Hello,
Desktop is very very slow was getting a prompt from NORTON that wrst.exe was using 75% of my resources after a couple Google searches I found these forums, I downloaded the programs Malewarebytes and DDS ran the quick scan and the deep scan plus the DDS. Below are the logs, can you tell me if I have gotten rid of the problems. Thanks.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.07.07.03
Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16599
Owner :: OWNER-PC [administrator]
7/7/2013 11:12:27 AM
mbam-log-2013-07-07 (11-12-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222595
Time elapsed: 8 minute(s), 32 second(s)
Memory Processes Detected: 1
C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> 66300 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> Delete on reboot.
(end)
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.07.07.03
Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16599
Owner :: OWNER-PC [administrator]
7/7/2013 11:37:54 AM
mbam-log-2013-07-07 (11-37-54).txt
Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 723301
Time elapsed: 3 hour(s), 30 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Program Files\Windows Movie Maker\WMM2EXT.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\Windows Movie Maker\WMM2FILT.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
(end)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 10/30/2012 8:23:34 PM
System Uptime: 7/7/2013 3:11:01 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0R849J
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 781.059 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 931 GiB total, 229.603 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP142: 6/28/2013 9:56:34 AM - Created by PC Tools Performance Toolkit
RP144: 6/30/2013 3:01:13 AM - Created by PC Tools Performance Toolkit
RP146: 7/1/2013 3:00:52 AM - Created by PC Tools Performance Toolkit
RP148: 7/3/2013 3:01:13 AM - Created by PC Tools Performance Toolkit
RP150: 7/4/2013 3:10:50 AM - Created by PC Tools Performance Toolkit
RP152: 7/5/2013 3:01:43 AM - Created by PC Tools Performance Toolkit
RP156: 7/7/2013 3:10:07 AM - Created by PC Tools Performance Toolkit
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.20
ActivClient CAC x86
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASPCA Reminder by We-Care.com v4.1.22.1
AT&T Troubleshoot & Resolve Tool
att.net Internet Mail
att.net Toolbar
BattlEye for OA Uninstall
BattlEye Uninstall
Bing Bar
Bonjour
BrowserDefender
BufferChm
C4600
CameraHelperMsi
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help English
Cities in Motion
Cities in Motion 2
ClosetMaid v1.5.2
Counter-Strike: Global Offensive
Counter-Strike: Source
Coupon Printer for Windows
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DIRECTV Player
Dropbox
EA SPORTS Game Face Browser Plugin 1.5.3.0
Elevated Installer
erLT
Evernote v. 4.5.3
Garden Planner 3
Garmin Communicator Plugin
Garmin Express
Garmin Express Tray
Garmin Update Service
Garry's Mod
Google Chrome
Google Drive
Google Update Helper
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 6
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPSSupply
ICQ7.7
Internet Explorer Toolbar 4.8 by SweetPacks
Internet TV for Windows Media Center
iTunes
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 33
Junk Mail filter update
KODAK Share Button App
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2013 - en-us
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft S/MIME
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble 1.2.3
Music Manager
MusicOasis
Netflix in Windows Media Center
Norton Internet Security
Norton Management
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Oracle Web Conferencing Console
PC Tools Performance Toolkit 2.1
QuickTransfer
Rosetta Stone Ltd Services
Rosetta Stone TOTALe
Samsung AllShare
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Spotify
Status
Steam
SweetPacks Updater Service
Team Fortress 2
TortoiseSVN 1.7.6.22632 (32 bit)
Unepic
Uninstall Helper
Unity Web Player
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Zip Opener
Updater By SweetPacks 2.0.0.586
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Movie Maker 6.1
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
