu
[2013/10/25 20:29:32 | 000,000,000 | -HSD | C] -- C:\Users\kgarr_000\SendTo
[2013/10/25 20:29:32 | 000,000,000 | -HSD | C] -- C:\Users\kgarr_000\Recent
[2013/10/25 20:29:32 | 000,000,000 | -HSD | C] -- C:\Users\kgarr_000\PrintHood
[2013/10/25 20:29:32 | 000,000,000 | -HSD | C] -- C:\Users\kgarr_000\NetHood
[2013/10/25 20:29:32 | 000,000,000 | -HSD | C] -- C:\Users\kgarr_000\Documents\My Videos
[2013/10/25 20:29:32 | 000,000,000 | -HSD | C] -- C:\Users\kgarr_000\Documents\My Pictures
[2013/10/25 20:29:32 | 000,000,000 | -HSD | C] -- C:\Users\kgarr_000\Documents\My Music
[2013/10/25 20:29:32 | 000,000,000 | -HSD | C] -- C:\Users\kgarr_000\My Documents
[2013/10/25 20:29:32 | 000,000,000 | -HSD | C] -- C:\Users\kgarr_000\Local Settings
[2013/10/25 20:29:32 | 000,000,000 | -HSD | C] -- C:\Users\kgarr_000\AppData\Local\History
[2013/10/25 20:29:32 | 000,000,000 | -HSD | C] -- C:\Users\kgarr_000\Cookies
[2013/10/25 20:29:32 | 000,000,000 | -HSD | C] -- C:\Users\kgarr_000\Application Data
[2013/10/25 20:29:32 | 000,000,000 | -HSD | C] -- C:\Users\kgarr_000\AppData\Local\Application Data
[2013/10/25 20:29:32 | 000,000,000 | -H-D | C] -- C:\Users\kgarr_000\AppData
[2013/10/25 20:29:32 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Local\Temp
[2013/10/25 20:29:32 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Local\Microsoft
[2013/10/25 20:29:32 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/10/25 20:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/10/25 20:25:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/10/25 20:25:03 | 000,064,000 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.DLL
[2013/10/25 20:25:03 | 000,060,416 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.DLL
[2013/10/25 20:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013/10/25 20:24:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\SRSLabs
[2013/10/25 20:24:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2013/10/25 20:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/10/25 20:23:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/10/25 17:45:50 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2013/10/25 17:45:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/10/25 10:14:11 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Local\Diagnostics
[2013/10/25 10:09:00 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\Documents\Odd things in odd places
[2013/10/24 16:52:15 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\Documents\Scanned Documents
[2013/10/24 16:52:14 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\Documents\Fax
[2013/10/24 16:28:46 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Local\Apple Computer
[2013/10/24 16:23:51 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\Searches
[2013/10/24 13:14:41 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/10/22 12:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/22 12:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/22 12:09:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/10/22 12:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/22 12:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/10/22 11:34:53 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\Documents\Notes
[2013/10/22 11:26:45 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Local\Mozilla
[2013/10/22 10:20:04 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\Google Drive
[2013/10/17 13:56:12 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Local\Intel
[2013/10/17 13:55:46 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Roaming\Intel WiDi
[2013/10/15 17:10:22 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Local\LogMeIn Rescue Applet
[2013/10/15 15:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/10/15 15:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/10/15 15:26:01 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\SkyDrive.old
[2013/10/15 15:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2013/10/15 15:10:08 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Roaming\Identities
[2013/10/15 14:50:32 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\Documents\ED_191 Papers
[2013/10/15 14:43:12 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\Documents\Custom Office Templates
[2013/10/15 14:08:49 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Local\Microsoft Help
[2013/10/15 13:17:38 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\Documents\LAPTOP
[2013/10/15 13:05:05 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Roaming\Macromedia
[2013/10/15 13:03:59 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Local\Samsung
[2013/10/15 13:03:18 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Roaming\Apple Computer
[2013/10/15 13:02:54 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/10/15 13:02:54 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/10/15 13:02:53 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\Contacts
[2013/10/15 13:02:42 | 000,000,000 | -H-D | C] -- C:\Users\kgarr_000\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/10/15 13:02:42 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Roaming\Adobe
[2013/10/15 13:02:32 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Local\VirtualStore
[2013/10/15 13:02:26 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Local\Packages
[2013/10/15 13:02:13 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Roaming\Intel
[2013/10/15 13:02:11 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\Videos
[2013/10/15 13:02:11 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\Pictures
[2013/10/15 13:02:11 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\Music
[2013/10/15 13:02:11 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\Links
[2013/10/15 13:02:11 | 000,000,000 | R--D | C] -- C:\Users\kgarr_000\Downloads
[2013/10/15 13:02:11 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\Roaming
[2013/10/15 13:02:11 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\AppData\Local\Google
[2013/10/15 08:42:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/10/11 16:21:52 | 000,829,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvcr100.dll
[2013/10/11 16:21:52 | 000,608,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvcp100.dll
