I had some bad malware recently (OpenCandy, Tarma.A, InstallQ.A) and I think it's pretty well cleaned up now, but I can't remove Microsoft.Windows.ActiveDesktop. There are three registry entries found by Spybot SD that will not delete. I cleaned another machine with the same entries and it cleaned up fine. So, I thought I would post the issue here for a potential fix and general examination.
Thank You!
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.18.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Tony :: FALCON3960X [administrator]
11/17/2013 10:09:32 PM
mbam-log-2013-11-17 (22-09-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278782
Time elapsed: 2 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Attach.txt
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/11/2012 5:32:03 AM
System Uptime: 11/17/2013 6:17:31 PM (4 hours ago)
.
Motherboard: MSI | | X79A-GD65 (8D) (MS-7760)
Processor: Intel(R) Core(TM) i7-3960X CPU @ 3.30GHz | SOCKET 0 | 1287/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 425 GiB total, 197.202 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 1040.244 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) 82579V Gigabit Network Connection
Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_77601462&REV_05\3&11583659&0&C8
Manufacturer: Intel
Name: Intel(R) 82579V Gigabit Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_77601462&REV_05\3&11583659&0&C8
Service: e1cexpress
.
==== System Restore Points ===================
.
RP243: 11/17/2013 8:28:45 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Captivate 6 (64 Bit)
Adobe Captivate Quiz Results Analyzer
Adobe Creative Suite 6 Master Collection
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Help Manager
Adobe Photoshop Lightroom 4.1 64-bit
Adobe Reader XI (11.0.05)
Adobe Widget Browser
Adobe® Content Viewer
Akamai NetSession Interface
Amazon Cloud Player
Apple Application Support
Apple Software Update
Asmedia ASM106x SATA Host Controller Driver
Autodesk DWG TrueView 2014
Balabolka
bl
Brother MFL-Pro Suite MFC-9970CDW
Brother P-touch Editor 5.0
Canon Pro9000 II series Printer Driver
Carbonite
CCleaner
CDBurnerXP
CDDRV_Installer
CereVoice SAPI CereVoice Adam 3.0.4
CereVoice SAPI x64 CereVoice Adam 3.0.4
Citrix Online Launcher
Core Temp 1.0 RC3
dBpoweramp DSP Effects
dBpoweramp Music Converter
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DVDFab 8.2.0.7 (25/08/2012) Qt
DWG TrueView 2014
DxO FilmPack 2.0
EPSON WF-3540 Series Printer Uninstall
erLT
FontMatchingTool v3.0.1
FreeFileSync 5.11
FTP Explorer
GeForce Experience NvStream Client Components
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
H&R Block Ohio 2012
H&R Block Premium + Efile + State 2012
HandBrake 0.9.8
Home Designer Architectural 2014
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Intel(R) Network Connections 16.5.2.0
Intel(R) Rapid Storage Technology enterprise
Java 7 Update 45
Java Auto Updater
Java(TM) 6 Update 35
KhalInstallWrapper
Logitech SetPoint
Lotus Notes 8.5.3
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MYOB Payroll Tax Forms
MYOB Payroll Tax Forms (v16)
MYOB Premier Accounting 2007 (v16)
NaturalReaderFree
NETGEAR Genie
NVIDIA 3D Vision Controller Driver 331.58
NVIDIA 3D Vision Driver 331.58
NVIDIA Control Panel 331.58
NVIDIA GeForce Experience 1.7
NVIDIA Graphics Driver 331.58
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 9.3.16
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 9.3.16
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.9
PDF Settings CS6
PerfectDisk 12.5 Professional
ph
Phanfare
Picasa 3
QuickTime
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
SABnzbd 0.7.16
Sandboxie 3.74 (64-bit)
ScottradeELITE 2013
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 64-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition
SHIELD Streaming
Sizer 3.34
Snagit 11
Spybot - Search & Destroy
Tag&Rename 3.5.5
Tourney Tracker 10.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition
VirtualDJ PRO Full
VLC media player 2.0.8
Webroot SecureAnywhere
Windows Driver Package - Sunplus (SPCP825K) Ports (07/01/2010 1.0.9.0)
Wireless Data Manager 2.13
.