7/2/2013 8:18:08 PM, Error: Service Control Manager [7023] - The Interactive Services Detection service terminated with the following error: Incorrect function.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
Run by Owner at 15:17:03 on 2013-07-07
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.3063.1604 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\WINDOWS\system32\wininit.exe
C:\WINDOWS\system32\dwm.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciServiceHost.exe
C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\DllHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
C:\Program Files\Google\Update\1.3.21.149\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
C:\WINDOWS\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\WINDOWS\system32\taskhostex.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x86__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Samsung\AllShare\AllShareAgent.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\WINDOWS\system32\conhost.exe
C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\Garmin\Express Tray\ExpressTray.exe
C:\Steam\Steam.exe
C:\Program Files\W3i\UninstallHelper\UninstallHelper.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\DIGITA~1\bin\hpqgpc01.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\cltLMH.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={6513F669-E116-11E2-AFC0-0024E800B535}
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={6513F669-E116-11E2-AFC0-0024E800B535}
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office 15\root\office15\OCHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\20.4.0.40\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - c:\program files\updater by sweetpacks\Extension32.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: FantastiGames Toolbar: {b4de90bb-150d-4b33-95fe-6baac97e1c21} - LocalServer32 - <no file>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office 15\root\office15\GROOVEEX.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: FantastiGames Toolbar: {b4de90bb-150d-4b33-95fe-6baac97e1c21} - LocalServer32 - <no file>
TB: att.net Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\20.4.0.40\coieplg.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run] "c:\users\owner\appdata\local\google\chrome\application\chrome.exe" --type=service
uRun: [chromium] c:\users\owner\appdata\local\google\chrome\application\chrome.exe --no-startup-window
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [KGShareApp] c:\program files\kodak\kodak share button app\KGShare_App.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [MusicManager] "c:\users\owner\appdata\local\programs\google\musicmanager\MusicManager.exe"
uRun: [PCShowServer] "c:\users\owner\appdata\local\directv player\PCShowServerPMWrapper.exe"
uRun: [Spotify Web Helper] "c:\users\owner\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [SkyDrive] "c:\users\owner\appdata\local\microsoft\skydrive\SkyDrive.exe" /background
uRun: [Adobe Acrobat Synchronizer] "c:\program files\adobe\acrobat 10.0\acrobat\AdobeCollabSync.exe"
uRun: [GarminExpressTrayApp] "c:\program files\garmin\express tray\ExpressTray.exe"
uRun: [Steam] "c:\steam\Steam.exe" -silent
uRun: [UninstallHelper] "c:\program files\w3i\uninstallhelper\UninstallHelper.exe" /silent /autorun
uRunOnce: [Application Restart #0] c:\users\owner\appdata\local\google\chrome\application\chrome.exe --flag-switches-begin --sync-keystore-encryption --flag-switches-end --restore-last-session http://updatecenter.norton.com/produ...ENG&os=windows
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AllShareAgent] c:\program files\samsung\allshare\AllShareAgent.exe
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\owner\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\evernoteclipper.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\hp simplesave monitor.lnk - c:\users\owner\appdata\roaming\hp simplesave application\StartHelper.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenote 2010 screen clipper and launcher.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\activclient agent.lnk - c:\program files\actividentity\activclient\acsagent.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\program files\microsoft office 15\root\office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office 15\root\office15\OCHelper.dll