[2013/10/08 10:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
[2013/10/08 07:50:12 | 000,000,000 | ---D | C] -- C:\Users\kgarr_000\Documents\Related to ED191
[2013/04/16 01:43:42 | 002,064,264 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe
[1 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/11/03 12:24:54 | 000,000,568 | ---- | M] () -- C:\Users\kgarr_000\Desktop\Geek Squad Remote Support.website
[2013/11/03 12:06:11 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\SparkTrust Registration3.job
[2013/11/03 12:05:27 | 000,000,630 | ---- | M] () -- C:\WINDOWS\tasks\SparkTrust PC Cleaner Plus Startup.job
[2013/11/03 12:05:26 | 000,001,369 | ---- | M] () -- C:\Users\kgarr_000\Desktop\SparkTrust PC Cleaner Plus.lnk
[2013/11/03 12:05:26 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\SparkTrust Update Version3 Startup Task.job
[2013/11/03 12:05:26 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\SparkTrust Update Version3.job
[2013/11/03 12:05:24 | 000,000,554 | ---- | M] () -- C:\WINDOWS\tasks\SparkTrust PC Cleaner Plus.job
[2013/11/03 11:41:24 | 000,921,134 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013/11/03 11:41:24 | 000,775,240 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013/11/03 11:41:24 | 000,148,354 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013/11/03 11:37:20 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/03 11:36:40 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/03 11:35:01 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
[2013/11/03 11:34:36 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/11/03 11:34:35 | 763,097,087 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/03 10:27:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/01 09:31:00 | 000,002,319 | ---- | M] () -- C:\Users\kgarr_000\Desktop\Chrome App Launcher.lnk
[2013/11/01 09:23:43 | 000,154,312 | ---- | M] (Webroot) -- C:\WINDOWS\SysWow64\WRusr.dll
[2013/11/01 09:23:43 | 000,114,720 | ---- | M] (Webroot) -- C:\WINDOWS\SysNative\drivers\WRkrn.sys
[2013/11/01 09:23:43 | 000,104,872 | ---- | M] (Webroot) -- C:\WINDOWS\SysNative\WRusr.dll
[2013/10/29 09:18:43 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/10/29 07:42:02 | 000,000,002 | ---- | M] () -- C:\WINDOWS\MSetup.pas
[2013/10/29 07:28:17 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2013/10/29 07:16:11 | 000,935,790 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/10/29 07:14:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2013/10/29 06:58:10 | 003,154,552 | ---- | M] (Samsung Electronics CO.,LTD) -- C:\Users\kgarr_000\Desktop\SecSWMgrGuide.exe
[2013/10/29 06:29:11 | 000,000,672 | ---- | M] () -- C:\WINDOWS\BRRBCOM.INI
[2013/10/28 20:29:49 | 000,001,115 | ---- | M] () -- C:\Users\kgarr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
[2013/10/27 17:38:36 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2013/10/27 12:18:18 | 000,000,000 | -H-- | M] () -- C:\Users\kgarr_000\Documents\Default.rdp
[2013/10/27 09:30:33 | 002,247,704 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013/10/26 08:11:35 | 000,000,626 | RHS- | M] () -- C:\Users\kgarr_000\ntuser.pol
[2013/10/26 00:20:28 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2013/10/26 00:20:28 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/26 00:20:16 | 002,144,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2013/10/26 00:20:16 | 002,140,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2013/10/26 00:20:16 | 001,765,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2013/10/26 00:20:16 | 001,765,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2013/10/26 00:20:16 | 001,286,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2013/10/26 00:20:16 | 001,217,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Streaming.dll
[2013/10/26 00:20:16 | 000,977,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll
[2013/10/26 00:20:16 | 000,909,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2013/10/26 00:20:16 | 000,837,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2013/10/26 00:20:16 | 000,698,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2013/10/26 00:20:16 | 000,621,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll
[2013/10/26 00:20:16 | 000,516,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2013/10/26 00:20:16 | 000,382,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2013/10/26 00:20:16 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Sensors.dll
[2013/10/26 00:20:16 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/10/26 00:20:16 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
[2013/10/26 00:20:16 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/10/25 21:03:10 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Support Center.lnk
[2013/10/25 20:44:59 | 000,028,578 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2013/10/25 20:44:59 | 000,028,578 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2013/10/25 20:44:35 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013/10/25 20:25:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
[2013/10/25 20:25:19 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
[2013/10/25 20:25:19 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/10/25 17:45:50 | 000,001,097 | ---- | M] () -- C:\Users\kgarr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/10/25 17:45:50 | 000,001,087 | ---- | M] () -- C:\Users\kgarr_000\Desktop\MyPC Backup.lnk
[2013/10/25 11:09:05 | 001,110,476 | ---- | M] () -- C:\Users\kgarr_000\7z920.exe
[2013/10/24 15:48:32 | 001,118,208 | ---- | M] () -- C:\Users\kgarr_000\Documents\alluserinstallagent.evtx
[2013/10/24 15:02:01 | 011,542,528 | ---- | M] () -- C:\Users\kgarr_000\Documents\SRUDB.dat
[2013/10/24 14:51:30 | 000,041,883 | ---- | M] () -- C:\Users\kgarr_000\AppData\Local\Perfmon.PerfmonCfg
[2013/10/24 13:18:43 | 032,505,856 | ---- | M] () -- C:\Users\kgarr_000\Documents\COMPONENTS
[2013/10/23 06:01:19 | 000,872,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2013/10/23 03:59:16 | 000,698,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2013/10/22 12:10:23 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/22 10:20:05 | 000,002,021 | ---- | M] () -- C:\Users\kgarr_000\Desktop\Google Drive.lnk