==== Event Viewer Messages From Past Week ========
.
11/17/2013 6:17:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TPkd
11/17/2013 2:30:32 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/15/2013 12:13:40 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
11/15/2013 12:13:40 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2
Run by Tony at 22:19:11 on 2013-11-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.32722.28384 [GMT -5:00]
.
AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe
C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Tony\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Users\Tony\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Users\Tony\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ighome.com/
uProxyOverride = <local>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\WRData\PKG\Vistax86\wrflt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [AdobeBridge] <no file>
uRunOnce: [Application Restart #3] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- http://www.facebook.com/n/?friends/...ac8yuy6kITT2T&n_m=tmilam@pga.com&lloc=1st_cta
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
StartupFolder: C:\Users\Tony\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.8.8
TCP: Interfaces\{BA396F97-CCCD-44DB-ADFF-AC809B4A1FE2} : DHCPNameServer = 192.168.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\WRData\PKG\Vistax64\wrflt.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-3-2 36448]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2011-9-14 562456]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2011-9-14 23832]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-10 56208]
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2012-8-16 114720]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2012-8-11 7168]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-11 171688]
R2 LNSUSvc;Lotus Notes Smart Upgrade Service;C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [2011-9-16 189832]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [2011-9-16 4453768]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-7-9 231752]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-23 15122208]
R2 PDFSFilter;PDFSFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-5-10 82160]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-10-3 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-15 414496]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-11-1 39200]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-8-25 202632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-8-16 756840]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-10-14 245760]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 SPCP825K;Sunplus Serial port driver;C:\Windows\System32\drivers\SPCP825K.sys [2012-12-4 42056]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-9-21 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-21 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-11-16 08:49:5375888----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7E680623-834F-4927-ABF5-B57F8F0F20BC}\offreg.dll
2013-11-15 09:31:2010280728----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7E680623-834F-4927-ABF5-B57F8F0F20BC}\mpengine.dll
2013-11-13 21:46:361474048----a-w-C:\Windows\System32\crypt32.dll
2013-11-10 20:32:55--------d-----w-C:\Program Files\WRData
2013-11-03 01:03:47--------d-----w-C:\Backup NCJT from Rocket
2013-11-01 14:10:20955168----a-w-C:\Windows\SysWow64\nvspcap.dll
2013-11-01 14:10:201063200----a-w-C:\Windows\System32\nvspcap64.dll
2013-11-01 14:10:0939200----a-w-C:\Windows\System32\drivers\nvvad64v.sys
2013-11-01 14:10:0928960----a-w-C:\Windows\SysWow64\nvaudcap32v.dll
2013-10-28 17:13:23--------d-----w-C:\Users\Tony\AppData\Roaming\Lanmisoft
2013-10-28 17:13:22--------d-----w-C:\Program Files (x86)\Lanmisoft
2013-10-25 22:05:52--------d-----w-C:\Junkware Logs
2013-10-25 21:50:24--------d-----w-C:\Windows\ERUNT
2013-10-25 13:43:26--------d-----w-C:\ProgramData\Oracle
2013-10-23 19:49:27--------d-----w-C:\Users\Tony\AppData\Local\NVIDIA
2013-10-23 19:23:27--------d-----w-C:\NVIDIA
2013-10-22 17:36:40--------d-----w-C:\Users\Tony\AppData\Local\Amazon Cloud Player
2013-10-20 17:08:12--------d-----w-C:\Program Files (x86)\Wireless Data Manager 2.13
2013-10-19 18:28:48--------d-----w-C:\Program Files\CCleaner
.
==================== Find3M ====================
.