IE: {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\icq7.7\ICQ.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: $talisma_url$
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{5450FB2B-AFDA-4A77-B6D7-15606B94FBDB} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F50C0996-5B4A-4C6A-A322-6E991D4CAA0E} : DHCPNameServer = 172.31.79.142 172.31.79.144 157.54.14.146 157.54.14.162
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - c:\program files\microsoft\smime client (2010)\mimectl.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\nx4xcxw5.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={6513F669-E116-11E2-AFC0-0024E800B535}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10045&barid={6513F669-E116-11E2-AFC0-0024E800B535}&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft office 15\root\office15\NPSPWRAP.DLL
FF - plugin: c:\program files\microsoft office 15\root\vfs\programfilesx86\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\program files\microsoft office\office14\NPAUTHZ.DLL
FF - plugin: c:\program files\microsoft office\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\owner\appdata\local\directv player\npPCShowPlugin.dll
FF - plugin: c:\users\owner\appdata\local\directv player\npPlayerPlugin.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\users\owner\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\owner\appdata\roaming\electronic arts\game face\npGameFacePlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-06-29 17:56; wecarereminder@bryan; c:\users\owner\appdata\roaming\mozilla\firefox\profiles\nx4xcxw5.default\extensions\wecarereminder@bryan
FF - ExtSQL: !HIDDEN! 2011-12-30 23:33; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=110141
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.id - d278162c0000000000000024e800b535
FF - user.js: extensions.BabylonToolbar_i.hardId - d278162c0000000000000024e800b535
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15412
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:06:15
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - d278162c0000000000000024e800b535
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15874
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.512:27:20
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=122471&tt=180613_10
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1404000.028\symds.sys [2013-6-13 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1404000.028\symefa.sys [2013-6-13 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.1.22\definitions\bashdefs\20130702.001\BHDrvx86.sys [2013-7-2 1002072]
R1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\mclient\0302000.013\ccSetx86.sys [2013-5-16 134304]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1404000.028\ccsetx86.sys [2013-6-13 134744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.3.1.22\definitions\ipsdefs\20130705.001\IDSvix86.sys [2013-7-5 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1404000.028\ironx86.sys [2013-6-13 175264]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1404000.028\symnets.sys [2013-6-13 339544]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
R2 BackupService;BackupService;c:\users\owner\appdata\roaming\hp simplesave application\uUACTokenSvc.exe [2012-1-12 83512]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 185688]
R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2012-2-1 315392]
R2 MCLIENT;Norton Management;c:\program files\norton management\engine\3.2.0.19\ccSvcHst.exe [2013-5-16 143928]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\20.4.0.40\ccsvchst.exe [2013-6-13 144368]
R2 OfficeSvc;Microsoft Office Service;c:\program files\microsoft office 15\clientx86\integratedoffice.exe [2013-5-24 1293496]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-1-12 793048]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2012-6-19 1646608]
R2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\samsung\allshare\allsharedms\AllShareDMS.exe [2012-3-2 25504]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R2 Updater By SweetPacks;Updater By SweetPacks;c:\program files\updater by sweetpacks\ExtensionUpdaterService.exe [2013-6-29 188760]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-6-6 86544]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2012-7-25 217600]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-11 106656]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\drivers\WUDFRd.sys [2012-7-25 155136]