[2013/10/22 07:46:59 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\SW Update.lnk
[2013/10/18 10:01:15 | 000,394,925 | ---- | M] () -- C:\Users\kgarr_000\Documents\codes of power.pdf
[2013/10/17 13:06:26 | 000,002,056 | ---- | M] () -- C:\Users\kgarr_000\Desktop\Support Center.lnk
[2013/10/16 18:42:15 | 000,000,184 | ---- | M] () -- C:\Users\kgarr_000\Documents\Amazon.gdoc
[2013/10/15 13:17:34 | 000,002,279 | ---- | M] () -- C:\Users\kgarr_000\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/15 13:17:34 | 000,002,255 | ---- | M] () -- C:\Users\kgarr_000\Desktop\Google Chrome.lnk
[2013/10/15 13:04:43 | 000,001,424 | ---- | M] () -- C:\Users\kgarr_000\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/10/15 13:04:43 | 000,000,223 | -HS- | M] () -- C:\Users\kgarr_000\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2013/10/11 16:21:52 | 000,829,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvcr100.dll
[2013/10/11 16:21:52 | 000,608,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvcp100.dll
[2013/10/11 16:21:52 | 000,569,424 | ---- | M] () -- C:\Users\kgarr_000\Desktop\SupportCenterSetup.exe
[1 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/11/03 12:06:10 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\SparkTrust Registration3.job
[2013/11/03 12:05:27 | 000,000,630 | ---- | C] () -- C:\WINDOWS\tasks\SparkTrust PC Cleaner Plus Startup.job
[2013/11/03 12:05:26 | 000,001,369 | ---- | C] () -- C:\Users\kgarr_000\Desktop\SparkTrust PC Cleaner Plus.lnk
[2013/11/03 12:05:26 | 000,000,506 | ---- | C] () -- C:\WINDOWS\tasks\SparkTrust Update Version3 Startup Task.job
[2013/11/03 12:05:25 | 000,000,454 | ---- | C] () -- C:\WINDOWS\tasks\SparkTrust Update Version3.job
[2013/11/03 12:05:24 | 000,000,554 | ---- | C] () -- C:\WINDOWS\tasks\SparkTrust PC Cleaner Plus.job
[2013/10/30 10:05:53 | 000,002,319 | ---- | C] () -- C:\Users\kgarr_000\Desktop\Chrome App Launcher.lnk
[2013/10/29 09:18:43 | 000,002,457 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/10/29 09:18:43 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/10/29 07:42:02 | 000,000,002 | ---- | C] () -- C:\WINDOWS\MSetup.pas
[2013/10/29 07:28:17 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/10/29 07:27:40 | 005,681,192 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\rtvienna.dat
[2013/10/29 07:27:38 | 000,653,829 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\RTAIODAT.DAT
[2013/10/29 07:16:11 | 000,935,790 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/10/29 07:14:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2013/10/28 20:29:49 | 000,001,115 | ---- | C] () -- C:\Users\kgarr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
[2013/10/27 12:18:18 | 000,000,000 | -H-- | C] () -- C:\Users\kgarr_000\Documents\Default.rdp
[2013/10/25 21:03:10 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Support Center.lnk
[2013/10/25 20:59:12 | 000,001,442 | ---- | C] () -- C:\Users\kgarr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/10/25 20:59:02 | 000,000,626 | RHS- | C] () -- C:\Users\kgarr_000\ntuser.pol
[2013/10/25 20:44:36 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013/10/25 20:37:06 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
[2013/10/25 20:33:38 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/10/25 20:29:32 | 000,000,352 | ---- | C] () -- C:\Users\kgarr_000\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/10/25 20:29:32 | 000,000,334 | ---- | C] () -- C:\Users\kgarr_000\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/10/25 20:29:23 | 000,028,578 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2013/10/25 20:29:23 | 000,028,578 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2013/10/25 20:25:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
[2013/10/25 20:25:19 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
[2013/10/25 20:25:19 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/10/25 17:45:50 | 000,001,097 | ---- | C] () -- C:\Users\kgarr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/10/25 17:45:50 | 000,001,087 | ---- | C] () -- C:\Users\kgarr_000\Desktop\MyPC Backup.lnk
[2013/10/25 11:08:52 | 001,110,476 | ---- | C] () -- C:\Users\kgarr_000\7z920.exe
[2013/10/25 10:32:16 | 000,919,220 | ---- | C] () -- C:\Users\kgarr_000\Documents\Thank you for agreeing to serve as Article Editor on SO-11-0322
[2013/10/24 15:48:18 | 001,118,208 | ---- | C] () -- C:\Users\kgarr_000\Documents\alluserinstallagent.evtx
[2013/10/24 15:21:46 | 011,542,528 | ---- | C] () -- C:\Users\kgarr_000\Documents\SRUDB.dat
[2013/10/24 15:21:09 | 000,000,940 | ---- | C] () -- C:\Users\kgarr_000\Documents\SP_87CE74B7D3B44BFE92B1F8F7D548E3D3.dat
[2013/10/24 15:19:27 | 032,505,856 | ---- | C] () -- C:\Users\kgarr_000\Documents\COMPONENTS
[2013/10/24 14:53:34 | 000,004,136 | ---- | C] () -- C:\Users\kgarr_000\Documents\c2rheartbeatconfig.xml
[2013/10/24 13:41:37 | 000,000,007 | ---- | C] () -- C:\Users\kgarr_000\Documents\Desktop (create shortcut).DeskLink
[2013/10/24 13:41:37 | 000,000,004 | ---- | C] () -- C:\Users\kgarr_000\Documents\Mail Recipient.MAPIMail
[2013/10/24 13:41:37 | 000,000,003 | ---- | C] () -- C:\Users\kgarr_000\Documents\Compressed (zipped) Folder.ZFSendToTarget
[2013/10/22 12:10:23 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/22 11:26:31 | 000,041,883 | ---- | C] () -- C:\Users\kgarr_000\AppData\Local\Perfmon.PerfmonCfg
[2013/10/22 10:25:48 | 000,000,568 | ---- | C] () -- C:\Users\kgarr_000\Desktop\Geek Squad Remote Support.website
[2013/10/22 10:22:53 | 000,000,184 | ---- | C] () -- C:\Users\kgarr_000\Documents\Amazon.gdoc
[2013/10/22 10:20:05 | 000,002,021 | ---- | C] () -- C:\Users\kgarr_000\Desktop\Google Drive.lnk
[2013/10/22 07:46:59 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\SW Update.lnk
[2013/10/18 10:01:15 | 000,394,925 | ---- | C] () -- C:\Users\kgarr_000\Documents\codes of power.pdf
[2013/10/17 13:06:26 | 000,002,056 | ---- | C] () -- C:\Users\kgarr_000\Desktop\Support Center.lnk
[2013/10/17 13:04:37 | 000,002,101 | ---- | C] () -- C:\Users\kgarr_000\Desktop\Quick Starter.lnk
[2013/10/15 13:04:43 | 000,001,424 | ---- | C] () -- C:\Users\kgarr_000\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer
milkmaid
Active Member
 