2013-11-01 10:40:02154312----a-w-C:\Windows\SysWow64\WRusr.dll
2013-11-01 10:40:02114720----a-w-C:\Windows\System32\drivers\WRkrn.sys
2013-11-01 10:40:02104872----a-w-C:\Windows\System32\WRusr.dll
2013-10-15 21:47:396665504----a-w-C:\Windows\System32\nvcpl.dll
2013-10-15 21:47:393489568----a-w-C:\Windows\System32\nvsvc64.dll
2013-10-15 21:47:36922912----a-w-C:\Windows\System32\nvvsvc.exe
2013-10-15 21:47:3663776----a-w-C:\Windows\System32\nvshext.dll
2013-10-15 21:47:36219424----a-w-C:\Windows\System32\nvmctray.dll
2013-10-15 20:54:06589600----a-w-C:\Windows\SysWow64\nvStreaming.exe
2013-10-12 08:45:202241536----a-w-C:\Windows\System32\wininet.dll
2013-10-12 08:43:373959808----a-w-C:\Windows\System32\jscript9.dll
2013-10-12 08:43:3267072----a-w-C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32136704----a-w-C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:501767936----a-w-C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:332877952----a-w-C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:2961440----a-w-C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29109056----a-w-C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:262706432----a-w-C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:582706432----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:3889600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:3971680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42830464----a-w-C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21859648----a-w-C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08324096----a-w-C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08656896----a-w-C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25216576----a-w-C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-08 19:14:153398914----a-w-C:\Windows\System32\nvcoproc.bin
2013-10-08 11:50:3796168----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 19:57:251168384----a-w-C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31190464----a-w-C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17197120----a-w-C:\Windows\System32\credui.dll
2013-10-04 02:24:491930752----a-w-C:\Windows\System32\authui.dll
2013-10-04 01:58:50152576----a-w-C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25168960----a-w-C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:001796096----a-w-C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48404480----a-w-C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44311808----a-w-C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10497152----a-w-C:\Windows\System32\drivers\afd.sys
2013-09-27 23:01:3829984----a-w-C:\Windows\System32\nvaudcap64v.dll
2013-09-25 02:26:4095680----a-w-C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40154560----a-w-C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:3328672----a-w-C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33135680----a-w-C:\Windows\System32\sspicli.dll
2013-09-25 02:23:0128160----a-w-C:\Windows\System32\secur32.dll
2013-09-25 02:22:59340992----a-w-C:\Windows\System32\schannel.dll
2013-09-25 02:21:50307200----a-w-C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:071447936----a-w-C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:1796768----a-w-C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:2622016----a-w-C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24247808----a-w-C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42220160----a-w-C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:2430720----a-w-C:\Windows\System32\lsass.exe
2013-09-08 02:30:371903552----a-w-C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14327168----a-w-C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58231424----a-w-C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11343040----a-w-C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51325120----a-w-C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:4999840----a-w-C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:4352736----a-w-C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:4330720----a-w-C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:4225600----a-w-C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:407808----a-w-C:\Windows\System32\drivers\usbd.sys
2013-09-03 18:35:10278800------w-C:\Windows\System32\MpSigStub.exe
2013-08-29 02:17:485549504----a-w-C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:351732032----a-w-C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28243712----a-w-C:\Windows\System32\wow64.dll
2013-08-29 02:16:14859648----a-w-C:\Windows\System32\tdh.dll
2013-08-29 02:13:28878080----a-w-C:\Windows\System32\advapi32.dll
2013-08-29 01:51:453969472----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:453914176----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:315120----a-w-C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:301292192----a-w-C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16619520----a-w-C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17640512----a-w-C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:1544032----a-w-C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:5325600----a-w-C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:527680----a-w-C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:5214336----a-w-C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:492048----a-w-C:\Windows\SysWow64\user.exe
2013-08-28 01:21:063155968----a-w-C:\Windows\System32\win32k.sys
2013-08-28 01:12:33461312----a-w-C:\Windows\System32\scavengeui.dll
2012-12-21 08:17:089842040----a-w-C:\Program Files (x86)\Common Files\wruninstall.exe
.