S0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\nis\1404000.028\symelam.sys [2013-6-13 21400]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files\pc tools\pc tools utilities\tools\defrag\DMDefragSrv.exe [2012-9-14 1147040]
S3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files\pc tools\pc tools utilities\tools\repair\DMRepairSrv.exe [2012-9-14 1134240]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-3-17 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2012-7-31 59776]
S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\samsung\allshare\AllShareSlideShowService.exe [2012-3-2 27584]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-07-07 16:11:00 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2013-07-07 16:10:33 -------- d-----w- c:\programdata\Malwarebytes
2013-07-07 16:10:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-07 16:10:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-29 23:53:10 -------- d-----w- c:\users\owner\appdata\roaming\com.smallblueprinter.gardenPlanner3
2013-06-29 23:53:09 -------- d-----w- c:\program files\Garden Planner 3
2013-06-29 23:51:24 -------- d-----w- c:\program files\Updater By SweetPacks
2013-06-29 23:50:03 -------- d-----w- c:\program files\SweetIM
2013-06-29 23:48:47 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-06-29 23:48:47 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-06-29 23:48:47 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-06-29 23:48:47 -------- d-----w- c:\windows\system32\jmdp
2013-06-29 23:48:47 -------- d-----w- c:\windows\system32\ARFC
2013-06-29 23:48:44 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-06-29 23:48:44 -------- d-----w- c:\windows\system32\WNLT
2013-06-29 02:16:18 -------- d-----w- c:\users\owner\appdata\roaming\DSite
2013-06-18 17:34:15 -------- d-----w- c:\program files\MyPC Backup
2013-06-18 17:33:24 33958 ----a-w- c:\programdata\uninstaller.exe
2013-06-18 17:33:21 -------- d-----w- c:\programdata\WeCareReminder
2013-06-18 17:27:25 -------- d-----w- c:\programdata\BrowserDefender
2013-06-15 19:04:58 -------- d-----w- C:\dumps
2013-06-15 19:04:27 -------- d-----w- C:\Steam
2013-06-14 19:24:32 78200 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-14 19:24:32 693112 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-13 18:19:10 339544 ----a-w- c:\windows\system32\drivers\nis\1404000.028\symnets.sys
2013-06-13 18:19:10 21400 ----a-r- c:\windows\system32\drivers\nis\1404000.028\symelam.sys
2013-06-13 18:19:09 934488 ----a-w- c:\windows\system32\drivers\nis\1404000.028\symefa.sys
2013-06-13 18:19:09 603224 ----a-w- c:\windows\system32\drivers\nis\1404000.028\srtsp.sys
2013-06-13 18:19:09 367704 ----a-w- c:\windows\system32\drivers\nis\1404000.028\symds.sys
2013-06-13 18:19:09 32344 ----a-w- c:\windows\system32\drivers\nis\1404000.028\srtspx.sys
2013-06-13 18:19:08 175264 ----a-w- c:\windows\system32\drivers\nis\1404000.028\ironx86.sys
2013-06-13 18:19:08 134744 ----a-w- c:\windows\system32\drivers\nis\1404000.028\ccsetx86.sys
2013-06-13 18:18:40 14818 ----a-w- c:\windows\system32\drivers\nis\1404000.028\symvtcer.dat
2013-06-13 18:18:40 -------- d-----w- c:\windows\system32\drivers\nis\1404000.028
2013-06-13 18:09:40 503808 ----a-w- c:\windows\system32\win32spl.dll
2013-06-13 18:09:39 1801472 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2013-06-17 23:45:05 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-05-23 23:27:25 1075200 ----a-w- c:\windows\system32\gdi32.dll
2013-05-22 15:21:06 4325376 ----a-w- c:\programdata\ReadOnlyInstaller.msi
2013-05-15 22:37:03 44032 ----a-w- c:\windows\system32\UXInit.dll
2013-05-15 02:24:10 793088 ----a-w- c:\windows\system32\autochk.exe
2013-05-15 02:24:01 482816 ----a-w- c:\windows\system32\untfs.dll
2013-05-14 09:23:31 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-04 05:54:28 103176 ----a-w- c:\windows\system32\AuthHost.exe
2013-05-04 05:45:09 5575424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-04 05:20:57 362240 ----a-w- c:\windows\system32\drivers\USBHUB3.SYS
2013-05-04 05:20:54 238336 ----a-w- c:\windows\system32\drivers\spaceport.sys
2013-05-04 05:20:54 180488 ----a-w- c:\windows\system32\drivers\UCX01000.SYS
2013-05-04 04:58:34 34304 ----a-w- c:\windows\system32\wuapp.exe
2013-05-04 04:58:31 1150976 ----a-w- c:\windows\system32\VSSVC.exe
2013-05-04 04:58:14 758784 ----a-w- c:\windows\system32\Magnify.exe
2013-05-04 04:58:02 83968 ----a-w- c:\windows\system32\wudriver.dll
2013-05-04 04:58:02 215040 ----a-w- c:\windows\system32\WUSettingsProvider.dll
2013-05-04 04:58:02 1555456 ----a-w- c:\windows\system32\wucltux.dll
2013-05-04 04:58:02 125952 ----a-w- c:\windows\system32\wuwebv.dll
2013-05-04 04:57:49 10788864 ----a-w- c:\windows\system32\Windows.UI.Xaml.dll
2013-05-04 04:57:39 8857088 ----a-w- c:\windows\system32\twinui.dll
2013-05-04 04:57:39 247296 ----a-w- c:\windows\system32\ubpm.dll
2013-05-04 04:57:36 1049600 ----a-w- c:\windows\system32\sysmain.dll
2013-05-04 04:57:35 303616 ----a-w- c:\windows\system32\stobject.dll
2013-05-04 04:57:35 146944 ----a-w- c:\windows\system32\storewuauth.dll
2013-05-04 04:57:23 73728 ----a-w- c:\windows\system32\psmsrv.dll
2013-05-04 04:57:16 18432 ----a-w- c:\windows\system32\npmproxy.dll
2013-05-04 04:57:04 371200 ----a-w- c:\windows\system32\netprofmsvc.dll
2013-05-04 04:57:04 151040 ----a-w- c:\windows\system32\netplwiz.dll
2013-05-04 04:57:04 115712 ----a-w- c:\windows\system32\netprofm.dll
2013-05-04 04:57:02 14336 ----a-w- c:\windows\system32\muifontsetup.dll
2013-05-04 04:56:48 411136 ----a-w- c:\windows\system32\mfmp4srcsnk.dll
2013-05-04 04:56:35 582144 ----a-w- c:\windows\system32\gpprefcl.dll
2013-05-04 04:56:14 449536 ----a-w- c:\windows\system32\DevicePairing.dll
2013-05-04 04:56:06 92160 ----a-w- c:\windows\system32\biwinrt.dll
2013-05-04 04:56:05 309760 ----a-w- c:\windows\system32\BCP47Langs.dll
2013-05-04 04:56:05 2035712 ----a-w- c:\windows\system32\authui.dll
2013-05-04 04:56:05 143360 ----a-w- c:\windows\system32\bisrv.dll
2013-05-04 04:56:02 975360 ----a-w- c:\windows\system32\AppXDeploymentServer.dll
2013-05-04 04:56:02 554496 ----a-w- c:\windows\system32\AppXDeploymentExtensions.dll
2013-05-04 04:55:58 389632 ----a-w- c:\windows\system32\intl.cpl
2013-05-04 04:10:47 14848 ----a-w- c:\windows\system32\rars.rs
2013-05-04 04:08:17 61440 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-05-04 04:08:13 19456 ----a-w- c:\windows\system32\drivers\hidusb.sys
2013-05-04 04:06:43 320512 ----a-w- c:\windows\system32\drivers\rdbss.sys
2013-05-02 14:52:04 2210992 ----a-w- c:\windows\system32\coin94.dll
2013-04-28 22:30:55 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-04-28 22:30:12 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-04-24 17:22:31 226656 ------w- c:\users\owner\cnsload_1366824151008.tmp
2013-04-23 23:13:53 1013248 ----a-w- c:\windows\system32\certutil.exe
2013-04-23 23:12:44 51712 ----a-w- c:\windows\system32\cryptsvc.dll
2013-04-23 23:12:44 1569792 ----a-w- c:\windows\system32\crypt32.dll
2013-04-23 23:12:44 109056 ----a-w- c:\windows\system32\cryptnet.dll
2013-04-16 01:15:34 1229576 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 05:56:35 444416 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-08 23:44:25 123880 ----a-w- c:\windows\system32\wscapi.dll
2013-04-08 23:39:14 1476024 ----a-w- c:\windows\system32\ntdll.dll
2013-04-08 23:38:27 248576 ----a-w- c:\windows\system32\kd_02_10ec.dll
2013-04-08 23:37:29 426024 ----a-w- c:\windows\system32\AudioEng.dll
2013-04-08 23:37:29 324368 ----a-w- c:\windows\system32\AudioSes.dll
2013-04-08 23:37:29 207576 ----a-w- c:\windows\system32\audiodg.exe
2013-04-08 21:52:16 670208 ----a-w- c:\windows\system32\SearchIndexer.exe
2013-04-08 21:52:16 614912 ----a-w- c:\windows\system32\RecoveryDrive.exe
2013-04-08 21:52:16 302592 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2013-04-08 21:52:16 171008 ----a-w- c:\windows\system32\SearchFilterHost.exe
2013-04-08 21:52:16 106496 ----a-w- c:\windows\system32\Robocopy.exe
2013-04-08 21:52:09 300032 ----a-w- c:\windows\system32\conhost.exe
2013-04-08 21:52:06 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-08 21:52:03 77312 ----a-w- c:\windows\system32\wscsvc.dll
2013-04-08 21:52:03 393216 ----a-w- c:\windows\system32\wpncore.dll
2013-04-08 21:40:13 3390464 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 15:18:18.35 ===============