Posts: 2
Joined: November 3rd, 2013, 12:55 pm
Advertisement
Register to Remove

Re: Trouble with potential hackers

Unread postby milkmaid » November 3rd, 2013, 1:45 pm

Here is the rest of my report:
Browser.lnk
[2013/10/15 13:03:26 | 000,001,198 | ---- | C] () -- C:\Users\kgarr_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk
[2013/10/15 13:02:42 | 000,002,279 | ---- | C] () -- C:\Users\kgarr_000\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/15 13:02:42 | 000,002,255 | ---- | C] () -- C:\Users\kgarr_000\Desktop\Google Chrome.lnk
[2013/10/15 13:02:11 | 000,000,223 | -HS- | C] () -- C:\Users\kgarr_000\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2013/10/11 16:21:52 | 000,569,424 | ---- | C] () -- C:\Users\kgarr_000\Desktop\SupportCenterSetup.exe
[2013/10/03 22:42:46 | 000,343,040 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/10/03 22:42:40 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/10/03 22:42:38 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/09/14 15:36:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2013/09/06 07:24:31 | 000,000,672 | ---- | C] () -- C:\WINDOWS\BRRBCOM.INI
[2013/09/03 12:42:03 | 000,000,296 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2013/09/03 11:44:26 | 000,000,037 | ---- | C] () -- C:\WINDOWS\SysWow64\bd3070cw.dat
[2013/09/03 09:22:42 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/09/03 09:22:40 | 000,000,013 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2013/09/03 09:22:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2013/09/03 09:22:35 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SysWow64\BRTCPCON.DLL
[2013/09/03 09:22:35 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SysWow64\BRLMW03A.INI
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 22:17:46 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/04/16 01:46:35 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini
[2013/04/16 01:43:42 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml
[2013/02/07 00:27:28 | 000,974,848 | ---- | C] () -- C:\WINDOWS\SysWow64\cis-2.4.dll
[2013/02/07 00:27:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_bs-2.3.dll
[2013/02/07 00:27:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_pe-2.3.dll
[2013/02/07 00:27:28 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_se-2.3.dll
[2012/12/10 00:12:50 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2013/10/25 20:38:10 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/09/29 23:03:28 | 021,195,128 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/09/29 23:03:37 | 018,640,456 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========
[2013/11/03 08:45:28 | 000,000,000 | ---D | M] -- C:\Users\kgarr_000\AppData\Roaming\DriverCure
[2013/10/26 09:08:14 | 000,000,000 | ---D | M] -- C:\Users\kgarr_000\AppData\Roaming\No Company Name
[2013/11/03 12:06:05 | 000,000,000 | ---D | M] -- C:\Users\kgarr_000\AppData\Roaming\SparkTrust
[2013/11/03 08:45:28 | 000,000,000 | ---D | M] -- C:\Users\kgarr_000\AppData\Roaming\SpeedMaxPc
[2013/10/25 21:00:43 | 000,000,000 | ---D | M] -- C:\Users\kgarr_000\AppData\Roaming\Synaptics

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 785 bytes -> C:\Users\kgarr_000\SkyDrive:ms-properties