============= FINISH: 22:19:18.81 ===============
Thank You!
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.18.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Tony :: FALCON3960X [administrator]
11/17/2013 10:09:32 PM
mbam-log-2013-11-17 (22-09-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278782
Time elapsed: 2 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Attach.txt
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/11/2012 5:32:03 AM
System Uptime: 11/17/2013 6:17:31 PM (4 hours ago)
.
Motherboard: MSI | | X79A-GD65 (8D) (MS-7760)
Processor: Intel(R) Core(TM) i7-3960X CPU @ 3.30GHz | SOCKET 0 | 1287/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 425 GiB total, 197.202 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 1040.244 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) 82579V Gigabit Network Connection
Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_77601462&REV_05\3&11583659&0&C8
Manufacturer: Intel
Name: Intel(R) 82579V Gigabit Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1503&SUBSYS_77601462&REV_05\3&11583659&0&C8
Service: e1cexpress
.
==== System Restore Points ===================
.
RP243: 11/17/2013 8:28:45 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Captivate 6 (64 Bit)
Adobe Captivate Quiz Results Analyzer
Adobe Creative Suite 6 Master Collection
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Help Manager
Adobe Photoshop Lightroom 4.1 64-bit
Adobe Reader XI (11.0.05)
Adobe Widget Browser
Adobe® Content Viewer
Akamai NetSession Interface
Amazon Cloud Player
Apple Application Support
Apple Software Update
Asmedia ASM106x SATA Host Controller Driver
Autodesk DWG TrueView 2014
Balabolka
bl
Brother MFL-Pro Suite MFC-9970CDW
Brother P-touch Editor 5.0
Canon Pro9000 II series Printer Driver
Carbonite
CCleaner
CDBurnerXP
CDDRV_Installer
CereVoice SAPI CereVoice Adam 3.0.4
CereVoice SAPI x64 CereVoice Adam 3.0.4
Citrix Online Launcher
Core Temp 1.0 RC3
dBpoweramp DSP Effects
dBpoweramp Music Converter
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DVDFab 8.2.0.7 (25/08/2012) Qt
DWG TrueView 2014
DxO FilmPack 2.0
EPSON WF-3540 Series Printer Uninstall
erLT
FontMatchingTool v3.0.1
FreeFileSync 5.11
FTP Explorer
GeForce Experience NvStream Client Components
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
H&R Block Ohio 2012
H&R Block Premium + Efile + State 2012
HandBrake 0.9.8
Home Designer Architectural 2014
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Intel(R) Network Connections 16.5.2.0
Intel(R) Rapid Storage Technology enterprise
Java 7 Update 45
Java Auto Updater
Java(TM) 6 Update 35
KhalInstallWrapper
Logitech SetPoint
Lotus Notes 8.5.3
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MYOB Payroll Tax Forms
MYOB Payroll Tax Forms (v16)
MYOB Premier Accounting 2007 (v16)
NaturalReaderFree
NETGEAR Genie
NVIDIA 3D Vision Controller Driver 331.58
NVIDIA 3D Vision Driver 331.58
NVIDIA Control Panel 331.58
NVIDIA GeForce Experience 1.7
NVIDIA Graphics Driver 331.58
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 9.3.16
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 9.3.16
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.9
PDF Settings CS6
PerfectDisk 12.5 Professional
ph
Phanfare
Picasa 3
QuickTime
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
SABnzbd 0.7.16
Sandboxie 3.74 (64-bit)
ScottradeELITE 2013
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 64-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition
SHIELD Streaming
Sizer 3.34
Snagit 11
Spybot - Search & Destroy
Tag&Rename 3.5.5
Tourney Tracker 10.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition
VirtualDJ PRO Full
VLC media player 2.0.8
Webroot SecureAnywhere
Windows Driver Package - Sunplus (SPCP825K) Ports (07/01/2010 1.0.9.0)
Wireless Data Manager 2.13
.