< End of report >


OTL Extras logfile created on: 11/3/2013 12:20:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kgarr_000\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.89 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 46.24% Memory free
11.89 Gb Paging File | 8.65 Gb Available in Paging File | 72.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 675.08 Gb Total Space | 630.77 Gb Free Space | 93.44% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: kgarretttgould | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028D9BA4-0220-4474-8CC3-4B2428659EB1}" = lport=8743 | protocol=6 | dir=in | name=allshareframeworkdms action tcp port |
"{0E79DA7D-5BD0-4692-AB09-5D4F6B990294}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1805461B-9C0B-4A9A-8E8F-B48ABFD592AC}" = lport=8643 | protocol=6 | dir=in | name=allshareframeworkdms event tcp port |
"{1D77D9AC-385D-49BB-96F1-E784491B064C}" = lport=7900 | protocol=6 | dir=in | name=allshareframework dms service udp port2 |
"{1FEAF679-A186-4ACD-8B5F-EB8B7C5B013F}" = lport=24234 | protocol=6 | dir=in | name=allshareframework dms service udp port1 |
"{38C19F21-97A1-49E6-984E-C4AC5012AC3F}" = lport=7676 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port1 |
"{3ABAB81A-9497-457E-B0AB-CD790E1F629D}" = lport=1900 | protocol=6 | dir=in | name=upnp multicast port |
"{D7B13A39-CFDB-48CD-9968-20BE10EEA20C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EB958389-35F8-4050-AEBE-7B7B5D6C4916}" = lport=7679 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port2 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00619C53-1C39-4D65-9CD4-8F24F6C15D06}" = dir=out | name=bitcasa for samsung |
"{01277D31-D422-4E81-8D7F-4F6E7E51B651}" = dir=out | name=s camera |
"{017F4B96-B506-41B7-8C71-7E9EEF313084}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20279_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{01FD74E2-F81B-451B-A5D1-83056C4399B5}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{02D57BAF-5644-4C96-833C-28CF54F044F3}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{0463794A-ED51-43E4-9243-070F4EF603E1}" = dir=out | name=samsung signature store |
"{06B8F4CC-5BF7-4FDF-8B9C-C9E3E9C0ABD3}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.17\allshareframeworkdms.exe |
"{0A4BC5FE-7C53-48ED-9343-EE89AABD82F4}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{0D79B6D6-08DC-4FD4-A217-E60FF45EE570}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\sidesync\sidesync.exe |
"{0DFBD144-3C56-421A-834A-4535AAA7FFF2}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.17\allshareframeworkdms.exe |
"{1030B908-F60F-4166-A9F9-29426FBDD0E2}" = dir=out | name=skype |
"{128074FC-CC71-447B-BA38-3CD700474F76}" = dir=out | name=kindle |
"{12E78EC9-79CD-49D5-8431-AFDDE15E6729}" = dir=out | name=juniper networks junos pulse |
"{1366CCED-54A4-4F61-B92B-F6A17D38066E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{19145F80-D8A5-47AD-A091-C68EB6504317}" = dir=out | name=@{microsoft.bingtravel_3.0.1.202_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{198ECADF-1850-499D-AFAB-F186AF60195B}" = dir=in | name=pinball fx2 |
"{1A17B322-7DBC-4733-8F8E-6DB750F76C99}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{1A5E8BBA-62F1-489E-A1DE-E9BBB2B3154A}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{1DA036D1-4312-4693-B4C3-B8292EF3025D}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{21666D88-537B-4BC2-9F36-ED4947068610}" = dir=out | name=vimeo for samsung |
"{21E96B2E-1FD4-4FD9-8D0A-A01BFEA0CE72}" = dir=out | name=@{magix.musicmakerjam_1.7.1016.1_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} |
"{258A49DB-8626-4397-809D-8B33360F433E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2DD5FD76-55A0-4968-9DC8-287C05A52383}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{2EEB9AA0-FC56-4ADB-B70B-A7F63DE50A61}" = dir=out | name=kindle |
"{2F7CDF5C-C4D0-48FB-BFFE-9C5A37EBC4FD}" = dir=out | name=bitcasa for samsung |
"{30C31596-4FD7-4E98-9F67-56555E876090}" = dir=in | name=bitcasa for samsung |
"{35514EA6-8AF8-4C49-9D7E-CAC554BEE0AE}" = dir=out | name=windows_ie_ac_001 |
"{369069CD-8CBB-4263-BE56-682839A8B245}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{36F9C4CD-B8CE-4E64-92FA-D966153C31C3}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{39C04A25-CC33-467D-9B57-5A84E3D937E7}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{3B47540C-E5F1-426B-AD38-A96187DB930A}" = dir=out | name=stumbleupon |
"{3B59187D-1A0D-446B-B674-1A8422B66CA9}" = dir=out | name=@{microsoft.bingweather_1.5.1.245_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{3F14E7EC-A7CE-4BCA-9D5B-9F43538F2C3F}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{3F2E6FCA-AAAA-4E5C-BE85-A19B3C33A790}" = dir=out | name=windows_ie_ac_001 |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{43890DC7-5247-4662-ABB7-DE88CBA8747F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44D37E47-7C75-4A86-A42D-FF9E807386DD}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{45CEF2E7-A5A3-47F4-AF33-D99A11DC5BA6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47806F13-541D-4A93-A7F6-5523F6F3A618}" = dir=out | name=@{microsoft.zunemusic_2.2.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{48466E79-1CA9-4BC6-B083-50AAEA48458E}" = dir=out | name=stumbleupon |
"{4D61618D-35A6-4EAB-B609-ECC4CBD529A3}" = dir=out | name=sonicwall mobile connect |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{58C4D1DC-399C-49EE-A146-3CE86A79B961}" = dir=out | name=youtube extra |
"{5A6E065F-5F09-4269-8719-36D4972ED6DA}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9600.20278_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{5D72B33A-FB94-437A-A210-047EF7F72130}" = dir=out | name=jamie's recipes |
"{5E3F894A-0F8E-4B2D-975C-E748D3171048}" = dir=out | name=s gallery |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{624E0F2D-EC41-40FD-B9D6-F03322098D52}" = dir=in | name=juniper networks junos pulse |
"{62B67896-548B-4FE3-9274-8E1753981A24}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{6310FB48-321A-4025-A5ED-C004186B406C}" = dir=in | app=c:\users\karen\appdata\local\microsoft\skydrive\skydrive.exe |
"{63774624-6CDB-451B-B1F8-3D8492421602}" = dir=out | name=fresh paint |
"{63C135E7-0144-4E43-AF15-88BF365934BF}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.17\allshareframeworkdms.exe |
"{64CDF5C7-A356-4CDC-AE4F-005C9BF2B3D4}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{656348C9-569B-46D1-8B8C-1A9297DC62ED}" = dir=out | name=jamie's recipes |
"{65E41A98-7E2A-4613-98AA-CE24245EEBB6}" = dir=out | name=@{microsoft.bingsports_1.5.1.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{6A130499-9631-47F7-919C-E515352D7F28}" = dir=out | name=@{magix.musicmakerjam_1.7.1016.1_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} |
"{6AD4DF7F-CF33-4290-AEE6-5506CA8CE1A0}" = dir=in | name=bitcasa for samsung |
"{6DB620A6-AF23-4461-BE5F-591B88F57AAF}" = dir=out | name=fresh paint |
"{6E64F4DB-34FC-4814-9431-E5F90FE989E8}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{7536D5D6-B2CE-422B-9ADE-FBB1552FA111}" = dir=out | name=merriam-webster dictionary |
"{772515D7-9173-4663-8E21-D44583543A48}" = dir=out | name=@{microsoft.zunemusic_1.5.146.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{774AA586-D81C-4D39-B263-2E31959CA51F}" = dir=out | name=merriam-webster dictionary |
"{781C149E-E342-44B2-BE89-ABEF1CDB216F}" = dir=out | name=@{microsoft.bingfinance_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{7CBACEF4-30B3-4F36-9B96-1AF383255F59}" = dir=out | name=netflix |
"{7D9C7B1D-4075-404A-A10C-434CC3CCDF62}" = dir=out | name=youtube downloader & player |
"{7DC17666-A108-4473-9360-72F5E141717D}" = dir=out | name=f5 vpn |
"{7FAA0FAA-1F23-40A9-AA88-A1A67D1E08C1}" = dir=out | name=@{microsoft.bingsports_2.0.0.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{85A881F2-C22E-47D7-B4B9-2E1081A750E8}" = dir=in | name=@{magix.musicmakerjam_1.7.1016.1_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} |
"{87A3EF69-64B2-4359-8092-C82BAD88773B}" = dir=out | name=abc player |
"{88D38E32-6983-4479-9564-7DF29B84492D}" = dir=in | name=evernote touch |
"{89A44616-4A13-4039-B3AF-E5A2B0DFC442}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9600.20278_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{89AD4D93-6863-40E4-89E6-1C24343FC0BE}" = dir=out | name=pinball fx2 |
"{8DDC1733-2986-4EE1-B887-D3886505654B}" = dir=out | name=s player |
"{90D874CB-6313-450C-B9C4-4914D5D3FBAB}" = dir=out | name=s player |
"{910D8B69-70C8-4BE8-B1BD-18D673ACA284}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{95C46355-DEAB-4E29-96F6-3C771FBE8F3D}" = dir=in | name=skype |
"{95CB5F60-DCD9-457C-8691-25EB96C4D564}" = dir=out | name=@{microsoft.bingmaps_2.0.2210.2401_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{95D08EF2-B93C-41E4-BDDC-48071D685DE7}" = dir=out | name=@{microsoft.zunevideo_1.5.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{9EDFAAAF-8450-4898-BD6E-B3230A0880CC}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy file share\easyfileshare.exe |
"{A045E693-3171-4B1C-8DCB-333BA2F6E2BE}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{A057D3B2-D943-47FB-B529-5610F6B9B771}" = dir=out | name=@{microsoft.zunevideo_2.2.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{A1C8050E-786A-4C52-8AB3-15ED1C8618BA}" = dir=out | name=check point vpn |
"{A7EB2E39-840F-476E-ACE3-986C8AC1DCA5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{AD9B64B9-9008-4E31-B1BE-3B8E15F2624E}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{B1932BD6-AC06-475F-94F3-70810495E1A9}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20279_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B613F60C-9D0A-4331-AC1A-55EE2447D513}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.17\allshareframeworkdms.exe |
"{B698BCA9-2A31-44B5-93B3-61614A4B04E1}" = dir=out | name=s camera |
"{B7CBF9E2-116F-439C-870D-8B3CB6B52684}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{BBD3F9F5-3550-4C66-8A21-714AD6DEE5BB}" = dir=in | name=sonicwall mobile connect |
"{BD5D53CC-44AD-41D7-B3E6-FBBA10BAD89B}" = protocol=6 | dir=out | app=c:\program files (x86)\samsung\easy file share\easyfileshare.exe |
"{BD71ECF7-BA20-4F71-AD8A-157B5A74CDC4}" = dir=out | name=the cw |
"{BD846B3C-D144-47E9-A2BE-6C4DF999DE5C}" = dir=out | name=@{microsoft.bingtravel_1.5.1.248_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{BDC0342F-513D-4DBF-A6BE-3B630DD76AF6}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{BE2A22D3-B04A-47A9-AC4A-66C4B34D0CDD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C10DCCE5-7A08-482F-8A53-6ABC0C6C99A9}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{C39C07F8-F37B-4A76-818A-DDACD293011D}" = dir=out | name=@{microsoft.bingfinance_1.5.1.406_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{C5A6C360-84C2-4414-BAD6-0B481B295234}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{C84C6019-D0DB-4BB6-8F31-073BC0BEC6D1}" = dir=out | name=@{microsoft.bingnews_1.5.1.409_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{CDE3BDF7-7618-4E0A-AE00-01AC70DA1ECD}" = dir=in | name=check point vpn |