==== Event Viewer Messages From Past Week ========
.
11/17/2013 6:17:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TPkd
11/17/2013 2:30:32 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/15/2013 12:13:40 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
11/15/2013 12:13:40 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2
Run by Tony at 22:19:11 on 2013-11-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.32722.28384 [GMT -5:00]
.
AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe
C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Tony\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Users\Tony\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Users\Tony\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ighome.com/
uProxyOverride = <local>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\WRData\PKG\Vistax86\wrflt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [AdobeBridge] <no file>
uRunOnce: [Application Restart #3] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- http://www.facebook.com/n/?friends/...ac8yuy6kITT2T&n_m=tmilam@pga.com&lloc=1st_cta
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
StartupFolder: C:\Users\Tony\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.8.8
TCP: Interfaces\{BA396F97-CCCD-44DB-ADFF-AC809B4A1FE2} : DHCPNameServer = 192.168.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\WRData\PKG\Vistax64\wrflt.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-3-2 36448]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2011-9-14 562456]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2011-9-14 23832]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-10 56208]
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2012-8-16 114720]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2012-8-11 7168]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-11 171688]
R2 LNSUSvc;Lotus Notes Smart Upgrade Service;C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [2011-9-16 189832]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [2011-9-16 4453768]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-7-9 231752]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-23 15122208]
R2 PDFSFilter;PDFSFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-5-10 82160]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-10-3 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-15 414496]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-11-1 39200]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-8-25 202632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-8-16 756840]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-10-14 245760]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 SPCP825K;Sunplus Serial port driver;C:\Windows\System32\drivers\SPCP825K.sys [2012-12-4 42056]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-9-21 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-21 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-11-16 08:49:5375888----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7E680623-834F-4927-ABF5-B57F8F0F20BC}\offreg.dll
2013-11-15 09:31:2010280728----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7E680623-834F-4927-ABF5-B57F8F0F20BC}\mpengine.dll
2013-11-13 21:46:361474048----a-w-C:\Windows\System32\crypt32.dll
2013-11-10 20:32:55--------d-----w-C:\Program Files\WRData
2013-11-03 01:03:47--------d-----w-C:\Backup NCJT from Rocket
2013-11-01 14:10:20955168----a-w-C:\Windows\SysWow64\nvspcap.dll
2013-11-01 14:10:201063200----a-w-C:\Windows\System32\nvspcap64.dll
2013-11-01 14:10:0939200----a-w-C:\Windows\System32\drivers\nvvad64v.sys
2013-11-01 14:10:0928960----a-w-C:\Windows\SysWow64\nvaudcap32v.dll
2013-10-28 17:13:23--------d-----w-C:\Users\Tony\AppData\Roaming\Lanmisoft
2013-10-28 17:13:22--------d-----w-C:\Program Files (x86)\Lanmisoft
2013-10-25 22:05:52--------d-----w-C:\Junkware Logs
2013-10-25 21:50:24--------d-----w-C:\Windows\ERUNT
2013-10-25 13:43:26--------d-----w-C:\ProgramData\Oracle
2013-10-23 19:49:27--------d-----w-C:\Users\Tony\AppData\Local\NVIDIA
2013-10-23 19:23:27--------d-----w-C:\NVIDIA
2013-10-22 17:36:40--------d-----w-C:\Users\Tony\AppData\Local\Amazon Cloud Player
2013-10-20 17:08:12--------d-----w-C:\Program Files (x86)\Wireless Data Manager 2.13
2013-10-19 18:28:48--------d-----w-C:\Program Files\CCleaner
.
==================== Find3M ====================
.
2013-11-01 10:40:02154312----a-w-C:\Windows\SysWow64\WRusr.dll
2013-11-01 10:40:02114720----a-w-C:\Windows\System32\drivers\WRkrn.sys
2013-11-01 10:40:02104872----a-w-C:\Windows\System32\WRusr.dll
2013-10-15 21:47:396665504----a-w-C:\Windows\System32\nvcpl.dll
2013-10-15 21:47:393489568----a-w-C:\Windows\System32\nvsvc64.dll
2013-10-15 21:47:36922912----a-w-C:\Windows\System32\nvvsvc.exe
2013-10-15 21:47:3663776----a-w-C:\Windows\System32\nvshext.dll
2013-10-15 21:47:36219424----a-w-C:\Windows\System32\nvmctray.dll
2013-10-15 20:54:06589600----a-w-C:\Windows\SysWow64\nvStreaming.exe
2013-10-12 08:45:202241536----a-w-C:\Windows\System32\wininet.dll
2013-10-12 08:43:373959808----a-w-C:\Windows\System32\jscript9.dll
2013-10-12 08:43:3267072----a-w-C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32136704----a-w-C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:501767936----a-w-C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:332877952----a-w-C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:2961440----a-w-C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29109056----a-w-C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:262706432----a-w-C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:582706432----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:3889600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:3971680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42830464----a-w-C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21859648----a-w-C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08324096----a-w-C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08656896----a-w-C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25216576----a-w-C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-08 19:14:153398914----a-w-C:\Windows\System32\nvcoproc.bin
2013-10-08 11:50:3796168----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 19:57:251168384----a-w-C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31190464----a-w-C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17197120----a-w-C:\Windows\System32\credui.dll
2013-10-04 02:24:491930752----a-w-C:\Windows\System32\authui.dll
2013-10-04 01:58:50152576----a-w-C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25168960----a-w-C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:001796096----a-w-C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48404480----a-w-C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44311808----a-w-C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10497152----a-w-C:\Windows\System32\drivers\afd.sys
2013-09-27 23:01:3829984----a-w-C:\Windows\System32\nvaudcap64v.dll
2013-09-25 02:26:4095680----a-w-C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40154560----a-w-C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:3328672----a-w-C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33135680----a-w-C:\Windows\System32\sspicli.dll
2013-09-25 02:23:0128160----a-w-C:\Windows\System32\secur32.dll
2013-09-25 02:22:59340992----a-w-C:\Windows\System32\schannel.dll
2013-09-25 02:21:50307200----a-w-C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:071447936----a-w-C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:1796768----a-w-C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:2622016----a-w-C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24247808----a-w-C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42220160----a-w-C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:2430720----a-w-C:\Windows\System32\lsass.exe
2013-09-08 02:30:371903552----a-w-C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14327168----a-w-C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58231424----a-w-C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11343040----a-w-C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51325120----a-w-C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:4999840----a-w-C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:4352736----a-w-C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:4330720----a-w-C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:4225600----a-w-C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:407808----a-w-C:\Windows\System32\drivers\usbd.sys
2013-09-03 18:35:10278800------w-C:\Windows\System32\MpSigStub.exe
2013-08-29 02:17:485549504----a-w-C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:351732032----a-w-C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28243712----a-w-C:\Windows\System32\wow64.dll
2013-08-29 02:16:14859648----a-w-C:\Windows\System32\tdh.dll
2013-08-29 02:13:28878080----a-w-C:\Windows\System32\advapi32.dll
2013-08-29 01:51:453969472----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:453914176----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:315120----a-w-C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:301292192----a-w-C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16619520----a-w-C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17640512----a-w-C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:1544032----a-w-C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:5325600----a-w-C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:527680----a-w-C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:5214336----a-w-C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:492048----a-w-C:\Windows\SysWow64\user.exe
2013-08-28 01:21:063155968----a-w-C:\Windows\System32\win32k.sys
2013-08-28 01:12:33461312----a-w-C:\Windows\System32\scavengeui.dll
2012-12-21 08:17:089842040----a-w-C:\Program Files (x86)\Common Files\wruninstall.exe
.
============= FINISH: 22:19:18.81 ===============