"{CED7FF6A-1912-451C-9824-BBDB87A1BC8D}" = dir=out | name=@{microsoft.bingweather_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{D27E4EAD-A6DF-44F7-822B-D8CC19DE9D59}" = dir=in | name=@{magix.musicmakerjam_1.7.1016.1_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} |
"{D3112E8E-4AD2-4C5D-BABB-310B240E3D28}" = dir=out | name=windows_ie_ac_001 |
"{D4A24041-F139-4EEF-BA6F-FAEDD9BBA424}" = dir=out | name=s gallery |
"{D63FB329-171A-41E8-A298-3975939423A9}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.201_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D9F542DE-F41C-4E58-9187-2FFF816CB4DB}" = dir=out | name=adera |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DC22B435-EC03-4033-8B1F-7DCAF3B42D21}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\sidesync\sidesync.exe |
"{E0080A89-5410-4B07-8DD6-3D7869C2DEF7}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{E1F778C6-5241-4533-9D03-01B315E5F98C}" = dir=out | name=evernote touch |
"{E2B138A3-884C-4F92-B31C-3FC0EE66FED4}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7DD87C3-0D3D-4C55-A25E-35FBB90DE73C}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{EA08EF81-EB93-4E9D-BA94-73BD9AAF2733}" = dir=out | name=free books- 23,469 classics to go. |
"{EA208457-201B-4864-96E2-0F16020DE345}" = dir=in | name=f5 vpn |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{F0CD1469-051D-4E1B-8A28-EC438ADD4421}" = dir=out | name=cbs |
"{F1E07F37-A4BC-473A-8BD7-D0F462CC7342}" = dir=out | name=@{microsoft.bingsports_3.0.1.203_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{F2606CE6-CDBD-4336-9D27-98F0FC79731A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F3A9ECBB-38BF-4544-BBFD-E68B781A1BC8}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{F58E1D97-EF71-4E73-88C3-1B86C8805744}" = dir=out | name=@{microsoft.bingnews_3.0.1.205_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/apptitle} |
"{F61DCA6F-5D4A-4C5D-AA94-605E1CBE56B8}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F71FA75F-19D2-4FEB-A548-CEDC5B1766CE}" = dir=in | name=evernote touch |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{FC97DFBC-CEBD-42AC-ABBC-F28D65E04FB9}" = dir=out | name=evernote touch |
"{FD131F55-839A-441A-A300-E22841CCE3B9}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"TCP Query User{D0002E37-4E8D-49B7-9F07-58DD63E69766}C:\program files (x86)\samsung\sidesync\sidesync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\sidesync\sidesync.exe |
"UDP Query User{432FB472-66D1-4953-9D3B-7834BED1A55A}C:\program files (x86)\samsung\sidesync\sidesync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\sidesync\sidesync.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26634A79-2214-4083-B44C-7FB849E37771}" = Intel® PROSet/Wireless WiFi Software
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{302600C1-6BDF-4FD1-1309-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{345F3F90-0505-4EDF-B7A9-5E3AC1AC6CE4}" = 64 Bit HP CIO Components Installer
"{3a603d70-9239-4872-8892-895271b47859}" = Intel(R) PRO/Wireless Driver
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6097158B-0184-4140-BEC3-7885794D2571}" = Intel(R) WiDi
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{752370F1-1EDF-4990-8ED8-6E5D513C3611}" = S Agent
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{843A1BDC-0879-4E5B-83E1-B81CC0CF3580}" = Support Center
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{93F692D4-0C4D-4EED-9BFE-657C1D5959FE}" = Intel(R) Rapid Storage Technology
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A535111D-95C8-487F-869E-CE4C239972D2}" = iTunes
"{AEC9D273-E162-4614-83F1-722B8C74B185}" = Help Desk
"{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}" = Quick Starter
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"{FA00A3CC-7440-4938-A271-F186F50DD40D}" = Intel® Trusted Connect Service Client
"26BFE384C802803107F583AE1A739E4FEB56134B" = Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (08/23/2013 6.2.8400.4218)
"HomeStudentRetail - en-us" = Microsoft Office Home and Student 2013 - en-us
"MyPC Backup" = MyPC Backup
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Recovery
"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{35827710-D042-428B-A1E5-E20E12D2FEB9}" = SparkTrust PC Cleaner Plus
"{3C208DC5-1720-4BD6-B2F4-EFE067C594DD}" = User Guide
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4689F012-C8E3-4F6E-BDEF-13671D53A6DC}" = Windows Live UX Platform Language Pack
"{46B14AF1-EDFA-4088-AB2B-22A8128A1C54}" = Photo Common
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78F35489-621D-4FFD-BCE7-2C7C3897E47C}" = Windows Live
"{803D4B7D-71CD-46B9-8F89-8BFD73920FAF}" = Windows Live UX Platform Language Pack
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}" = Settings
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{959BC6D1-38C8-441F-9466-9ECCD4E68413}" = Galería de fotos
"{97373E60-D071-418A-87F1-A969EEEEBDAC}" = Windows Live Essentials
"{9846E46F-07E0-4BDF-985A-E3FBA8C15877}" = Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{D531FC91-6F4E-49A7-B912-15289D05B6F8}" = Photo Common
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DA06101F-FD76-4BF0-88BD-B26A197005E3}" = SW Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{e1172fd4-a6d9-4cfa-8256-268f728fec31}" = Intel® PROSet/Wireless Software
"{E1DA4302-1C06-4533-AF6D-9D68B01FCB34}" = Movie Maker
"{E653AB36-18D7-4FB3-BDAF-024283971050}" = Support Center FAQ
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE8DFDD0-A543-4A83-B7A9-C411138194D5}" = Galerie de photos
"Google Chrome" = Google Chrome
"Intel AppUp(SM) center 33070" = Intel AppUp(SM) center
"WinLiveSuite" = Windows Live
"WRUNINST" = Webroot SecureAnywhere

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-653373433-2252124362-1593081999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/27/2013 12:48:34 PM | Computer Name = laptop | Source = MsiInstaller | ID = 1013
Description =

Error - 10/27/2013 12:48:40 PM | Computer Name = laptop | Source = MsiInstaller | ID = 1013
Description =

Error - 10/27/2013 12:48:58 PM | Computer Name = laptop | Source = MsiInstaller | ID = 1013
Description =

Error - 10/27/2013 12:49:04 PM | Computer Name = laptop | Source = MsiInstaller | ID = 1013
Description =

Error - 10/27/2013 1:14:45 PM | Computer Name = KarensLaptop | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic
failed with error: -2147019873 See the Microsoft-Windows-TWinUI/Operational log
for additional information.

Error - 10/27/2013 5:33:10 PM | Computer Name = KarensLaptop | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
failed with error: -2147019873 See the Microsoft-Windows-TWinUI/Operational log
for additional information.

Error - 10/27/2013 5:36:41 PM | Computer Name = KarensLaptop | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/27/2013 6:48:18 PM | Computer Name = laptop | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1
failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log
for additional information.

Error - 10/27/2013 6:48:28 PM | Computer Name = laptop | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1
failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log
for additional information.

Error - 10/27/2013 7:00:00 PM | Computer Name = laptop | Source = ESENT | ID = 455
Description = svchost (1416) SRUJet: Error -1811 (0xfffff8ed) occurred while opening
logfile C:\WINDOWS\system32\SRU\SRU0000C.log.

[ System Events ]
Error - 10/26/2013 9:14:18 AM | Computer Name = laptop | Source = DCOM | ID = 10016
Description =

Error - 10/26/2013 9:21:21 AM | Computer Name = laptop | Source = DCOM | ID = 10016
Description =

Error - 10/26/2013 9:52:58 AM | Computer Name = laptop | Source = APPHOSTSVC | ID = 9006
Description =

Error - 10/26/2013 9:52:58 AM | Computer Name = laptop | Source = APPHOSTSVC | ID = 9000
Description =

Error - 10/26/2013 9:54:38 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Computer
Backup (MyPC Backup) service to connect.

Error - 10/26/2013 9:54:38 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
following error: %%1053

Error - 10/26/2013 9:55:16 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Secure
Socket Tunneling Protocol Service service which failed to start because of the
following error: %%0

Error - 10/26/2013 9:55:16 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7001
Description = The Routing and Remote Access service depends on the Remote Access
Connection Manager service which failed to start because of the following error:
%%1068

Error - 10/26/2013 9:57:40 AM | Computer Name = laptop | Source = DCOM | ID = 10016
Description =

Error - 10/26/2013 10:00:00 AM | Computer Name = laptop | Source = DCOM | ID = 10016
Description =


< End of report >
milkmaid
Active Member
 
Posts: 2
Joined: November 3rd, 2013, 12:55 pm

Re: Trouble with potential hackers

Unread postby Cypher » November 10th, 2013, 6:36 am

Bumping or Replying to Your Own Topic

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why you should not reply to or try to bump your topic.
Please submit a new log and wait for a helper to reply. Thank you for your understanding.

This topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware