Solved Got a virus trying to run unkillable IE windows in background

T

tonygotskilz

Posts: 44   +0
In short I have downloaded a virus to my new (3 day old computer) by making a stupid mistake (clicked ok to a windows that looked like it was supposed to update adobe reader but was likely the culprit which dl'd the virus now have). I have already followed the 5 steps listed on this site, logs to follow shortly.
 
After downloading and running Malwarebytes I have noticed it popping up frequenlty blocking Iexplorer trying to reach malicious sites. Also the shockwave Flash plugin keeps crashing in chrome.
 
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.22.12
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Skilz :: SKILZ-PC [administrator]
Protection: Enabled
6/22/2012 6:46:25 PM
mbam-log-2012-06-22 (18-46-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231997
Time elapsed: 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Skilz at 19:14:45 on 2012-06-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16346.13595 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSOOBE.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSPanel.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
G:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWoW64\svchost.exe
C:\Windows\SysWoW64\svchost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Skilz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Skilz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Skilz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Skilz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Skilz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Skilz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Skilz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Skilz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Skilz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Skilz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Skilz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Skilz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Skilz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Skilz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Skilz\Desktop\v0el481k.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Splashtop Connect SearchHook: {0f3dc9e0-c459-4a40-bcf8-747bd9322e10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
mURLSearchHooks: Splashtop Connect SearchHook: {0f3dc9e0-c459-4a40-bcf8-747bd9322e10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
BHO: Splashtop Connect VisualBookmark: {0e5680d1-bf44-4929-94af-fd30d784ad1d} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
mRun: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSPanel.exe /S
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [PWRISOVM.EXE] g:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Skilz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A953ED16-64DE-4BB6-954D-50DE044C0253} : DhcpNameServer = 192.168.1.1
AppInit_DLLs: C:\Windows\SysWOW64\appinit_dll.dll
BHO-X64: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO-X64: BitComet ClickCapture - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll
mRun-x64: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
mRun-x64: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSPanel.exe /S
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [PWRISOVM.EXE] g:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
AppInit_DLLs-X64: C:\Windows\SysWOW64\appinit_dll.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Skilz\AppData\Roaming\Mozilla\Firefox\Profiles\ex5f8rp2.TonyGotSkilz-home\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://insite.bridgepoint.local/dept/bts/Applications/Engineering%20Dashboard.aspx
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-6-19 1161376]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120622.001\IDSviA64.sys [2012-6-22 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS --> C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [?]
R1 VirtDiskBus;3TB+ Unlock;C:\Windows\system32\DRIVERS\VirtDiskBus64.sys --> C:\Windows\system32\DRIVERS\VirtDiskBus64.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-20 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-6-20 161560]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-22 654408]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2012-6-22 138760]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\System32\nlssrv32.exe [2011-1-21 64512]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-20 1262400]
R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-2-21 531328]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-14 370504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-20 363800]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\system32\viakaraokesrv.exe --> C:\Windows\system32\viakaraokesrv.exe [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-22 138912]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\system32\DRIVERS\VirtuWDDM.sys --> C:\Windows\system32\DRIVERS\VirtuWDDM.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-20 257696]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-6-20 274200]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-6-20 30528]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-6-20 160256]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-21 113120]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-23 01:41:19--------d-----w-C:\Users\Skilz\AppData\Roaming\Rainmeter
2012-06-23 01:39:33--------d-sh--w-C:\$RECYCLE.BIN
2012-06-23 01:39:19--------d-----w-C:\_OTL
2012-06-23 01:35:01--------d-----w-C:\Program Files\Rainmeter
2012-06-23 01:18:46--------d-----w-C:\ComboFix
2012-06-23 01:13:04--------d-----w-C:\Users\Skilz\AppData\Local\CrashDumps
2012-06-23 00:56:5198816----a-w-C:\Windows\sed.exe
2012-06-23 00:56:51518144----a-w-C:\Windows\SWREG.exe
2012-06-23 00:56:51256000----a-w-C:\Windows\PEV.exe
2012-06-23 00:56:51208896----a-w-C:\Windows\MBR.exe
2012-06-23 00:02:54--------d-----w-C:\Users\Skilz\AppData\Roaming\Malwarebytes
2012-06-23 00:02:3724904----a-w-C:\Windows\System32\drivers\mbam.sys
2012-06-23 00:02:37--------d-----w-C:\ProgramData\Malwarebytes
2012-06-23 00:02:37--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-22 23:58:27--------d-----w-C:\Program Files (x86)\Foxit Software
2012-06-22 23:33:40--------d-----w-C:\Users\Skilz\AppData\Local\ElevatedDiagnostics
2012-06-22 21:41:559013136----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-06-22 21:41:549013136----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F4FCF840-2E30-48EE-9EF4-550C0C991BFF}\mpengine.dll
2012-06-22 21:25:1590544----a-w-C:\Windows\System32\drivers\scdemu.sys
2012-06-22 21:19:31--------d-----w-C:\Windows\System32\wbem\Framework\root\OpenHardwareMonitor
2012-06-22 21:19:31--------d-----w-C:\Windows\System32\wbem\Framework\root
2012-06-22 21:19:31--------d-----w-C:\Windows\System32\wbem\Framework
2012-06-22 21:19:17--------d-----w-C:\CPU Monitor
2012-06-22 21:14:32--------d-----w-C:\Program Files (x86)\Vertus Fluid Mask 3
2012-06-22 21:11:54--------d-----w-C:\ProgramData\VertusTech
2012-06-22 20:57:03--------d-----w-C:\ProgramData\GlobalSCAPE
2012-06-22 20:56:07--------d-----w-C:\Program Files (x86)\GlobalSCAPE
2012-06-22 05:32:28--------d-----w-C:\ProgramData\ALM
2012-06-22 05:27:50--------d-----w-C:\Users\Skilz\AppData\Local\Adobe
2012-06-22 05:05:05--------d-----w-C:\Users\Skilz\AppData\Local\Skyrim
2012-06-22 04:56:13--------d-----w-C:\Users\Skilz\AppData\Roaming\NVIDIA
2012-06-22 04:56:10--------d-----w-C:\ProgramData\EA Core
2012-06-22 04:55:42--------d-----w-C:\ProgramData\EA Logs
2012-06-22 04:22:07--------d-----w-C:\Program Files\BitComet
2012-06-22 04:17:00--------d-----w-C:\Downloads
2012-06-22 04:07:32--------d-----w-C:\Users\Skilz\AppData\Roaming\BitComet
2012-06-22 03:56:09--------d-----w-C:\Users\Skilz\AppData\Local\Power2Go
2012-06-22 03:31:32514560----a-w-C:\Windows\SysWow64\qdvd.dll
2012-06-22 03:31:32366592----a-w-C:\Windows\System32\qdvd.dll
2012-06-22 03:19:32--------d-----w-C:\Temp
2012-06-22 03:18:5959904----a-w-C:\Windows\SysWow64\wbemdisp.tlb
2012-06-22 03:18:5916384----a-w-C:\Windows\SysWow64\lgfwunis.exe
2012-06-22 03:18:59115016----a-w-C:\Windows\SysWow64\MSINET.OCX
2012-06-22 03:18:59102912----a-w-C:\Windows\SysWow64\Vb6stkit.dll
2012-06-22 03:18:59102160----a-w-C:\Windows\SysWow64\VB6KO.DLL
2012-06-22 03:18:58--------d-----w-C:\Program Files (x86)\lg_fwupdate
2012-06-22 03:18:0977824----a-w-C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-06-22 03:18:0932768----a-w-C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-06-22 03:18:09225280----a-w-C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-06-22 03:18:09176128----a-w-C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-06-22 03:15:402622464----a-w-C:\Windows\System32\wucltux.dll
2012-06-22 03:15:3899840----a-w-C:\Windows\System32\wudriver.dll
2012-06-22 03:15:3836864----a-w-C:\Windows\System32\wuapp.exe
2012-06-22 03:15:38186752----a-w-C:\Windows\System32\wuwebv.dll
2012-06-21 07:11:25--------d-----w-C:\aws
2012-06-21 07:11:18--------d-----w-C:\Asus WebStorage
2012-06-21 07:06:45--------d-----w-C:\Program Files (x86)\Git
2012-06-21 07:06:14--------d-----w-C:\Users\Skilz\AppData\Local\Apple Computer
2012-06-21 07:06:1234152----a-w-C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-06-21 07:06:12126312----a-w-C:\Windows\System32\GEARAspi64.dll
2012-06-21 07:06:12107368----a-w-C:\Windows\SysWow64\GEARAspi.dll
2012-06-21 07:06:01--------d-----w-C:\Program Files\iPod
2012-06-21 07:06:00--------d-----w-C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-21 07:06:00--------d-----w-C:\Program Files\iTunes
2012-06-21 07:06:00--------d-----w-C:\Program Files (x86)\iTunes
2012-06-21 07:05:51--------d-----w-C:\Users\Skilz\AppData\Local\Apple
2012-06-21 07:05:44--------d-----w-C:\Program Files\Bonjour
2012-06-21 07:05:44--------d-----w-C:\Program Files (x86)\Bonjour
2012-06-21 07:04:10--------d-----w-C:\Users\Skilz\AppData\Roaming\ASUS WebStorage
2012-06-21 07:04:08--------d-----w-C:\ProgramData\ASUS WebStorage
2012-06-21 07:04:04--------d-----w-C:\Program Files (x86)\ASUS
2012-06-21 06:58:43--------d-----w-C:\ProgramData\Blizzard Entertainment
2012-06-21 06:58:43--------d-----w-C:\Program Files (x86)\Diablo III
2012-06-21 06:58:43--------d-----w-C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-06-21 06:57:53--------d-----w-C:\ProgramData\Battle.net
2012-06-21 06:54:18--------d-----w-C:\Users\Skilz\AppData\Local\Spotify
2012-06-21 06:52:20--------d-----w-C:\Users\Skilz\AppData\Roaming\Spotify
2012-06-21 06:51:17--------d--h--w-C:\Program Files (x86)\Common Files\EAInstaller
2012-06-21 06:31:01--------d-----w-C:\Program Files (x86)\Origin Games
2012-06-21 06:31:00--------d-----w-C:\Users\Skilz\AppData\Roaming\Origin
2012-06-21 06:31:00--------d-----w-C:\Users\Skilz\AppData\Local\Origin
2012-06-21 06:30:53--------d-----w-C:\ProgramData\Origin
2012-06-21 06:30:53--------d-----w-C:\ProgramData\Electronic Arts
2012-06-21 06:30:47--------d-----w-C:\Program Files (x86)\Origin
2012-06-21 06:29:48--------d-----w-C:\Program Files (x86)\Steam
2012-06-21 06:29:48--------d-----w-C:\Program Files (x86)\Common Files\Steam
2012-06-21 06:26:35--------d-----w-C:\Users\Skilz\AppData\Local\GlobalSCAPE
2012-06-21 06:00:11--------d-----w-C:\Program Files (x86)\Oracle
2012-06-21 05:58:42--------d-----w-C:\Program Files\NVIDIA Corporation
2012-06-21 02:07:19--------d-----w-C:\Windows\System32\SPReview
2012-06-21 02:07:11--------d-----w-C:\Windows\System32\EventProviders
2012-06-21 02:02:594583424----a-w-C:\Program Files\Windows NT\Accessories\wordpad.exe
2012-06-21 01:56:4298816----a-w-C:\Windows\System32\drivers\usbccgp.sys
2012-06-20 08:53:43--------d-----w-C:\Program Files\Microsoft IntelliPoint
2012-06-20 08:53:42--------d-----w-C:\Windows\PCHEALTH
2012-06-20 08:52:45902656----a-w-C:\Windows\System32\d2d1.dll
2012-06-20 08:52:45739840----a-w-C:\Windows\SysWow64\d2d1.dll
2012-06-20 08:52:451139200----a-w-C:\Windows\System32\FntCache.dll
2012-06-20 08:47:07--------d-----w-C:\Windows\Panther
2012-06-20 08:43:34--------d-----w-C:\Program Files (x86)\Common Files\Intel Corporation
2012-06-20 08:38:5030528----a-w-C:\Windows\GVTDrv64.sys
2012-06-20 08:38:43--------d-----w-C:\Users\Skilz\AppData\Roaming\Intel Corporation
2012-06-20 08:37:30--------d-----w-C:\Windows\SysWow64\Wat
2012-06-20 08:37:30--------d-----w-C:\Windows\System32\Wat
2012-06-20 08:34:0870304----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-20 08:34:08419488----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-20 08:31:42--------d-----w-C:\Users\Skilz\AppData\Local\Opera
2012-06-20 08:25:33--------d-----w-C:\Users\Skilz\AppData\Local\Google
2012-06-20 08:25:30--------d-----w-C:\Users\Skilz\AppData\Local\Deployment
2012-06-20 08:25:30--------d-----w-C:\Users\Skilz\AppData\Local\Apps
2012-06-20 08:25:23--------d-----w-C:\Windows\SysWow64\directx
2012-06-20 08:11:2281408----a-w-C:\Windows\System32\imagehlp.dll
2012-06-20 08:11:225120----a-w-C:\Windows\SysWow64\wmi.dll
2012-06-20 08:11:225120----a-w-C:\Windows\System32\wmi.dll
2012-06-20 08:11:2223408----a-w-C:\Windows\System32\drivers\fs_rec.sys
2012-06-20 08:11:22220672----a-w-C:\Windows\System32\wintrust.dll
2012-06-20 08:11:22172544----a-w-C:\Windows\SysWow64\wintrust.dll
2012-06-20 08:11:22159232----a-w-C:\Windows\SysWow64\imagehlp.dll
2012-06-20 08:09:59870912----a-w-C:\Windows\SysWow64\XpsPrint.dll
2012-06-20 08:08:575559664----a-w-C:\Windows\System32\ntoskrnl.exe
2012-06-20 08:07:5664512----a-w-C:\Windows\SysWow64\devobj.dll
2012-06-20 08:06:59--------d-----w-C:\Users\Skilz\AppData\Roaming\Splashtop Remote Client
2012-06-20 08:06:54--------d-----w-C:\ProgramData\Downloaded Installations
2012-06-20 08:06:43--------d-----w-C:\Users\Skilz\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1}
2012-06-20 08:05:40--------d-----w-C:\Users\Skilz\AppData\Local\WinZip
2012-06-20 08:05:0366336----a-w-C:\Windows\System32\drivers\VirtuWDDM.sys
2012-06-20 08:05:02475424----a-w-C:\Windows\System32\appinit_dll.dll
2012-06-20 08:05:02429856----a-w-C:\Windows\SysWow64\appinit_dll.dll
2012-06-20 08:05:02--------d-----w-C:\Users\Skilz\Lucidlogix
2012-06-20 08:05:02--------d-----w-C:\Program Files\Lucidlogix Technologies
2012-06-20 08:04:52--------d-----w-C:\Program Files (x86)\Atheros ASAV
2012-06-20 08:04:1866160----a-w-C:\Windows\System32\drivers\VirtDiskBus64.sys
2012-06-20 08:04:13--------d-----w-C:\Program Files (x86)\My Company Name
2012-06-20 08:03:07279656------w-C:\Windows\System32\MpSigStub.exe
2012-06-20 08:01:47--------d-----w-C:\Users\Skilz\AppData\Local\Evernote
2012-06-20 08:01:29--------d-----w-C:\Program Files (x86)\Evernote
2012-06-20 08:00:17826880----a-w-C:\Windows\SysWow64\rdpcore.dll
2012-06-20 08:00:1723552----a-w-C:\Windows\System32\drivers\tdtcp.sys
2012-06-20 08:00:171031680----a-w-C:\Windows\System32\rdpcore.dll
2012-06-20 07:58:58104560----a-w-C:\Windows\System32\drivers\L1C62x64.sys
2012-06-20 07:56:4753248----a-r-C:\Windows\SysWow64\CSVer.dll
2012-06-20 07:56:44--------d-----w-C:\Program Files (x86)\Common Files\postureAgent
2012-06-20 07:56:3960184----a-w-C:\Windows\System32\drivers\HECIx64.sys
2012-06-20 07:56:24--------d--h--w-C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2012-06-20 07:56:11--------d-----w-C:\ProgramData\Splashtop
2012-06-20 07:56:09--------d-----w-C:\Users\Skilz\AppData\Roaming\Splashtop
2012-06-20 07:56:07--------d-----w-C:\Program Files (x86)\Splashtop
2012-06-20 07:56:02--------d-sh--w-C:\Windows\Installer
2012-06-20 07:54:20--------d-----w-C:\Windows\pss
2012-06-20 07:31:21--------d-----w-C:\Intel
2012-06-20 07:27:27--------d-----w-C:\NVIDIA
2012-06-20 07:24:07--------d-----w-C:\Recovery
.
==================== Find3M ====================
.
2012-06-22 23:40:31174200----a-w-C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-06-22 21:11:561024----a-w-C:\Windows\SysWow64\obfci80.dll
2012-06-22 21:11:561024----a-w-C:\Windows\SysWow64\grcauth2.dll
2012-06-22 21:11:561024----a-w-C:\Windows\SysWow64\grcauth1.dll
2012-06-22 21:11:561024----a-w-C:\Windows\SysWow64\clauth2.dll
2012-06-22 21:11:561024----a-w-C:\Windows\SysWow64\clauth1.dll
2012-06-21 02:21:50175616----a-w-C:\Windows\System32\msclmd.dll
2012-06-21 02:21:50152576----a-w-C:\Windows\SysWow64\msclmd.dll
2012-05-15 10:48:00949056----a-w-C:\Windows\System32\nvumdshimx.dll
2012-05-15 09:29:47889664----a-w-C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:4663296----a-w-C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46118080----a-w-C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:452621723----a-w-C:\Windows\System32\nvcoproc.bin
2012-05-15 09:29:253149632----a-w-C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:426151488----a-w-C:\Windows\System32\nvcpl.dll
2012-05-15 09:21:50423744----a-w-C:\Windows\SysWow64\nvStreaming.exe
2012-05-15 01:32:333146752----a-w-C:\Windows\System32\win32k.sys
2012-05-05 02:29:22772504----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2012-05-05 02:29:16687504----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-05-04 10:03:533968368----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:503913072----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20209920----a-w-C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21210944----a-w-C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:5677312----a-w-C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55149504----a-w-C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:279216----a-w-C:\Windows\System32\rdrmemptylst.exe
2012-04-25 19:11:3652736----a-w-C:\Windows\System32\drivers\usbaapl64.sys
2012-04-25 19:11:364547944----a-w-C:\Windows\System32\usbaaplrc.dll
2012-04-24 05:37:37184320----a-w-C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37140288----a-w-C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:361462272----a-w-C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:421158656----a-w-C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2012-04-18 17:08:0831040----a-w-C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03188736----a-w-C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:021451840----a-w-C:\Windows\System32\nvhdagenco6420103.dll
2012-04-07 12:31:403216384----a-w-C:\Windows\System32\msi.dll
2012-04-07 11:26:292342400----a-w-C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:471918320----a-w-C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 19:15:08.64 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/20/2012 12:53:15 AM
System Uptime: 6/22/2012 6:41:11 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | Z77MX-D3H
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | 3701/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 237 GiB total, 128.367 GiB free.
D: is FIXED (NTFS) - 1 GiB total, 0.093 GiB free.
E: is FIXED (NTFS) - 71 GiB total, 51.427 GiB free.
F: is FIXED (NTFS) - 234 GiB total, 91.039 GiB free.
G: is FIXED (NTFS) - 861 GiB total, 438.982 GiB free.
H: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Device ID: PCI\VEN_1969&DEV_1083&SUBSYS_E0001458&REV_C0\4&1828E751&0&00E4
Manufacturer: Atheros
Name: Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
PNP Device ID: PCI\VEN_1969&DEV_1083&SUBSYS_E0001458&REV_C0\4&1828E751&0&00E4
Service: L1C
.
==== System Restore Points ===================
.
RP26: 6/21/2012 8:15:34 PM - Windows Update
RP27: 6/21/2012 8:16:39 PM - Installed Suite
RP28: 6/21/2012 8:31:34 PM - Windows Update
RP29: 6/21/2012 10:04:39 PM - Installed DirectX
RP30: 6/22/2012 1:56:03 PM - Installed CuteFTP 8 Professional
RP31: 6/22/2012 4:50:40 PM - OTL Restore Point - 6/22/2012 4:50:39 PM
RP32: 6/22/2012 6:34:12 PM - OTL Restore Point - 6/22/2012 6:34:12 PM
RP33: 6/22/2012 6:39:53 PM - OTL Restore Point - 6/22/2012 6:39:53 PM
.
==== Installed Programs ======================
.
@BIOS
3DPower B12.0215.1
3TB+Unlock B11.0919.1
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Design Premium
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader 9.3
Apple Application Support
Apple Software Update
ASUS WebStorage Sync Agent
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AutoGreen B12.0206.1
BitComet 1.32 64-bit
CloudStation B12.0314.1
CuteFTP 8 Professional
Diablo III
Easy Tune 6 B12.0309.1
Evernote v. 4.5.7
EVGA Precision X 3.0.1
EZ Setup B12.0312.03
Foxit Reader
Git version 1.7.10-preview20120409
Google Chrome
Half-Life 2
Half-Life 2: Lost Coast
HijackThis 2.0.0
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
Left 4 Dead 2
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerBackup
LG CyberLink YouCam
LG ODD Auto Firmware Update
LG Power Tools
Malwarebytes Anti-Malware version 1.61.0.1400
Mass Effect™ 3
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Norton Internet Security
Notepad++
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
ON_OFF Charge B11.1102.1
Opera 12.00
Origin
PDF Settings CS5
Platform
Portal
PowerISO
Qualcomm SmartNet Controller
Rainmeter
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Splashtop Connect for Firefox
Splashtop Connect for IE
Splashtop Remote Client
Splashtop Streamer
Spotify
Steam
The Elder Scrolls V: Skyrim
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Vertus Fluid Mask 3 3.2.3
VIA Platform Device Manager
WinRAR archiver
WinZip 15.0
.
==== Event Viewer Messages From Past Week ========
.
6/22/2012 6:39:19 PM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
6/22/2012 6:24:09 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
6/22/2012 6:23:28 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/22/2012 6:04:46 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/22/2012 3:10:58 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
6/21/2012 12:50:19 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The service has not been started.
6/20/2012 7:22:53 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-1906442133
6/20/2012 7:22:49 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: The process cannot access the file because it is being used by another process.
6/20/2012 7:22:49 PM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The process cannot access the file because it is being used by another process.
6/20/2012 7:22:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application User Notification Service service to connect.
6/20/2012 7:22:49 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The process cannot access the file because it is being used by another process.
6/20/2012 7:22:49 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The process cannot access the file because it is being used by another process.
6/20/2012 7:22:49 PM, Error: Service Control Manager [7000] - The Intel(R) Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/20/2012 7:22:48 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The process cannot access the file because it is being used by another process.
6/20/2012 7:22:46 PM, Error: Service Control Manager [7023] - The Windows Font Cache Service service terminated with the following error: The process cannot access the file because it is being used by another process.
6/20/2012 7:22:46 PM, Error: Service Control Manager [7023] - The Background Intelligent Transfer Service service terminated with the following error: The process cannot access the file because it is being used by another process.
6/20/2012 7:22:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
6/20/2012 7:22:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
6/20/2012 7:22:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.
6/20/2012 7:22:46 PM, Error: Service Control Manager [7000] - The Intel(R) Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/20/2012 7:22:45 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/20/2012 7:10:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656405).
6/20/2012 7:10:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871).
6/20/2012 7:10:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656368).
6/20/2012 11:19:01 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/20/2012 11:18:59 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/20/2012 11:18:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/20/2012 11:18:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/20/2012 11:18:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/20/2012 11:18:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/20/2012 11:18:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger discache spldr VirtDiskBus Wanarpv6
6/20/2012 10:28:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800b0100: Update for Windows 7 for x64-based Systems (KB2547666).
6/20/2012 1:38:37 AM, Error: Service Control Manager [7023] -
6/20/2012 1:37:46 AM, Error: Service Control Manager [7034] - The Splashtop® Remote Service service terminated unexpectedly. It has done this 1 time(s).
6/20/2012 1:37:46 AM, Error: Service Control Manager [7034] - The Splashtop Software Updater Service service terminated unexpectedly. It has done this 1 time(s).
6/20/2012 1:37:46 AM, Error: Service Control Manager [7034] - The Splashtop Connect Service service terminated unexpectedly. It has done this 1 time(s).
6/20/2012 1:37:46 AM, Error: Service Control Manager [7034] - The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
6/20/2012 1:37:46 AM, Error: Service Control Manager [7034] - The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

============================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`40100000

Size Device Name MBR Status
--------------------------------------------
238 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-22 19:47:17
-----------------------------
19:47:17.305 OS Version: Windows x64 6.1.7601 Service Pack 1
19:47:17.305 Number of processors: 4 586 0x2A07
19:47:17.306 ComputerName: SKILZ-PC UserName: Skilz
19:47:17.488 Initialize success
19:48:42.466 AVAST engine defs: 12062201
19:49:08.181 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:49:08.183 Disk 0 Vendor: M4-CT256 000F Size: 244198MB BusType: 3
19:49:08.184 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
19:49:08.185 Disk 1 Vendor: ST310005 CC34 Size: 953869MB BusType: 3
19:49:08.186 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
19:49:08.188 Disk 2 Vendor: Maxtor_7 YAR5 Size: 239372MB BusType: 3
19:49:08.190 Disk 0 MBR read successfully
19:49:08.192 Disk 0 MBR scan
19:49:08.194 Disk 0 Windows 7 default MBR code
19:49:08.196 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 1024 MB offset 2048
19:49:08.199 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 243172 MB offset 2099200
19:49:08.204 Disk 0 scanning C:\Windows\system32\drivers
19:49:10.108 Service scanning
19:49:15.589 Modules scanning
19:49:15.594 Disk 0 trace - called modules:
19:49:15.598 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
19:49:15.603 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800cf8e060]
19:49:15.606 3 CLASSPNP.SYS[fffff88001c5143f] -> nt!IofCallDriver -> [0xfffffa800c9d13e0]
19:49:15.610 5 ACPI.sys[fffff88000f147a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800c9d4050]
19:49:15.766 AVAST engine scan C:\Windows
19:49:16.230 AVAST engine scan C:\Windows\system32
19:50:00.909 AVAST engine scan C:\Windows\system32\drivers
19:50:03.925 AVAST engine scan C:\Users\Skilz
19:50:16.348 AVAST engine scan C:\ProgramData
19:50:22.686 Scan finished successfully
19:52:42.400 Disk 0 MBR has been saved successfully to "C:\Users\Skilz\Desktop\MBR.dat"
19:52:42.403 The log file has been saved successfully to "C:\Users\Skilz\Desktop\aswMBR.txt"
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Scan result of Farbar Recovery Scan Tool Version: 22-06-2012
Ran by SYSTEM at 22-06-2012 22:47:41
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [170264 2012-01-12] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [398104 2012-01-12] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [440600 2012-01-12] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [841544 2010-11-15] (Splashtop Inc.)
HKLM-x32\...\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [771968 2011-08-29] (Splashtop Inc.)
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [5028464 2012-01-12] (VIA)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSPanel.exe /S [3417984 2012-05-16] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun [557056 2012-06-21] (BitLeader)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-04-20] (CyberLink Corp.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] g:\Program Files (x86)\PowerISO\PWRISOVM.EXE [x]
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Skilz\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-06-20] (Valve Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\Windows\System32\appinit_dll.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Skilz\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

==================== Services (Whitelisted) ======

3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com)
3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [274200 2012-01-12] (Intel Corporation)
3 ICCS; "C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe" [160256 2011-08-30] (Intel Corporation)
2 Intel(R) Capability Licensing Service Interface; "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [607456 2011-12-08] (Intel(R) Corporation)
2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-06-14] (Mozilla Foundation)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 nlsX86cc; C:\Windows\SysWow64\nlssrv32.exe [64512 2011-01-21] (Nalpeiron Ltd.)
2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" [531328 2012-02-21] (Splashtop Inc.)
2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [370504 2012-03-14] (Splashtop Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [363800 2011-12-16] (Intel Corporation)
2 VIAKaraokeService; C:\Windows\System32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)

========================== Drivers (Whitelisted) =============

1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21616 2011-11-02] ()
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [1161376 2012-06-18] (Symantec Corporation)
1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [167048 2011-11-29] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-06-22] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-06-22] (Symantec Corporation)
3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2012-06-20] ()
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120622.001\IDSvia64.sys [509088 2012-06-22] (Symantec Corporation)
0 iusb3hcs; C:\Windows\System32\Drivers\iusb3hcs.sys [16152 2012-01-27] (Intel Corporation)
3 iusb3hub; C:\Windows\System32\Drivers\iusb3hub.sys [356120 2012-01-27] (Intel Corporation)
3 iusb3xhc; C:\Windows\System32\Drivers\iusb3xhc.sys [787736 2012-01-27] (Intel Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120622.019\ENG64.SYS [120440 2012-06-22] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120622.019\EX64.SYS [2068600 2012-06-22] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS [737912 2012-03-28] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS [37496 2012-03-28] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1307010.005\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1307010.005\SYMEFA64.SYS [1092728 2012-03-28] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-06-22] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [190072 2012-03-28] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [405624 2012-03-28] (Symantec Corporation)
1 VirtDiskBus; C:\Windows\System32\DRIVERS\VirtDiskBus64.sys [66160 2011-02-08] (Giga-Byte Technology CO., LTD.)
3 VirtuWDDM; C:\Windows\System32\Drivers\VirtuWDDM.sys [66336 2012-01-12] (Lucidlogix Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 gdrv; \??\C:\Windows\gdrv.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-22 22:47 - 2012-06-22 22:47 - 00000000 ____D C:\FRST
2012-06-22 20:13 - 2012-06-22 20:23 - 00000910 ____A C:\Users\All Users\ddwnbaa.tmp
2012-06-22 20:10 - 2012-06-22 20:21 - 00000906 ____A C:\Users\All Users\cdwnbaa.tmp
2012-06-22 19:34 - 2012-06-22 19:34 - 01424539 ____A C:\Users\Skilz\Downloads\FRST64.exe
2012-06-22 19:11 - 2012-06-22 19:11 - 00000000 ____D C:\Users\Skilz\Desktop\tdsskiller
2012-06-22 19:06 - 2012-06-22 19:06 - 02109806 ____A C:\Users\Skilz\Desktop\tdsskiller.zip
2012-06-22 18:52 - 2012-06-22 18:52 - 00002212 ____A C:\Users\Skilz\Desktop\aswMBR.txt
2012-06-22 18:46 - 2012-06-22 18:46 - 00000000 ____D C:\Users\Skilz\Desktop\bootkit_remover
2012-06-22 18:45 - 2012-06-22 18:46 - 00044607 ____A C:\Users\Skilz\Desktop\bootkit_remover.zip
2012-06-22 18:21 - 2012-06-22 18:21 - 00002498 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-06-22 18:21 - 2012-06-22 18:21 - 00000674 ____A C:\Users\All Users\trptcaa.tmp
2012-06-22 17:44 - 2012-06-22 17:44 - 06917289 ____A C:\Users\Skilz\Downloads\ABP1.2.rmskin
2012-06-22 17:41 - 2012-06-22 17:41 - 00000000 ____D C:\Users\Skilz\Documents\Rainmeter
2012-06-22 17:41 - 2012-06-22 17:41 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Rainmeter
2012-06-22 17:39 - 2012-06-22 17:39 - 00000000 ____D C:\_OTL
2012-06-22 17:35 - 2012-06-22 17:44 - 00000000 ____D C:\Program Files\Rainmeter
2012-06-22 17:27 - 2012-06-22 17:27 - 01392000 ____A C:\Users\Skilz\Downloads\Rainmeter-2.2.exe
2012-06-22 17:25 - 2012-06-22 17:25 - 00031265 ____A C:\ComboFix.txt
2012-06-22 17:18 - 2012-06-22 17:25 - 00000000 ____D C:\ComboFix
2012-06-22 17:14 - 2012-06-22 17:14 - 00001300 ____A C:\rkill.log
2012-06-22 17:13 - 2012-06-22 17:14 - 00000000 ____D C:\Users\Skilz\AppData\Local\CrashDumps
2012-06-22 17:12 - 2012-06-22 17:12 - 01012656 ____A C:\Users\Skilz\Desktop\rkill.com
2012-06-22 16:56 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-22 16:56 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-22 16:56 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-22 16:56 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-22 16:56 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-22 16:56 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-22 16:56 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-22 16:56 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-22 16:48 - 2012-06-22 17:25 - 00000000 ____D C:\Qoobox
2012-06-22 16:48 - 2012-06-22 17:06 - 00000000 ____D C:\Windows\erdnt
2012-06-22 16:32 - 2012-06-22 18:52 - 00000512 ____A C:\Users\Skilz\Desktop\MBR.dat
2012-06-22 16:29 - 2012-06-22 16:29 - 04565264 ____R (Swearware) C:\Users\Skilz\Desktop\ComboFix.exe
2012-06-22 16:28 - 2012-06-22 16:28 - 04731392 ____A (AVAST Software) C:\Users\Skilz\Desktop\aswMBR.exe
2012-06-22 16:27 - 2012-06-22 16:27 - 02128472 ____A (Kaspersky Lab ZAO) C:\Users\Skilz\Desktop\tdsskiller.exe
2012-06-22 16:20 - 2012-06-22 16:20 - 00607260 ____R (Swearware) C:\Users\Skilz\Desktop\dds.scr
2012-06-22 16:02 - 2012-06-22 16:02 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-22 16:02 - 2012-06-22 16:02 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Malwarebytes
2012-06-22 16:02 - 2012-06-22 16:02 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-22 16:02 - 2012-06-22 16:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-22 16:02 - 2012-04-04 14:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-22 15:58 - 2012-06-22 15:58 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2012-06-22 15:57 - 2012-06-22 15:57 - 14662576 ____A (Foxit Corporation ) C:\Users\Skilz\Desktop\FoxitReader531.0606_enu_Setup.exe
2012-06-22 15:47 - 2012-06-22 17:36 - 00199514 ____A C:\Users\Skilz\Desktop\OTL.Txt
2012-06-22 15:47 - 2012-06-22 15:47 - 00058852 ____A C:\Users\Skilz\Desktop\Extras.Txt
2012-06-22 15:43 - 2012-06-22 15:44 - 00596480 ____A (OldTimer Tools) C:\Users\Skilz\Desktop\OTL.exe
2012-06-22 15:40 - 2012-06-22 18:21 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2012-06-22 15:40 - 2012-06-22 18:20 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-06-22 15:40 - 2012-06-22 18:20 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-06-22 15:40 - 2012-06-22 18:20 - 00000000 ____D C:\Program Files\Symantec
2012-06-22 15:40 - 2012-06-22 15:40 - 00000000 ____D C:\Users\Public\Symantec
2012-06-22 15:40 - 2012-06-22 15:40 - 00000000 ____D C:\Users\All Users\Norton
2012-06-22 15:40 - 2012-06-22 15:40 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-06-22 15:40 - 2012-06-22 15:40 - 00000000 ____D C:\Program Files (x86)\SymSilent
2012-06-22 15:40 - 2012-06-22 15:40 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2012-06-22 13:37 - 2012-06-22 13:37 - 00000000 ____D C:\Windows\Sun
2012-06-22 13:25 - 2012-06-22 13:25 - 00000724 ____A C:\Users\Public\Desktop\PowerISO.lnk
2012-06-22 13:25 - 2009-07-26 18:54 - 00090544 ____A (PowerISO Computing, Inc.) C:\Windows\System32\Drivers\scdemu.sys
2012-06-22 13:19 - 2012-06-22 13:22 - 00000000 ____D C:\CPU Monitor
2012-06-22 13:14 - 2012-06-22 13:14 - 00000000 ____D C:\Program Files (x86)\Vertus Fluid Mask 3
2012-06-22 13:11 - 2012-06-22 13:11 - 00001024 ____A C:\Windows\SysWOW64\obfci80.tgz
2012-06-22 13:11 - 2012-06-22 13:11 - 00000000 ____D C:\Users\All Users\VertusTech
2012-06-22 13:06 - 2012-06-22 13:06 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\WinRAR
2012-06-22 13:05 - 2012-06-22 13:06 - 00000000 ____D C:\Program Files (x86)\WinRAR
2012-06-22 12:57 - 2012-06-22 12:57 - 00000000 ____D C:\Users\All Users\GlobalSCAPE
2012-06-22 12:56 - 2012-06-22 12:56 - 00000000 ____D C:\Program Files (x86)\GlobalSCAPE
2012-06-21 21:32 - 2012-06-21 21:32 - 00000000 ____D C:\Users\All Users\ALM
2012-06-21 21:31 - 2012-06-21 21:32 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-06-21 21:31 - 2012-06-21 21:32 - 00000000 ____D C:\Program Files\Adobe
2012-06-21 21:30 - 2012-06-21 21:30 - 00000000 ____D C:\Program Files (x86)\Adobe Media Player
2012-06-21 21:29 - 2012-06-21 21:29 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-06-21 21:29 - 2012-06-21 21:29 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-06-21 21:27 - 2012-06-22 15:06 - 00000000 ____D C:\Users\Skilz\AppData\Local\Adobe
2012-06-21 21:05 - 2012-06-21 21:05 - 00000000 ____D C:\Users\Skilz\AppData\Local\Skyrim
2012-06-21 21:04 - 2012-06-21 21:04 - 00000000 ____D C:\Users\Skilz\Documents\My Games
2012-06-21 20:56 - 2012-06-21 20:58 - 00000000 ____D C:\Users\Skilz\Documents\BioWare
2012-06-21 20:56 - 2012-06-21 20:56 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\NVIDIA
2012-06-21 20:56 - 2012-06-21 20:56 - 00000000 ____D C:\Users\All Users\EA Core
2012-06-21 20:22 - 2012-06-21 20:22 - 00000000 ____D C:\Program Files\BitComet
2012-06-21 20:07 - 2012-06-22 15:04 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\BitComet
2012-06-21 19:56 - 2012-06-21 19:56 - 00000000 ____D C:\Users\Skilz\AppData\Local\Power2Go
2012-06-21 19:33 - 2012-06-21 19:33 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-06-21 19:31 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-21 19:31 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-06-21 19:19 - 2012-06-22 20:35 - 00000343 ____A C:\Windows\lgfwup.ini
2012-06-21 19:19 - 2012-06-21 19:19 - 00001196 ____A C:\Users\UpdatusUser\Desktop\LG Power Tools.lnk
2012-06-21 19:19 - 2012-06-21 19:19 - 00001196 ____A C:\Users\Default\Desktop\LG Power Tools.lnk
2012-06-21 19:19 - 2012-06-21 19:19 - 00001196 ____A C:\Users\Default User\Desktop\LG Power Tools.lnk
2012-06-21 19:18 - 2012-06-22 20:35 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2012-06-21 19:18 - 2012-06-21 19:20 - 00016384 ____A (BitLeader) C:\Windows\SysWOW64\lgfwunis.exe
2012-06-21 19:18 - 2012-06-21 19:18 - 00002096 ____A C:\Users\UpdatusUser\Desktop\LG Burning Tool.lnk
2012-06-21 19:18 - 2012-06-21 19:18 - 00002096 ____A C:\Users\Default\Desktop\LG Burning Tool.lnk
2012-06-21 19:18 - 2012-06-21 19:18 - 00002096 ____A C:\Users\Default User\Desktop\LG Burning Tool.lnk
2012-06-21 19:18 - 2012-06-21 19:18 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\CyberLink
2012-06-21 19:18 - 2001-08-29 20:00 - 00059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wbemdisp.tlb
2012-06-21 19:18 - 1998-07-21 23:00 - 00102912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Vb6stkit.dll
2012-06-21 19:18 - 1998-07-21 23:00 - 00102160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6KO.DLL
2012-06-21 19:18 - 1998-06-23 23:00 - 00115016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
2012-06-21 19:16 - 2012-06-21 19:19 - 00000000 ____D C:\Program Files (x86)\CyberLink
2012-06-21 19:16 - 2012-06-21 19:18 - 00000000 ____D C:\Users\All Users\CyberLink
2012-06-21 19:15 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 19:15 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 19:15 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 19:15 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 19:15 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 19:15 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 19:15 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 19:15 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 19:15 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 23:17 - 2012-06-20 23:17 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-20 23:17 - 2012-06-20 23:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-20 23:11 - 2012-06-20 23:11 - 00000000 ____D C:\aws
2012-06-20 23:11 - 2012-06-20 23:11 - 00000000 ____D C:\Asus WebStorage
2012-06-20 23:06 - 2012-06-21 19:15 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Apple Computer
2012-06-20 23:06 - 2012-06-20 23:06 - 00000000 ____D C:\Users\Skilz\AppData\Local\Apple Computer
2012-06-20 23:06 - 2012-06-20 23:06 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-06-20 23:06 - 2012-06-20 23:06 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-20 23:06 - 2012-06-20 23:06 - 00000000 ____D C:\Program Files\iTunes
2012-06-20 23:06 - 2012-06-20 23:06 - 00000000 ____D C:\Program Files\iPod
2012-06-20 23:06 - 2012-06-20 23:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-20 23:06 - 2012-06-20 23:06 - 00000000 ____D C:\Program Files (x86)\Git
2012-06-20 23:06 - 2009-05-18 12:17 - 00034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-06-20 23:06 - 2008-04-17 11:12 - 00126312 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-06-20 23:06 - 2008-04-17 11:12 - 00107368 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-06-20 23:05 - 2012-06-20 23:05 - 00000000 ____D C:\Users\Skilz\AppData\Local\Apple
2012-06-20 23:05 - 2012-06-20 23:05 - 00000000 ____D C:\Users\All Users\Apple
2012-06-20 23:05 - 2012-06-20 23:05 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-06-20 23:05 - 2012-06-20 23:05 - 00000000 ____D C:\Program Files\Bonjour
2012-06-20 23:05 - 2012-06-20 23:05 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-06-20 23:05 - 2012-06-20 23:05 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-06-20 23:04 - 2012-06-22 20:35 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\ASUS WebStorage
2012-06-20 23:04 - 2012-06-20 23:04 - 00000000 ____D C:\Users\All Users\ASUS WebStorage
2012-06-20 23:04 - 2012-06-20 23:04 - 00000000 ____D C:\Program Files (x86)\ASUS
2012-06-20 22:58 - 2012-06-21 20:25 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-06-20 22:58 - 2012-06-20 23:12 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-06-20 22:57 - 2012-06-20 22:58 - 00000000 ____D C:\Users\All Users\Battle.net
2012-06-20 22:54 - 2012-06-22 15:07 - 00000000 ____D C:\Users\Skilz\AppData\Local\Spotify
2012-06-20 22:52 - 2012-06-22 15:30 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Spotify
2012-06-20 22:37 - 2012-06-20 22:38 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Notepad++
2012-06-20 22:37 - 2012-06-20 22:37 - 00000000 ____D C:\Program Files (x86)\Notepad++
2012-06-20 22:31 - 2012-06-20 22:32 - 00000000 ____D C:\Program Files (x86)\Origin Games
2012-06-20 22:31 - 2012-06-20 22:31 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Origin
2012-06-20 22:31 - 2012-06-20 22:31 - 00000000 ____D C:\Users\Skilz\AppData\Local\Origin
2012-06-20 22:30 - 2012-06-21 20:56 - 00000000 ____D C:\Users\All Users\Origin
2012-06-20 22:30 - 2012-06-21 20:56 - 00000000 ____D C:\Users\All Users\Electronic Arts
2012-06-20 22:30 - 2012-06-20 22:31 - 00001044 ____A C:\Windows\KB893803v2.log
2012-06-20 22:30 - 2012-06-20 22:31 - 00000000 ____D C:\Program Files (x86)\Origin
2012-06-20 22:29 - 2012-06-22 20:36 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-20 22:26 - 2012-06-20 22:26 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\GlobalSCAPE
2012-06-20 22:26 - 2012-06-20 22:26 - 00000000 ____D C:\Users\Skilz\AppData\Local\GlobalSCAPE
2012-06-20 22:00 - 2012-06-20 22:00 - 00000000 ____D C:\Users\All Users\Sun
2012-06-20 22:00 - 2012-06-20 22:00 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-20 21:59 - 2012-06-22 20:35 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-20 21:59 - 2012-06-20 21:59 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-20 21:59 - 2012-06-20 21:59 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-20 21:59 - 2012-06-20 21:59 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-06-20 21:59 - 2012-06-20 21:59 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-06-20 21:59 - 2012-06-20 21:59 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-06-20 21:59 - 2012-06-20 21:59 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-20 21:59 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-06-20 21:59 - 2012-05-15 02:48 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 00333120 ____A (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 00282432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-06-20 21:59 - 2012-05-15 02:48 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-06-20 21:59 - 2012-05-15 01:29 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-06-20 21:59 - 2012-05-15 01:29 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
2012-06-20 21:59 - 2012-05-15 01:29 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-06-20 21:59 - 2012-05-15 01:29 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-06-20 21:59 - 2012-05-15 01:29 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-06-20 21:59 - 2012-05-15 01:28 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-06-20 21:59 - 2012-05-04 18:29 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-20 21:59 - 2012-05-04 18:29 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-06-20 21:59 - 2012-05-04 18:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-20 21:59 - 2012-04-18 09:08 - 01451840 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2012-06-20 21:59 - 2012-04-18 09:08 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-06-20 21:59 - 2012-04-18 09:08 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-06-20 21:58 - 2012-06-20 21:59 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-06-20 18:37 - 2012-06-22 17:24 - 00024346 ____A C:\Windows\PFRO.log
2012-06-20 18:07 - 2012-06-20 18:07 - 00000000 ____D C:\Windows\System32\SPReview
2012-06-20 18:07 - 2012-06-20 18:07 - 00000000 ____D C:\Windows\System32\EventProviders
2012-06-20 18:03 - 2010-11-20 05:27 - 14633472 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2012-06-20 18:03 - 2010-11-20 05:27 - 03715584 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-06-20 18:03 - 2010-11-20 05:27 - 03650560 ____A (Microsoft Corporation) C:\Windows\System32\MSVidCtl.dll
2012-06-20 18:03 - 2010-11-20 05:27 - 03008000 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
2012-06-20 18:03 - 2010-11-20 05:27 - 02086912 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
2012-06-20 18:03 - 2010-11-20 05:27 - 01743360 ____A (Microsoft Corporation) C:\Windows\System32\sysmain.dll
2012-06-20 18:03 - 2010-11-20 05:27 - 01646080 ____A (Microsoft Corporation) C:\Windows\System32\wevtsvc.dll
2012-06-20 18:03 - 2010-11-20 05:27 - 01556992 ____A (Microsoft Corporation) C:\Windows\System32\RacEngn.dll
2012-06-20 18:03 - 2010-11-20 05:27 - 01219584 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2012-06-20 18:03 - 2010-11-20 05:27 - 01197056 ____A (Microsoft Corporation) C:\Windows\System32\taskschd.dll
2012-06-20 18:03 - 2010-11-20 05:27 - 01110016 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2012-06-20 18:03 - 2010-11-20 05:27 - 00488448 ____A (Microsoft Corporation) C:\Windows\System32\secproc.dll
2012-06-20 18:03 - 2010-11-20 05:27 - 00485888 ____A (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2012-06-20 18:03 - 2010-11-20 05:27 - 00263168 ____A (Microsoft Corporation) C:\Windows\System32\spwizui.dll
2012-06-20 18:03 - 2010-11-20 05:27 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-06-20 18:03 - 2010-11-20 05:26 - 04120064 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-06-20 18:03 - 2010-11-20 05:26 - 03205120 ____A (Microsoft Corporation) C:\Windows\System32\mmcndmgr.dll
2012-06-20 18:03 - 2010-11-20 05:26 - 01838080 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-06-20 18:03 - 2010-11-20 05:26 - 01340416 ____A (Microsoft Corporation) C:\Windows\System32\diagperf.dll
2012-06-20 18:03 - 2010-11-20 05:25 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2012-06-20 18:03 - 2010-11-20 05:25 - 00359424 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2012-06-20 18:03 - 2010-11-20 04:21 - 00423936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2012-06-20 18:03 - 2010-11-20 04:20 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2012-06-20 18:03 - 2010-11-20 04:19 - 03215872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2012-06-20 18:03 - 2010-11-20 04:19 - 03207680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-06-20 18:03 - 2010-11-20 04:19 - 00954752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2012-06-20 18:03 - 2010-11-20 04:19 - 00954288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2012-06-20 18:03 - 2010-11-20 04:18 - 01171456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-06-20 18:03 - 2010-11-20 04:17 - 00327168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2012-06-20 18:03 - 2010-11-20 04:17 - 00322048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2012-06-20 18:03 - 2010-11-20 03:07 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2012-06-20 18:03 - 2010-11-04 17:58 - 01130824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2012-06-20 18:03 - 2010-11-04 17:58 - 00297808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2012-06-20 18:03 - 2010-11-04 17:57 - 01942856 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2012-06-20 18:03 - 2010-11-04 17:57 - 00444752 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2012-06-20 18:03 - 2010-11-04 17:57 - 00048976 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2012-06-20 18:02 - 2010-11-20 05:44 - 01077248 ____A (Microsoft Corporation) C:\Windows\System32\Narrator.exe
2012-06-20 18:02 - 2010-11-20 05:44 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\NAPHLPR.DLL
2012-06-20 18:02 - 2010-11-20 05:44 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\NAPCRYPT.DLL
2012-06-20 18:02 - 2010-11-20 05:39 - 05066752 ____A (Microsoft Corporation) C:\Windows\System32\AuthFWSnapin.dll
2012-06-20 18:02 - 2010-11-20 05:34 - 00363392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys
2012-06-20 18:02 - 2010-11-20 05:34 - 00295808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2012-06-20 18:02 - 2010-11-20 05:34 - 00215936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2012-06-20 18:02 - 2010-11-20 05:34 - 00071552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2012-06-20 18:02 - 2010-11-20 05:33 - 00982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-06-20 18:02 - 2010-11-20 05:33 - 00951680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-06-20 18:02 - 2010-11-20 05:33 - 00376192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-06-20 18:02 - 2010-11-20 05:33 - 00366976 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys
2012-06-20 18:02 - 2010-11-20 05:33 - 00299392 ____A (Microsoft Corporation) C:\Windows\System32\mcupdate_GenuineIntel.dll
2012-06-20 18:02 - 2010-11-20 05:33 - 00289664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2012-06-20 18:02 - 2010-11-20 05:33 - 00273792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2012-06-20 18:02 - 2010-11-20 05:33 - 00263040 ____A (Microsoft Corporation) C:\Windows\System32\hal.dll
2012-06-20 18:02 - 2010-11-20 05:33 - 00213888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys
2012-06-20 18:02 - 2010-11-20 05:33 - 00184704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2012-06-20 18:02 - 2010-11-20 05:33 - 00171392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys
 
2012-06-20 00:08 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:29 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-06-20 00:08 - 2011-07-15 20:25 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-06-20 00:08 - 2011-07-15 20:24 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-06-20 00:08 - 2011-07-15 20:24 - 00272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-06-20 00:08 - 2011-07-15 20:24 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-06-20 00:08 - 2011-07-15 20:24 - 00000016 ____H C:\Windows\SysWOW64\v16qi5y.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 18:21 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-06-20 00:08 - 2011-07-15 18:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-06-20 00:08 - 2011-07-15 18:17 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 18:17 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 18:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-06-20 00:08 - 2011-07-15 18:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-06-20 00:08 - 2011-06-23 21:34 - 00214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-06-20 00:08 - 2011-06-23 21:25 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-06-20 00:08 - 2011-04-28 19:06 - 00467456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2012-06-20 00:08 - 2011-04-28 19:05 - 00410112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-06-20 00:08 - 2011-04-28 19:05 - 00168448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-06-20 00:08 - 2011-02-05 09:10 - 00642944 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2012-06-20 00:08 - 2011-02-05 09:10 - 00020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2012-06-20 00:08 - 2011-02-05 09:10 - 00019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2012-06-20 00:08 - 2011-02-05 09:10 - 00017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2012-06-20 00:08 - 2011-02-05 09:06 - 00605552 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2012-06-20 00:08 - 2011-02-05 09:06 - 00566208 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2012-06-20 00:08 - 2011-02-05 09:06 - 00518672 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2012-06-20 00:08 - 2011-01-17 03:09 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-06-20 00:08 - 2011-01-16 21:47 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-06-20 00:08 - 2010-11-20 05:27 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2012-06-20 00:08 - 2010-11-20 05:26 - 00321024 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-06-20 00:08 - 2010-11-20 05:24 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2012-06-20 00:08 - 2010-11-20 05:24 - 00104960 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2012-06-20 00:08 - 2010-11-20 05:24 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2012-06-20 00:08 - 2010-11-20 04:18 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-06-20 00:08 - 2010-11-20 04:16 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2012-06-20 00:08 - 2010-11-20 04:16 - 00072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2012-06-20 00:08 - 2010-11-20 04:16 - 00059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2012-06-20 00:07 - 2012-06-21 20:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-20 00:07 - 2012-06-20 00:07 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Mozilla
2012-06-20 00:07 - 2012-06-20 00:07 - 00000000 ____D C:\Users\Skilz\AppData\Local\Mozilla
2012-06-20 00:07 - 2012-06-20 00:07 - 00000000 ____A C:\Windows\nsreg.dat
2012-06-20 00:07 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-06-20 00:07 - 2011-12-16 00:46 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-06-20 00:07 - 2011-12-15 23:52 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-06-20 00:07 - 2011-11-19 06:58 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-06-20 00:07 - 2011-11-19 06:01 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-06-20 00:07 - 2011-11-16 22:41 - 01731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-06-20 00:07 - 2011-11-16 21:38 - 01292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-06-20 00:07 - 2011-11-04 21:32 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-06-20 00:07 - 2011-11-04 20:26 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-06-20 00:07 - 2011-10-14 22:31 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-06-20 00:07 - 2011-10-14 21:38 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-06-20 00:07 - 2011-08-26 21:37 - 00861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-06-20 00:07 - 2011-08-26 21:37 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-06-20 00:07 - 2011-08-26 20:26 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2012-06-20 00:07 - 2011-08-26 20:26 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2012-06-20 00:07 - 2011-05-24 03:42 - 00404480 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2012-06-20 00:07 - 2011-05-24 02:40 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2012-06-20 00:07 - 2011-05-24 02:40 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2012-06-20 00:07 - 2011-05-24 02:39 - 00145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2012-06-20 00:07 - 2011-05-24 02:37 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2012-06-20 00:07 - 2011-05-02 21:29 - 00976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-06-20 00:07 - 2011-05-02 20:30 - 00741376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2012-06-20 00:07 - 2011-02-22 20:55 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2012-06-20 00:07 - 2011-02-18 02:51 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2012-06-20 00:07 - 2011-02-17 21:39 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2012-06-20 00:07 - 2011-02-12 03:34 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2012-06-20 00:07 - 2010-11-20 05:33 - 00288640 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-06-20 00:07 - 2010-11-20 05:25 - 00974336 ____A (Microsoft Corporation) C:\Windows\System32\WFS.exe
2012-06-20 00:07 - 2010-11-20 05:25 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\cfgmgr32.dll
2012-06-20 00:06 - 2012-06-20 00:07 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Splashtop Remote Client
2012-06-20 00:06 - 2012-06-20 00:06 - 00000000 ____D C:\Users\Skilz\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1}
2012-06-20 00:06 - 2012-06-20 00:06 - 00000000 ____D C:\Users\All Users\Downloaded Installations
2012-06-20 00:05 - 2012-06-22 13:37 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Adobe
2012-06-20 00:05 - 2012-06-22 13:05 - 00000000 ____D C:\Users\Skilz\AppData\Local\WinZip
2012-06-20 00:05 - 2012-06-20 00:05 - 00000000 ____D C:\Users\Skilz\Lucidlogix
2012-06-20 00:05 - 2012-06-20 00:05 - 00000000 ____D C:\Users\All Users\WinZip
2012-06-20 00:05 - 2012-06-20 00:05 - 00000000 ____D C:\Program Files\Lucidlogix Technologies
2012-06-20 00:05 - 2012-06-20 00:05 - 00000000 ____D C:\Program Files (x86)\WinZip
2012-06-20 00:05 - 2012-01-12 17:37 - 00066336 ____A (Lucidlogix Inc.) C:\Windows\System32\Drivers\VirtuWDDM.sys
2012-06-20 00:05 - 2012-01-12 17:36 - 00475424 ____A (Lucidlogix Inc.) C:\Windows\System32\appinit_dll.dll
2012-06-20 00:05 - 2012-01-12 17:35 - 00429856 ____A (Lucidlogix Inc.) C:\Windows\SysWOW64\appinit_dll.dll
2012-06-20 00:04 - 2012-06-21 21:33 - 00000000 ____D C:\Users\All Users\Adobe
2012-06-20 00:04 - 2012-06-21 21:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-06-20 00:04 - 2012-06-20 00:04 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_VirtDiskBus64_01009.Wdf
2012-06-20 00:04 - 2012-06-20 00:04 - 00000000 ____D C:\Program Files (x86)\My Company Name
2012-06-20 00:04 - 2012-06-20 00:04 - 00000000 ____D C:\Program Files (x86)\Atheros ASAV
2012-06-20 00:04 - 2011-02-08 15:02 - 00066160 ____A (Giga-Byte Technology CO., LTD.) C:\Windows\System32\Drivers\VirtDiskBus64.sys
2012-06-20 00:03 - 2012-02-23 09:18 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-06-20 00:01 - 2012-06-20 00:01 - 00000000 ____D C:\Users\Skilz\AppData\Local\Evernote
2012-06-20 00:01 - 2012-06-20 00:01 - 00000000 ____D C:\Program Files (x86)\Evernote
2012-06-20 00:00 - 2012-02-16 22:38 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-06-20 00:00 - 2012-02-16 21:34 - 00826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-06-20 00:00 - 2012-02-16 20:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-06-19 23:59 - 2012-06-20 00:04 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
2012-06-19 23:59 - 2012-06-20 00:00 - 00000156 ____A C:\csb.log
2012-06-19 23:59 - 2012-06-19 23:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2012-06-19 23:59 - 2012-06-19 23:59 - 00000000 ____D C:\Program Files\GIGABYTE
2012-06-19 23:59 - 2012-06-19 23:59 - 00000000 ____D C:\Program Files (x86)\AMD
2012-06-19 23:59 - 2012-01-27 01:39 - 00016152 ____A (Intel Corporation) C:\Windows\System32\Drivers\iusb3hcs.sys
2012-06-19 23:59 - 2011-11-02 09:48 - 00021616 ____A C:\Windows\System32\Drivers\AppleCharger.sys
2012-06-19 23:59 - 2010-04-06 15:30 - 00031272 ____A C:\Windows\System32\AppleChargerSrv.exe
2012-06-19 23:58 - 2012-06-19 23:58 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2012-06-19 23:58 - 2012-06-19 23:58 - 00000000 ____D C:\Program Files (x86)\VIA
2012-06-19 23:58 - 2012-01-27 01:39 - 00787736 ____A (Intel Corporation) C:\Windows\System32\Drivers\iusb3xhc.sys
2012-06-19 23:58 - 2012-01-27 01:39 - 00356120 ____A (Intel Corporation) C:\Windows\System32\Drivers\iusb3hub.sys
2012-06-19 23:58 - 2012-01-10 06:09 - 02965104 ____A (VIA Technologies, Inc.) C:\Windows\System32\VIAPropPageExt.dll
2012-06-19 23:58 - 2012-01-10 06:09 - 02184816 ____A (VIA Technologies, Inc.) C:\Windows\System32\Drivers\viahduaa.sys
2012-06-19 23:58 - 2012-01-10 06:09 - 01161328 ____A (VIA Technologies, Inc.) C:\Windows\System32\ViaKaraokeApo.dll
2012-06-19 23:58 - 2012-01-10 06:09 - 01119344 ____A (VIA Technologies, Inc.) C:\Windows\System32\ViaMicArrayAPO.dll
2012-06-19 23:58 - 2012-01-10 06:09 - 00677488 ____A (VIA Technologies, Inc.) C:\Windows\System32\VIASysFx.dll
2012-06-19 23:58 - 2012-01-10 06:09 - 00116848 ____A (VIA Technologies,Inc.) C:\Windows\System32\ViaKaraokePropPageExt.dll
2012-06-19 23:58 - 2012-01-10 06:09 - 00095344 ____A (VIA Technologies,Inc.) C:\Windows\System32\ViaMicArrayPropPageExt.dll
2012-06-19 23:58 - 2012-01-10 06:09 - 00091760 ____A (VIA Technologies, Inc.) C:\Windows\System32\Dts2PropPageExt.dll
2012-06-19 23:58 - 2012-01-10 06:09 - 00027760 ____A (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
2012-06-19 23:58 - 2011-11-29 18:40 - 00568600 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys
2012-06-19 23:58 - 2011-08-11 14:54 - 00104560 ____A (Atheros Communications, Inc.) C:\Windows\System32\Drivers\L1C62x64.sys
2012-06-19 23:58 - 2011-06-08 02:19 - 00085504 ____A (QSound Labs, Inc.) C:\Windows\System32\nQPropPageExt.dll
2012-06-19 23:58 - 2011-06-08 02:19 - 00083968 ____A (QSound Labs, Inc.) C:\Windows\System32\nQAPO.dll
2012-06-19 23:58 - 2007-04-10 23:35 - 00414632 ____N (Microsoft Corporation) C:\Windows\difxapi.dll
2012-06-19 23:57 - 2012-06-19 23:57 - 00000000 ____D C:\Program Files\Common Files\Intel
2012-06-19 23:57 - 2012-01-12 14:24 - 05886232 ____A (Intel Corporation) C:\Windows\System32\GfxUI.exe
2012-06-19 23:57 - 2012-01-12 14:24 - 00511256 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
2012-06-19 23:57 - 2012-01-12 14:24 - 00440600 ____A (Intel Corporation) C:\Windows\System32\igfxpers.exe
2012-06-19 23:57 - 2012-01-12 14:24 - 00398104 ____A (Intel Corporation) C:\Windows\System32\hkcmd.exe
2012-06-19 23:57 - 2012-01-12 14:24 - 00274200 ____A (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2012-06-19 23:57 - 2012-01-12 14:24 - 00248600 ____A (Intel Corporation) C:\Windows\System32\igfxext.exe
2012-06-19 23:57 - 2012-01-12 14:24 - 00170264 ____A (Intel Corporation) C:\Windows\System32\igfxtray.exe
2012-06-19 23:57 - 2012-01-12 14:23 - 00184600 ____A (Intel Corporation) C:\Windows\System32\difx64.exe
2012-06-19 23:57 - 2012-01-05 20:02 - 00018488 ____A C:\Windows\System32\iglhxs64.vp
2012-06-19 23:57 - 2012-01-05 19:49 - 00090112 ____A (Intel Corporation) C:\Windows\System32\igfxCoIn_v2618.dll
2012-06-19 23:57 - 2012-01-05 19:36 - 14652768 ____A (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys
2012-06-19 23:57 - 2012-01-05 19:36 - 08034304 ____A (Intel Corporation) C:\Windows\System32\igdumd64.dll
2012-06-19 23:57 - 2012-01-05 19:36 - 00963912 ____A C:\Windows\SysWOW64\igkrng600.bin
2012-06-19 23:57 - 2012-01-05 19:36 - 00963912 ____A C:\Windows\System32\igkrng600.bin
2012-06-19 23:57 - 2012-01-05 19:36 - 00261208 ____A C:\Windows\SysWOW64\igfcg600m.bin
2012-06-19 23:57 - 2012-01-05 19:36 - 00261208 ____A C:\Windows\System32\igfcg600m.bin
2012-06-19 23:57 - 2012-01-05 19:36 - 00145804 ____A C:\Windows\SysWOW64\igcompkrng600.bin
2012-06-19 23:57 - 2012-01-05 19:36 - 00145804 ____A C:\Windows\System32\igcompkrng600.bin
2012-06-19 23:57 - 2012-01-05 19:36 - 00079360 ____A C:\Windows\System32\igdde64.dll
2012-06-19 23:57 - 2012-01-05 19:29 - 06079488 ____A (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2012-06-19 23:57 - 2012-01-05 19:29 - 00058880 ____A C:\Windows\SysWOW64\igdde32.dll
2012-06-19 23:57 - 2012-01-05 19:23 - 09536000 ____A (Intel Corporation) C:\Windows\System32\igd10umd64.dll
2012-06-19 23:57 - 2012-01-05 19:11 - 07740928 ____A (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2012-06-19 23:57 - 2012-01-05 17:58 - 18098176 ____A C:\Windows\System32\ig4icd64.dll
2012-06-19 23:57 - 2012-01-05 17:44 - 13184512 ____A C:\Windows\SysWOW64\ig4icd32.dll
2012-06-19 23:57 - 2012-01-05 17:31 - 00440320 ____A (Intel Corporation) C:\Windows\System32\igfxrell.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00439808 ____A (Intel Corporation) C:\Windows\System32\igfxrfra.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00439808 ____A (Intel Corporation) C:\Windows\System32\igfxresn.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00439296 ____A (Intel Corporation) C:\Windows\System32\igfxrrus.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00439296 ____A (Intel Corporation) C:\Windows\System32\igfxrrom.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrptg.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrplk.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrnld.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrita.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrhrv.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00438784 ____A (Intel Corporation) C:\Windows\System32\igfxrdeu.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrsky.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrhun.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrfin.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00438272 ____A (Intel Corporation) C:\Windows\System32\igfxrcsy.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrtrk.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrsve.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrslv.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrptb.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00437760 ____A (Intel Corporation) C:\Windows\System32\igfxrnor.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00437248 ____A (Intel Corporation) C:\Windows\System32\igfxrtha.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00437248 ____A (Intel Corporation) C:\Windows\System32\igfxrdan.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00435712 ____A (Intel Corporation) C:\Windows\System32\igfxrheb.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00435712 ____A (Intel Corporation) C:\Windows\System32\igfxrara.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00432128 ____A (Intel Corporation) C:\Windows\System32\igfxrjpn.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00430592 ____A (Intel Corporation) C:\Windows\System32\igfxrkor.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00429056 ____A (Intel Corporation) C:\Windows\System32\igfxrcht.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00428544 ____A (Intel Corporation) C:\Windows\System32\igfxrchs.lrc
2012-06-19 23:57 - 2012-01-05 17:31 - 00221099 ____A C:\Windows\System32\Gfxres.th-TH.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00207830 ____A C:\Windows\System32\Gfxres.el-GR.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00191775 ____A C:\Windows\System32\Gfxres.ru-RU.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00164334 ____A C:\Windows\System32\Gfxres.ar-SA.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00161613 ____A C:\Windows\System32\Gfxres.ja-JP.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00157226 ____A C:\Windows\System32\Gfxres.he-IL.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00148033 ____A C:\Windows\System32\Gfxres.it-IT.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00146675 ____A C:\Windows\System32\Gfxres.ko-KR.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00145687 ____A C:\Windows\System32\Gfxres.es-ES.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00145579 ____A C:\Windows\System32\Gfxres.de-DE.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00144338 ____A C:\Windows\System32\Gfxres.ro-RO.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00143805 ____A C:\Windows\System32\Gfxres.fr-FR.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00143155 ____A C:\Windows\System32\Gfxres.tr-TR.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00142664 ____A C:\Windows\System32\Gfxres.pt-BR.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00142335 ____A C:\Windows\System32\Gfxres.nl-NL.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00142189 ____A C:\Windows\System32\Gfxres.hu-HU.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00141644 ____A C:\Windows\System32\Gfxres.pt-PT.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00141435 ____A C:\Windows\System32\Gfxres.sv-SE.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00140923 ____A C:\Windows\System32\Gfxres.pl-PL.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00140885 ____A C:\Windows\System32\Gfxres.cs-CZ.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00140549 ____A C:\Windows\System32\Gfxres.fi-FI.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00140122 ____A C:\Windows\System32\Gfxres.sk-SK.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00139487 ____A C:\Windows\System32\Gfxres.hr-HR.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00136451 ____A C:\Windows\System32\Gfxres.sl-SI.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00136369 ____A C:\Windows\System32\Gfxres.nb-NO.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00135868 ____A C:\Windows\System32\Gfxres.da-DK.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00131317 ____A C:\Windows\System32\Gfxres.en-US.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00126976 ____A (Intel Corporation) C:\Windows\System32\igfxcpl.cpl
2012-06-19 23:57 - 2012-01-05 17:31 - 00124962 ____A C:\Windows\System32\Gfxres.zh-TW.resources
2012-06-19 23:57 - 2012-01-05 17:31 - 00123467 ____A C:\Windows\System32\Gfxres.zh-CN.resources
2012-06-19 23:57 - 2012-01-05 17:30 - 00410624 ____A (Intel Corporation) C:\Windows\System32\igfxTMM.dll
2012-06-19 23:57 - 2012-01-05 17:30 - 00386048 ____A (Intel Corporation) C:\Windows\System32\igfxpph.dll
2012-06-19 23:57 - 2012-01-05 17:30 - 00062976 ____A (Intel Corporation) C:\Windows\System32\igfxsrvc.dll
2012-06-19 23:57 - 2012-01-05 17:30 - 00028672 ____A (Intel Corporation) C:\Windows\System32\igfxexps.dll
2012-06-19 23:57 - 2012-01-05 17:29 - 09007616 ____A (Intel Corporation) C:\Windows\System32\igfxress.dll
2012-06-19 23:57 - 2012-01-05 17:29 - 00429056 ____A (Intel Corporation) C:\Windows\System32\igfxdev.dll
2012-06-19 23:57 - 2012-01-05 17:29 - 00286208 ____A (Intel Corporation) C:\Windows\System32\igfxrenu.lrc
2012-06-19 23:57 - 2012-01-05 17:29 - 00172032 ____A (Intel Corporation) C:\Windows\System32\gfxSrvc.dll
2012-06-19 23:57 - 2012-01-05 17:29 - 00142336 ____A (Intel Corporation) C:\Windows\System32\igfxdo.dll
2012-06-19 23:57 - 2012-01-05 17:29 - 00110592 ____A (Intel Corporation) C:\Windows\System32\hccutils.dll
2012-06-19 23:57 - 2012-01-05 17:29 - 00009216 ____A ( ) C:\Windows\System32\IGFXDEVLib.dll
2012-06-19 23:57 - 2012-01-05 17:27 - 00025088 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2012-06-19 23:57 - 2012-01-05 17:26 - 00320000 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2012-06-19 23:57 - 2012-01-05 17:24 - 02780160 ____A (Intel Corporation) C:\Windows\System32\igfxcmjit64.dll
2012-06-19 23:57 - 2012-01-05 17:24 - 02191872 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2012-06-19 23:57 - 2012-01-05 17:24 - 01981696 ____A C:\Windows\System32\iglhxa64.cpa
2012-06-19 23:57 - 2012-01-05 17:24 - 00524800 ____A (Intel Corporation) C:\Windows\System32\iglhsip64.dll
2012-06-19 23:57 - 2012-01-05 17:24 - 00519680 ____A (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2012-06-19 23:57 - 2012-01-05 17:24 - 00246784 ____A (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2012-06-19 23:57 - 2012-01-05 17:24 - 00244224 ____A (Intel Corporation) C:\Windows\System32\iglhcp64.dll
2012-06-19 23:57 - 2012-01-05 17:24 - 00219136 ____A (Intel Corporation) C:\Windows\System32\igfxcmrt64.dll
2012-06-19 23:57 - 2012-01-05 17:24 - 00201728 ____A (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2012-06-19 23:57 - 2012-01-05 17:24 - 00094208 ____A C:\Windows\System32\IccLibDll_x64.dll
2012-06-19 23:57 - 2012-01-05 17:24 - 00059425 ____A C:\Windows\System32\iglhxo64.vp
2012-06-19 23:57 - 2012-01-05 17:24 - 00059398 ____A C:\Windows\System32\iglhxg64.vp
2012-06-19 23:57 - 2012-01-05 17:24 - 00059230 ____A C:\Windows\System32\iglhxc64.vp
2012-06-19 23:57 - 2012-01-05 17:24 - 00059104 ____A C:\Windows\System32\iglhxc64_dev.vp
2012-06-19 23:57 - 2012-01-05 17:24 - 00058796 ____A C:\Windows\System32\iglhxg64_dev.vp
2012-06-19 23:57 - 2012-01-05 17:24 - 00058109 ____A C:\Windows\System32\iglhxo64_dev.vp
2012-06-19 23:57 - 2011-12-26 03:07 - 00086016 ____A (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2012-06-19 23:57 - 2011-12-26 03:06 - 00017920 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-06-19 23:57 - 2011-12-26 03:02 - 00120832 ____A (Intel Corporation) C:\Windows\System32\IntelOpenCL64.dll
2012-06-19 23:57 - 2011-12-26 03:02 - 00020992 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-06-19 23:57 - 2011-12-16 09:40 - 00015128 ____A C:\Windows\System32\Drivers\IntelMEFWVer.dll
2012-06-19 23:57 - 2011-12-06 03:23 - 00331264 ____A (Intel(R) Corporation) C:\Windows\System32\Drivers\IntcDAud.sys
2012-06-19 23:57 - 2011-12-06 03:22 - 00014848 ____A (Intel(R) Corporation) C:\Windows\System32\IntcDAuC.dll
2012-06-19 23:56 - 2012-06-22 12:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-19 23:56 - 2012-06-20 00:38 - 00000000 ____D C:\Users\All Users\Intel
2012-06-19 23:56 - 2012-06-20 00:06 - 00000000 ____D C:\Program Files (x86)\Splashtop
2012-06-19 23:56 - 2012-06-19 23:59 - 00000000 ____D C:\Users\All Users\Splashtop
2012-06-19 23:56 - 2012-06-19 23:59 - 00000000 ____D C:\Program Files (x86)\Intel
2012-06-19 23:56 - 2012-06-19 23:56 - 00000000 ___HD C:\Users\All Users\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2012-06-19 23:56 - 2012-06-19 23:56 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Splashtop
2012-06-19 23:56 - 2012-06-19 23:56 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\InstallShield
2012-06-19 23:56 - 2012-06-19 23:56 - 00000000 ____D C:\Program Files\Intel
2012-06-19 23:56 - 2011-12-06 15:55 - 00053248 ___RA (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2012-06-19 23:56 - 2011-11-10 00:04 - 00060184 ____A (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys
2012-06-19 23:55 - 2012-06-22 15:38 - 00000010 ____A C:\Windows\GSetup.ini
2012-06-19 23:54 - 2012-06-19 23:54 - 00000000 ____D C:\Windows\pss
2012-06-19 23:53 - 2012-06-22 20:23 - 01122618 ____A C:\Windows\WindowsUpdate.log
2012-06-19 23:53 - 2012-06-20 00:05 - 00000000 ____D C:\users\Skilz
2012-06-19 23:53 - 2012-06-19 23:53 - 00000020 ___SH C:\Users\Skilz\ntuser.ini
2012-06-19 23:53 - 2012-06-19 23:53 - 00000000 ____D C:\Users\Skilz\AppData\Local\VirtualStore
2012-06-19 23:48 - 2012-06-19 23:48 - 00001313 ____A C:\Windows\TSSysprep.log
2012-06-19 23:36 - 2012-06-20 21:52 - 00000836 ____A C:\lucid.log
2012-06-19 23:31 - 2012-06-19 23:31 - 00000000 ____D C:\Intel
2012-06-19 23:27 - 2012-06-19 23:27 - 00000000 ____D C:\NVIDIA
2012-06-19 23:24 - 2012-06-19 23:53 - 00000000 ____D C:\Recovery
2012-06-19 23:24 - 2012-06-19 23:24 - 00171136 _RASH C:\w7ldr
 
============ 3 Months Modified Files and Folders =============
2012-06-22 22:47 - 2012-06-22 22:47 - 00000000 ____D C:\FRST
2012-06-22 20:36 - 2012-06-20 22:29 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-22 20:35 - 2012-06-21 19:19 - 00000343 ____A C:\Windows\lgfwup.ini
2012-06-22 20:35 - 2012-06-21 19:18 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2012-06-22 20:35 - 2012-06-20 23:04 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\ASUS WebStorage
2012-06-22 20:35 - 2012-06-20 21:59 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-22 20:35 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-22 20:35 - 2009-07-13 20:51 - 00022467 ____A C:\Windows\setupact.log
2012-06-22 20:23 - 2012-06-22 20:13 - 00000910 ____A C:\Users\All Users\ddwnbaa.tmp
2012-06-22 20:23 - 2012-06-19 23:53 - 01122618 ____A C:\Windows\WindowsUpdate.log
2012-06-22 20:23 - 2009-07-13 20:45 - 00012752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-22 20:23 - 2009-07-13 20:45 - 00012752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-22 20:21 - 2012-06-22 20:10 - 00000906 ____A C:\Users\All Users\cdwnbaa.tmp
2012-06-22 19:38 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-22 19:37 - 2012-06-20 00:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-22 19:34 - 2012-06-22 19:34 - 01424539 ____A C:\Users\Skilz\Downloads\FRST64.exe
2012-06-22 19:30 - 2012-06-20 00:25 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-901204113-2561923739-3919432305-1000UA.job
2012-06-22 19:11 - 2012-06-22 19:11 - 00000000 ____D C:\Users\Skilz\Desktop\tdsskiller
2012-06-22 19:06 - 2012-06-22 19:06 - 02109806 ____A C:\Users\Skilz\Desktop\tdsskiller.zip
2012-06-22 18:52 - 2012-06-22 18:52 - 00002212 ____A C:\Users\Skilz\Desktop\aswMBR.txt
2012-06-22 18:52 - 2012-06-22 16:32 - 00000512 ____A C:\Users\Skilz\Desktop\MBR.dat
2012-06-22 18:46 - 2012-06-22 18:46 - 00000000 ____D C:\Users\Skilz\Desktop\bootkit_remover
2012-06-22 18:46 - 2012-06-22 18:45 - 00044607 ____A C:\Users\Skilz\Desktop\bootkit_remover.zip
2012-06-22 18:21 - 2012-06-22 18:21 - 00002498 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-06-22 18:21 - 2012-06-22 18:21 - 00000674 ____A C:\Users\All Users\trptcaa.tmp
2012-06-22 18:21 - 2012-06-22 15:40 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2012-06-22 18:20 - 2012-06-22 15:40 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-06-22 18:20 - 2012-06-22 15:40 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-06-22 18:20 - 2012-06-22 15:40 - 00000000 ____D C:\Program Files\Symantec
2012-06-22 18:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-22 17:44 - 2012-06-22 17:44 - 06917289 ____A C:\Users\Skilz\Downloads\ABP1.2.rmskin
2012-06-22 17:44 - 2012-06-22 17:35 - 00000000 ____D C:\Program Files\Rainmeter
2012-06-22 17:41 - 2012-06-22 17:41 - 00000000 ____D C:\Users\Skilz\Documents\Rainmeter
2012-06-22 17:41 - 2012-06-22 17:41 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Rainmeter
2012-06-22 17:39 - 2012-06-22 17:39 - 00000000 ____D C:\_OTL
2012-06-22 17:36 - 2012-06-22 15:47 - 00199514 ____A C:\Users\Skilz\Desktop\OTL.Txt
2012-06-22 17:27 - 2012-06-22 17:27 - 01392000 ____A C:\Users\Skilz\Downloads\Rainmeter-2.2.exe
2012-06-22 17:25 - 2012-06-22 17:25 - 00031265 ____A C:\ComboFix.txt
2012-06-22 17:25 - 2012-06-22 17:18 - 00000000 ____D C:\ComboFix
2012-06-22 17:25 - 2012-06-22 16:48 - 00000000 ____D C:\Qoobox
2012-06-22 17:24 - 2012-06-20 18:37 - 00024346 ____A C:\Windows\PFRO.log
2012-06-22 17:24 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-06-22 17:14 - 2012-06-22 17:14 - 00001300 ____A C:\rkill.log
2012-06-22 17:14 - 2012-06-22 17:13 - 00000000 ____D C:\Users\Skilz\AppData\Local\CrashDumps
2012-06-22 17:12 - 2012-06-22 17:12 - 01012656 ____A C:\Users\Skilz\Desktop\rkill.com
2012-06-22 17:07 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-06-22 17:06 - 2012-06-22 16:48 - 00000000 ____D C:\Windows\erdnt
2012-06-22 16:29 - 2012-06-22 16:29 - 04565264 ____R (Swearware) C:\Users\Skilz\Desktop\ComboFix.exe
2012-06-22 16:28 - 2012-06-22 16:28 - 04731392 ____A (AVAST Software) C:\Users\Skilz\Desktop\aswMBR.exe
2012-06-22 16:27 - 2012-06-22 16:27 - 02128472 ____A (Kaspersky Lab ZAO) C:\Users\Skilz\Desktop\tdsskiller.exe
2012-06-22 16:20 - 2012-06-22 16:20 - 00607260 ____R (Swearware) C:\Users\Skilz\Desktop\dds.scr
2012-06-22 16:02 - 2012-06-22 16:02 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-22 16:02 - 2012-06-22 16:02 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Malwarebytes
2012-06-22 16:02 - 2012-06-22 16:02 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-22 16:02 - 2012-06-22 16:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-22 15:58 - 2012-06-22 15:58 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2012-06-22 15:57 - 2012-06-22 15:57 - 14662576 ____A (Foxit Corporation ) C:\Users\Skilz\Desktop\FoxitReader531.0606_enu_Setup.exe
2012-06-22 15:47 - 2012-06-22 15:47 - 00058852 ____A C:\Users\Skilz\Desktop\Extras.Txt
2012-06-22 15:44 - 2012-06-22 15:43 - 00596480 ____A (OldTimer Tools) C:\Users\Skilz\Desktop\OTL.exe
2012-06-22 15:40 - 2012-06-22 15:40 - 00000000 ____D C:\Users\Public\Symantec
2012-06-22 15:40 - 2012-06-22 15:40 - 00000000 ____D C:\Users\All Users\Norton
2012-06-22 15:40 - 2012-06-22 15:40 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-06-22 15:40 - 2012-06-22 15:40 - 00000000 ____D C:\Program Files (x86)\SymSilent
2012-06-22 15:40 - 2012-06-22 15:40 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2012-06-22 15:38 - 2012-06-19 23:55 - 00000010 ____A C:\Windows\GSetup.ini
2012-06-22 15:30 - 2012-06-20 22:52 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Spotify
2012-06-22 15:07 - 2012-06-20 22:54 - 00000000 ____D C:\Users\Skilz\AppData\Local\Spotify
2012-06-22 15:07 - 2009-07-13 20:45 - 04828904 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-22 15:06 - 2012-06-21 21:27 - 00000000 ____D C:\Users\Skilz\AppData\Local\Adobe
2012-06-22 15:04 - 2012-06-21 20:07 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\BitComet
2012-06-22 13:37 - 2012-06-22 13:37 - 00000000 ____D C:\Windows\Sun
2012-06-22 13:37 - 2012-06-20 00:05 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Adobe
2012-06-22 13:25 - 2012-06-22 13:25 - 00000724 ____A C:\Users\Public\Desktop\PowerISO.lnk
2012-06-22 13:22 - 2012-06-22 13:19 - 00000000 ____D C:\CPU Monitor
2012-06-22 13:14 - 2012-06-22 13:14 - 00000000 ____D C:\Program Files (x86)\Vertus Fluid Mask 3
2012-06-22 13:13 - 2012-06-20 00:08 - 00000348 ____A C:\Windows\SysWOW64\aibkdhj.tgz
2012-06-22 13:13 - 2012-06-20 00:08 - 00000114 ____A C:\Windows\SysWOW64\prsgrc.tgz
2012-06-22 13:13 - 2012-06-20 00:08 - 00000086 ____A C:\Windows\SysWOW64\ssprs.tgz
2012-06-22 13:11 - 2012-06-22 13:11 - 00001024 ____A C:\Windows\SysWOW64\obfci80.tgz
2012-06-22 13:11 - 2012-06-22 13:11 - 00000000 ____D C:\Users\All Users\VertusTech
2012-06-22 13:11 - 2012-06-20 00:08 - 00001024 ____A C:\Windows\SysWOW64\obfci80.dll
2012-06-22 13:11 - 2012-06-20 00:08 - 00001024 ____A C:\Windows\SysWOW64\grcauth2.dll
2012-06-22 13:11 - 2012-06-20 00:08 - 00001024 ____A C:\Windows\SysWOW64\grcauth1.dll
2012-06-22 13:11 - 2012-06-20 00:08 - 00001024 ____A C:\Windows\SysWOW64\clauth2.dll
2012-06-22 13:11 - 2012-06-20 00:08 - 00001024 ____A C:\Windows\SysWOW64\clauth1.dll
2012-06-22 13:06 - 2012-06-22 13:06 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\WinRAR
2012-06-22 13:06 - 2012-06-22 13:05 - 00000000 ____D C:\Program Files (x86)\WinRAR
2012-06-22 13:05 - 2012-06-20 00:05 - 00000000 ____D C:\Users\Skilz\AppData\Local\WinZip
2012-06-22 13:00 - 2012-06-20 00:25 - 00058520 ____A C:\Users\Skilz\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-22 12:57 - 2012-06-22 12:57 - 00000000 ____D C:\Users\All Users\GlobalSCAPE
2012-06-22 12:56 - 2012-06-22 12:56 - 00000000 ____D C:\Program Files (x86)\GlobalSCAPE
2012-06-22 12:56 - 2012-06-19 23:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-22 00:30 - 2012-06-20 00:25 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-901204113-2561923739-3919432305-1000Core.job
2012-06-21 21:33 - 2012-06-20 00:04 - 00000000 ____D C:\Users\All Users\Adobe
2012-06-21 21:32 - 2012-06-21 21:32 - 00000000 ____D C:\Users\All Users\ALM
2012-06-21 21:32 - 2012-06-21 21:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-06-21 21:32 - 2012-06-21 21:31 - 00000000 ____D C:\Program Files\Adobe
2012-06-21 21:32 - 2012-06-20 00:04 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-06-21 21:30 - 2012-06-21 21:30 - 00000000 ____D C:\Program Files (x86)\Adobe Media Player
2012-06-21 21:29 - 2012-06-21 21:29 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-06-21 21:29 - 2012-06-21 21:29 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-06-21 21:05 - 2012-06-21 21:05 - 00000000 ____D C:\Users\Skilz\AppData\Local\Skyrim
2012-06-21 21:04 - 2012-06-21 21:04 - 00000000 ____D C:\Users\Skilz\Documents\My Games
2012-06-21 21:04 - 2012-06-20 00:20 - 00062548 ____A C:\Windows\DirectX.log
2012-06-21 20:58 - 2012-06-21 20:56 - 00000000 ____D C:\Users\Skilz\Documents\BioWare
2012-06-21 20:56 - 2012-06-21 20:56 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\NVIDIA
2012-06-21 20:56 - 2012-06-21 20:56 - 00000000 ____D C:\Users\All Users\EA Core
2012-06-21 20:56 - 2012-06-20 22:30 - 00000000 ____D C:\Users\All Users\Origin
2012-06-21 20:56 - 2012-06-20 22:30 - 00000000 ____D C:\Users\All Users\Electronic Arts
2012-06-21 20:25 - 2012-06-20 22:58 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-06-21 20:22 - 2012-06-21 20:22 - 00000000 ____D C:\Program Files\BitComet
2012-06-21 20:11 - 2012-06-20 00:31 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Opera
2012-06-21 20:07 - 2012-06-20 00:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-21 19:56 - 2012-06-21 19:56 - 00000000 ____D C:\Users\Skilz\AppData\Local\Power2Go
2012-06-21 19:33 - 2012-06-21 19:33 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-06-21 19:20 - 2012-06-21 19:18 - 00016384 ____A (BitLeader) C:\Windows\SysWOW64\lgfwunis.exe
2012-06-21 19:19 - 2012-06-21 19:19 - 00001196 ____A C:\Users\UpdatusUser\Desktop\LG Power Tools.lnk
2012-06-21 19:19 - 2012-06-21 19:19 - 00001196 ____A C:\Users\Default\Desktop\LG Power Tools.lnk
2012-06-21 19:19 - 2012-06-21 19:19 - 00001196 ____A C:\Users\Default User\Desktop\LG Power Tools.lnk
2012-06-21 19:19 - 2012-06-21 19:16 - 00000000 ____D C:\Program Files (x86)\CyberLink
2012-06-21 19:18 - 2012-06-21 19:18 - 00002096 ____A C:\Users\UpdatusUser\Desktop\LG Burning Tool.lnk
2012-06-21 19:18 - 2012-06-21 19:18 - 00002096 ____A C:\Users\Default\Desktop\LG Burning Tool.lnk
2012-06-21 19:18 - 2012-06-21 19:18 - 00002096 ____A C:\Users\Default User\Desktop\LG Burning Tool.lnk
2012-06-21 19:18 - 2012-06-21 19:18 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\CyberLink
2012-06-21 19:18 - 2012-06-21 19:16 - 00000000 ____D C:\Users\All Users\CyberLink
2012-06-21 19:15 - 2012-06-20 23:06 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Apple Computer
2012-06-20 23:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-20 23:17 - 2012-06-20 23:17 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-20 23:17 - 2012-06-20 23:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-20 23:12 - 2012-06-20 22:58 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-06-20 23:11 - 2012-06-20 23:11 - 00000000 ____D C:\aws
2012-06-20 23:11 - 2012-06-20 23:11 - 00000000 ____D C:\Asus WebStorage
2012-06-20 23:06 - 2012-06-20 23:06 - 00000000 ____D C:\Users\Skilz\AppData\Local\Apple Computer
2012-06-20 23:06 - 2012-06-20 23:06 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-06-20 23:06 - 2012-06-20 23:06 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-20 23:06 - 2012-06-20 23:06 - 00000000 ____D C:\Program Files\iTunes
2012-06-20 23:06 - 2012-06-20 23:06 - 00000000 ____D C:\Program Files\iPod
2012-06-20 23:06 - 2012-06-20 23:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-06-20 23:06 - 2012-06-20 23:06 - 00000000 ____D C:\Program Files (x86)\Git
2012-06-20 23:05 - 2012-06-20 23:05 - 00000000 ____D C:\Users\Skilz\AppData\Local\Apple
2012-06-20 23:05 - 2012-06-20 23:05 - 00000000 ____D C:\Users\All Users\Apple
2012-06-20 23:05 - 2012-06-20 23:05 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-06-20 23:05 - 2012-06-20 23:05 - 00000000 ____D C:\Program Files\Bonjour
2012-06-20 23:05 - 2012-06-20 23:05 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-06-20 23:05 - 2012-06-20 23:05 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-06-20 23:04 - 2012-06-20 23:04 - 00000000 ____D C:\Users\All Users\ASUS WebStorage
2012-06-20 23:04 - 2012-06-20 23:04 - 00000000 ____D C:\Program Files (x86)\ASUS
2012-06-20 22:58 - 2012-06-20 22:57 - 00000000 ____D C:\Users\All Users\Battle.net
2012-06-20 22:38 - 2012-06-20 22:37 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Notepad++
2012-06-20 22:37 - 2012-06-20 22:37 - 00000000 ____D C:\Program Files (x86)\Notepad++
2012-06-20 22:32 - 2012-06-20 22:31 - 00000000 ____D C:\Program Files (x86)\Origin Games
2012-06-20 22:31 - 2012-06-20 22:31 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Origin
2012-06-20 22:31 - 2012-06-20 22:31 - 00000000 ____D C:\Users\Skilz\AppData\Local\Origin
2012-06-20 22:31 - 2012-06-20 22:30 - 00001044 ____A C:\Windows\KB893803v2.log
2012-06-20 22:31 - 2012-06-20 22:30 - 00000000 ____D C:\Program Files (x86)\Origin
2012-06-20 22:26 - 2012-06-20 22:26 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\GlobalSCAPE
2012-06-20 22:26 - 2012-06-20 22:26 - 00000000 ____D C:\Users\Skilz\AppData\Local\GlobalSCAPE
2012-06-20 22:00 - 2012-06-20 22:00 - 00000000 ____D C:\Users\All Users\Sun
2012-06-20 22:00 - 2012-06-20 22:00 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-20 21:59 - 2012-06-20 21:59 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-20 21:59 - 2012-06-20 21:59 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-20 21:59 - 2012-06-20 21:59 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-06-20 21:59 - 2012-06-20 21:59 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-06-20 21:59 - 2012-06-20 21:59 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-06-20 21:59 - 2012-06-20 21:59 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-20 21:59 - 2012-06-20 21:58 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-06-20 21:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2012-06-20 21:52 - 2012-06-19 23:36 - 00000836 ____A C:\lucid.log
2012-06-20 18:22 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-06-20 18:22 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-06-20 18:22 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2012-06-20 18:22 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2012-06-20 18:22 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2012-06-20 18:22 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2012-06-20 18:22 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-06-20 18:22 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-06-20 18:22 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-06-20 18:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2012-06-20 18:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2012-06-20 18:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2012-06-20 18:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2012-06-20 18:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2012-06-20 18:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2012-06-20 18:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-06-20 18:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sppui
2012-06-20 18:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2012-06-20 18:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2012-06-20 18:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2012-06-20 18:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\manifeststore
2012-06-20 18:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2012-06-20 18:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2012-06-20 18:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2012-06-20 18:22 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-06-20 18:21 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-06-20 18:21 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-06-20 18:07 - 2012-06-20 18:07 - 00000000 ____D C:\Windows\System32\SPReview
2012-06-20 18:07 - 2012-06-20 18:07 - 00000000 ____D C:\Windows\System32\EventProviders
2012-06-20 16:56 - 2012-06-20 00:38 - 00030528 ____A C:\Windows\GVTDrv64.sys
2012-06-20 16:56 - 2012-06-20 00:38 - 00000004 ____A C:\Windows\SysWOW64\GVTunner.ref
2012-06-20 00:53 - 2012-06-20 00:53 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf
2012-06-20 00:53 - 2012-06-20 00:53 - 00000000 ____D C:\Windows\PCHEALTH
2012-06-20 00:53 - 2012-06-20 00:53 - 00000000 ____D C:\Program Files\Microsoft IntelliPoint
2012-06-20 00:53 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-06-20 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-06-20 00:48 - 2012-06-20 00:48 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-06-20 00:48 - 2012-06-20 00:48 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-06-20 00:48 - 2012-06-20 00:48 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-20 00:48 - 2012-06-20 00:48 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-20 00:48 - 2012-06-20 00:48 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-20 00:48 - 2012-06-20 00:48 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-20 00:48 - 2012-06-20 00:48 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-20 00:48 - 2012-06-20 00:48 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-06-20 00:48 - 2012-06-20 00:48 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-20 00:48 - 2012-06-20 00:48 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-06-20 00:48 - 2012-06-20 00:48 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-06-20 00:48 - 2012-06-20 00:48 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-06-20 00:48 - 2012-06-20 00:48 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-06-20 00:48 - 2012-06-20 00:48 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-20 00:48 - 2012-06-20 00:48 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-06-20 00:48 - 2012-06-20 00:48 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-06-20 00:48 - 2012-06-20 00:48 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-06-20 00:48 - 2012-06-20 00:48 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-06-20 00:48 - 2012-06-20 00:48 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-06-20 00:48 - 2012-06-20 00:48 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-06-20 00:48 - 2012-06-20 00:48 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-06-20 00:48 - 2012-06-20 00:48 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-06-20 00:48 - 2012-06-20 00:48 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-06-20 00:48 - 2012-06-20 00:48 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-06-20 00:48 - 2012-06-20 00:48 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-06-20 00:48 - 2012-06-20 00:48 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-06-20 00:48 - 2012-06-20 00:48 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-20 00:48 - 2012-06-20 00:48 - 00003900 ____A C:\Windows\IE9_main.log
2012-06-20 00:46 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-06-20 00:46 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-06-20 00:46 - 2007-01-07 02:15 - 00008192 _RASH C:\BOOTSECT.BAK
2012-06-20 00:38 - 2012-06-20 00:38 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Intel Corporation
2012-06-20 00:38 - 2012-06-19 23:56 - 00000000 ____D C:\Users\All Users\Intel
2012-06-20 00:34 - 2012-06-20 00:34 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-20 00:34 - 2012-06-20 00:34 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-20 00:33 - 2012-06-20 00:33 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2012-06-20 00:31 - 2012-06-20 00:31 - 00000000 ____D C:\Users\Skilz\AppData\Local\Opera
2012-06-20 00:31 - 2012-06-20 00:31 - 00000000 ____D C:\Program Files (x86)\Opera
2012-06-20 00:26 - 2012-06-20 00:26 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Macromedia
2012-06-20 00:25 - 2012-06-20 00:25 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-06-20 00:25 - 2012-06-20 00:25 - 00000000 ____D C:\Users\Skilz\AppData\Local\Google
2012-06-20 00:25 - 2012-06-20 00:25 - 00000000 ____D C:\Users\Skilz\AppData\Local\Deployment
2012-06-20 00:25 - 2012-06-20 00:25 - 00000000 ____D C:\Users\Skilz\AppData\Local\Apps\2.0
2012-06-20 00:25 - 2012-06-20 00:20 - 00000000 ____D C:\Program Files (x86)\EVGA Precision X
2012-06-20 00:07 - 2012-06-20 00:07 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Mozilla
2012-06-20 00:07 - 2012-06-20 00:07 - 00000000 ____D C:\Users\Skilz\AppData\Local\Mozilla
2012-06-20 00:07 - 2012-06-20 00:07 - 00000000 ____A C:\Windows\nsreg.dat
2012-06-20 00:07 - 2012-06-20 00:06 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Splashtop Remote Client
2012-06-20 00:06 - 2012-06-20 00:06 - 00000000 ____D C:\Users\Skilz\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1}
2012-06-20 00:06 - 2012-06-20 00:06 - 00000000 ____D C:\Users\All Users\Downloaded Installations
2012-06-20 00:06 - 2012-06-19 23:56 - 00000000 ____D C:\Program Files (x86)\Splashtop
2012-06-20 00:05 - 2012-06-20 00:05 - 00000000 ____D C:\Users\Skilz\Lucidlogix
2012-06-20 00:05 - 2012-06-20 00:05 - 00000000 ____D C:\Users\All Users\WinZip
2012-06-20 00:05 - 2012-06-20 00:05 - 00000000 ____D C:\Program Files\Lucidlogix Technologies
2012-06-20 00:05 - 2012-06-20 00:05 - 00000000 ____D C:\Program Files (x86)\WinZip
2012-06-20 00:05 - 2012-06-19 23:53 - 00000000 ____D C:\users\Skilz
2012-06-20 00:04 - 2012-06-20 00:04 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_VirtDiskBus64_01009.Wdf
2012-06-20 00:04 - 2012-06-20 00:04 - 00000000 ____D C:\Program Files (x86)\My Company Name
2012-06-20 00:04 - 2012-06-20 00:04 - 00000000 ____D C:\Program Files (x86)\Atheros ASAV
2012-06-20 00:04 - 2012-06-19 23:59 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
2012-06-20 00:01 - 2012-06-20 00:01 - 00000000 ____D C:\Users\Skilz\AppData\Local\Evernote
2012-06-20 00:01 - 2012-06-20 00:01 - 00000000 ____D C:\Program Files (x86)\Evernote
2012-06-20 00:00 - 2012-06-19 23:59 - 00000156 ____A C:\csb.log
2012-06-19 23:59 - 2012-06-19 23:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2012-06-19 23:59 - 2012-06-19 23:59 - 00000000 ____D C:\Program Files\GIGABYTE
2012-06-19 23:59 - 2012-06-19 23:59 - 00000000 ____D C:\Program Files (x86)\AMD
2012-06-19 23:59 - 2012-06-19 23:56 - 00000000 ____D C:\Users\All Users\Splashtop
2012-06-19 23:59 - 2012-06-19 23:56 - 00000000 ____D C:\Program Files (x86)\Intel
2012-06-19 23:59 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2012-06-19 23:58 - 2012-06-19 23:58 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2012-06-19 23:58 - 2012-06-19 23:58 - 00000000 ____D C:\Program Files (x86)\VIA
2012-06-19 23:57 - 2012-06-19 23:57 - 00000000 ____D C:\Program Files\Common Files\Intel
2012-06-19 23:57 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2012-06-19 23:56 - 2012-06-19 23:56 - 00000000 ___HD C:\Users\All Users\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2012-06-19 23:56 - 2012-06-19 23:56 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\Splashtop
2012-06-19 23:56 - 2012-06-19 23:56 - 00000000 ____D C:\Users\Skilz\AppData\Roaming\InstallShield
2012-06-19 23:56 - 2012-06-19 23:56 - 00000000 ____D C:\Program Files\Intel
2012-06-19 23:54 - 2012-06-19 23:54 - 00000000 ____D C:\Windows\pss
2012-06-19 23:53 - 2012-06-20 00:47 - 00000000 ____D C:\Windows\Panther
2012-06-19 23:53 - 2012-06-19 23:53 - 00000020 ___SH C:\Users\Skilz\ntuser.ini
2012-06-19 23:53 - 2012-06-19 23:53 - 00000000 ____D C:\Users\Skilz\AppData\Local\VirtualStore
2012-06-19 23:53 - 2012-06-19 23:24 - 00000000 ____D C:\Recovery
2012-06-19 23:48 - 2012-06-19 23:48 - 00001313 ____A C:\Windows\TSSysprep.log
2012-06-19 23:48 - 2009-07-13 21:01 - 00041962 ____A C:\Windows\SysWOW64\license.rtf
2012-06-19 23:48 - 2009-07-13 21:01 - 00041962 ____A C:\Windows\System32\license.rtf
2012-06-19 23:48 - 2009-07-13 20:46 - 00001774 ____A C:\Windows\DtcInstall.log
2012-06-19 23:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2012-06-19 23:31 - 2012-06-19 23:31 - 00000000 ____D C:\Intel
2012-06-19 23:27 - 2012-06-19 23:27 - 00000000 ____D C:\NVIDIA
2012-06-19 23:24 - 2012-06-19 23:24 - 00171136 _RASH C:\w7ldr
2012-06-03 22:28 - 2012-06-20 00:18 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 14:19 - 2012-06-21 19:15 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 19:15 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 19:15 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-21 19:15 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 19:15 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 19:15 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 19:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 19:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-21 19:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-15 02:48 - 2012-06-20 21:59 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-06-20 21:59 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 00333120 ____A (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 00282432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-05-15 02:48 - 2012-06-20 21:59 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 01:29 - 2012-06-20 21:59 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2012-06-20 21:59 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
2012-05-15 01:29 - 2012-06-20 21:59 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2012-06-20 21:59 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2012-06-20 21:59 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:28 - 2012-06-20 21:59 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-15 01:21 - 2012-05-15 01:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-14 17:32 - 2012-06-20 00:08 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-04 18:29 - 2012-06-20 21:59 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-04 18:29 - 2012-06-20 21:59 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-04 18:29 - 2012-06-20 21:59 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-04 03:06 - 2012-06-20 00:08 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-06-21 19:31 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-20 00:08 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-20 00:08 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-06-21 19:31 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-04-30 21:40 - 2012-06-20 00:09 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-20 00:08 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-20 00:09 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-20 00:09 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-20 00:09 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 11:11 - 2012-04-25 11:11 - 04547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-04-25 11:11 - 2012-04-25 11:11 - 00052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2012-04-23 21:37 - 2012-06-20 00:08 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-20 00:08 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-20 00:08 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-20 00:08 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-20 00:08 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-20 00:08 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-18 09:08 - 2012-06-20 21:59 - 01451840 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2012-04-18 09:08 - 2012-06-20 21:59 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-04-18 09:08 - 2012-06-20 21:59 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-04-07 04:31 - 2012-06-20 00:08 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-20 00:08 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-04 14:56 - 2012-06-22 16:02 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 03:35 - 2012-06-20 00:07 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll
[2012-06-20 18:02] - [2010-11-20 04:08] - 0857600 ____A (Microsoft Corporation) BA6EE9B4E38B720A537A3EF48BD5903B
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 6%
Total physical RAM: 16344.73 MB
Available physical RAM: 15219.75 MB
Total Pagefile: 16342.88 MB
Available Pagefile: 15232.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (SYSTEM) (Fixed) (Total:237.47 GB) (Free:127.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:70.94 GB) (Free:51.41 GB) NTFS
3 Drive e: (Storage Disk) (Fixed) (Total:860.57 GB) (Free:577.4 GB) NTFS
4 Drive f: (SYSTEM FILES) (Fixed) (Total:1 GB) (Free:0.09 GB) NTFS
6 Drive h: () (Removable) (Total:6.88 GB) (Free:2.48 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 238 GB 0 B
Disk 1 Online 931 GB 0 B
Disk 2 Online 7580 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1024 MB 1024 KB
Partition 2 Primary 237 GB 1025 MB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F SYSTEM FILE NTFS Partition 1024 MB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C SYSTEM NTFS Partition 237 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 70 GB 31 KB
Partition 0 Extended 860 GB 70 GB
Partition 2 Logical 860 GB 70 GB
======================================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 70 GB Healthy
======================================================================================================
Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E Storage Dis NTFS Partition 860 GB Healthy
======================================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7061 MB 512 B
Partition 0 Primary 488 MB 7061 MB
Partition 0 Primary 30 MB 7549 MB
======================================================================================================
Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 7061 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-06-20 23:48
======================= End Of Log ==========================
 
Start the computer normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-06-23.05 - Skilz 06/23/2012 12:48:29.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16345.14325 [GMT -7:00]
Running from: c:\users\Skilz\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\cdwnbaa.tmp
c:\programdata\ddwnbaa.tmp
c:\programdata\thcscaa.tmp
c:\programdata\trptcaa.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 19:52 . 2012-06-23 19:52--------d-----w-c:\users\Default\AppData\Local\temp
2012-06-23 06:47 . 2012-06-23 06:47--------d-----w-C:\FRST
2012-06-23 06:37 . 2012-06-23 06:37--------d-----w-c:\windows\system32\Macromed
2012-06-23 01:39 . 2012-06-23 01:39--------d-----w-C:\_OTL
2012-06-23 01:35 . 2012-06-23 01:44--------d-----w-c:\program files\Rainmeter
2012-06-23 00:02 . 2012-06-23 00:02--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-23 00:02 . 2012-06-23 00:02--------d-----w-c:\programdata\Malwarebytes
2012-06-23 00:02 . 2012-04-04 22:5624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-06-22 23:58 . 2012-06-22 23:58--------d-----w-c:\program files (x86)\Foxit Software
2012-06-22 23:40 . 2012-06-22 23:40--------d-----w-c:\program files (x86)\Common Files\Symantec Shared
2012-06-22 23:40 . 2012-06-23 02:20175736----a-w-c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-22 23:40 . 2012-06-23 02:20--------d-----w-c:\program files\Symantec
2012-06-22 23:40 . 2012-06-22 23:40--------d-----w-c:\users\Public\Symantec
2012-06-22 23:40 . 2012-06-22 23:40--------d-----w-c:\program files\Common Files\Symantec Shared
2012-06-22 23:40 . 2012-06-22 23:40--------d-----w-c:\program files (x86)\SymSilent
2012-06-22 23:40 . 2012-06-23 02:21--------d-----w-c:\windows\system32\drivers\NISx64
2012-06-22 23:40 . 2012-06-22 23:40--------d-----w-c:\programdata\Norton
2012-06-22 23:40 . 2012-06-22 23:40--------d-----w-c:\program files (x86)\Norton Internet Security
2012-06-22 23:40 . 2012-06-22 23:40--------d-----w-c:\program files (x86)\NortonInstaller
2012-06-22 21:41 . 2012-06-18 10:129013136----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4FCF840-2E30-48EE-9EF4-550C0C991BFF}\mpengine.dll
2012-06-22 21:37 . 2012-06-22 21:37--------d-----w-c:\windows\Sun
2012-06-22 21:25 . 2009-07-27 02:5490544----a-w-c:\windows\system32\drivers\scdemu.sys
2012-06-22 21:19 . 2012-06-22 21:19--------d-----w-c:\windows\system32\wbem\Framework
2012-06-22 21:19 . 2012-06-22 21:22--------d-----w-C:\CPU Monitor
2012-06-22 21:14 . 2012-06-22 21:14--------d-----w-c:\program files (x86)\Vertus Fluid Mask 3
2012-06-22 21:11 . 2012-06-22 21:11--------d-----w-c:\programdata\VertusTech
2012-06-22 20:57 . 2012-06-22 20:57--------d-----w-c:\programdata\GlobalSCAPE
2012-06-22 20:56 . 2012-06-22 20:56--------d-----w-c:\program files (x86)\GlobalSCAPE
2012-06-22 05:32 . 2012-06-22 05:32--------d-----w-c:\programdata\ALM
2012-06-22 05:31 . 2012-06-22 05:32--------d-----w-c:\program files\Common Files\Adobe
2012-06-22 05:30 . 2012-06-22 05:30--------d-----w-c:\program files (x86)\Adobe Media Player
2012-06-22 05:29 . 2012-06-22 05:29--------d-----w-c:\program files (x86)\Common Files\Adobe AIR
2012-06-22 04:56 . 2012-06-22 04:56--------d-----w-c:\programdata\EA Core
2012-06-22 04:55 . 2012-06-22 05:24--------d-----w-c:\programdata\EA Logs
2012-06-22 04:22 . 2012-06-22 04:22--------d-----w-c:\program files\BitComet
2012-06-22 04:17 . 2012-06-22 04:17--------d-----w-C:\Downloads
2012-06-22 03:31 . 2012-05-04 11:00366592----a-w-c:\windows\system32\qdvd.dll
2012-06-22 03:31 . 2012-05-04 09:59514560----a-w-c:\windows\SysWow64\qdvd.dll
2012-06-22 03:19 . 2012-06-22 03:20--------d-----w-C:\Temp
2012-06-22 03:18 . 2012-06-22 03:2016384----a-w-c:\windows\SysWow64\lgfwunis.exe
2012-06-22 03:18 . 2001-08-30 04:0059904----a-w-c:\windows\SysWow64\wbemdisp.tlb
2012-06-22 03:18 . 1998-07-22 07:00102912----a-w-c:\windows\SysWow64\Vb6stkit.dll
2012-06-22 03:18 . 1998-07-22 07:00102160----a-w-c:\windows\SysWow64\VB6KO.DLL
2012-06-22 03:18 . 1998-06-24 07:00115016----a-w-c:\windows\SysWow64\MSINET.OCX
2012-06-22 03:18 . 2012-06-23 19:52--------d-----w-c:\program files (x86)\lg_fwupdate
2012-06-22 03:16 . 2012-06-22 03:19--------d-----w-c:\program files (x86)\CyberLink
2012-06-22 03:16 . 2012-06-22 03:18--------d-----w-c:\programdata\CyberLink
2012-06-22 03:15 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-22 03:15 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-06-22 03:15 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-06-22 03:15 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-06-22 03:15 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
2012-06-22 03:15 . 2012-06-02 22:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-22 03:15 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
2012-06-22 03:15 . 2012-06-02 22:1536864----a-w-c:\windows\system32\wuapp.exe
2012-06-22 03:15 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
2012-06-21 07:17 . 2012-06-21 07:17--------d-----w-c:\program files (x86)\Mozilla Maintenance Service
2012-06-21 07:11 . 2012-06-21 07:11--------d-----w-C:\aws
2012-06-21 07:11 . 2012-06-21 07:11--------d-----w-C:\Asus WebStorage
2012-06-21 07:06 . 2012-06-21 07:06--------d-----w-c:\program files (x86)\Git
2012-06-21 07:06 . 2012-06-21 07:06--------dc----w-c:\windows\system32\DRVSTORE
2012-06-21 07:05 . 2012-06-21 07:05--------d-----w-c:\programdata\Apple
2012-06-21 07:04 . 2012-06-21 07:04--------d-----w-c:\programdata\ASUS WebStorage
2012-06-21 07:04 . 2012-06-21 07:04--------d-----w-c:\program files (x86)\ASUS
2012-06-21 06:58 . 2012-06-22 04:25--------d-----w-c:\program files (x86)\Diablo III
2012-06-21 06:58 . 2012-06-21 07:12--------d-----w-c:\programdata\Blizzard Entertainment
2012-06-21 06:58 . 2012-06-21 07:12--------d-----w-c:\program files (x86)\Common Files\Blizzard Entertainment
2012-06-21 06:57 . 2012-06-21 06:58--------d-----w-c:\programdata\Battle.net
2012-06-21 06:51 . 2012-06-21 06:51--------d--h--w-c:\program files (x86)\Common Files\EAInstaller
2012-06-21 06:37 . 2012-06-21 06:37--------d-----w-c:\program files (x86)\Notepad++
2012-06-21 06:31 . 2012-06-21 06:32--------d-----w-c:\program files (x86)\Origin Games
2012-06-21 06:30 . 2012-06-22 04:56--------d-----w-c:\programdata\Electronic Arts
2012-06-21 06:30 . 2012-06-22 04:56--------d-----w-c:\programdata\Origin
2012-06-21 06:30 . 2012-06-21 06:31--------d-----w-c:\program files (x86)\Origin
2012-06-21 06:29 . 2012-06-23 19:52--------d-----w-c:\program files (x86)\Steam
2012-06-21 06:29 . 2012-06-21 06:29--------d-----w-c:\program files (x86)\Common Files\Steam
2012-06-21 06:00 . 2012-06-21 06:00--------d-----w-c:\program files (x86)\Common Files\Java
2012-06-21 06:00 . 2012-06-21 06:00--------d-----w-c:\program files (x86)\Oracle
2012-06-21 02:07 . 2012-06-21 02:07--------d-----w-c:\windows\system32\SPReview
2012-06-21 02:07 . 2012-06-21 02:07--------d-----w-c:\windows\system32\EventProviders
2012-06-21 02:02 . 2010-11-20 13:33273792----a-w-c:\windows\system32\drivers\msiscsi.sys
2012-06-21 01:56 . 2011-03-25 03:29343040----a-w-c:\windows\system32\drivers\usbhub.sys
2012-06-20 08:53 . 2012-06-20 08:53--------d-----w-c:\program files\Microsoft IntelliPoint
2012-06-20 08:53 . 2012-06-20 08:53--------d-----w-c:\windows\PCHEALTH
2012-06-20 08:52 . 2011-02-19 12:051139200----a-w-c:\windows\system32\FntCache.dll
2012-06-20 08:52 . 2011-02-19 12:04902656----a-w-c:\windows\system32\d2d1.dll
2012-06-20 08:52 . 2011-02-19 06:30739840----a-w-c:\windows\SysWow64\d2d1.dll
2012-06-20 08:51 . 2012-06-20 08:51--------d-----w-c:\program files (x86)\Microsoft.NET
2012-06-20 08:47 . 2012-06-20 07:53--------d-----w-c:\windows\Panther
2012-06-20 08:43 . 2012-06-20 08:43--------d-----w-c:\program files (x86)\Common Files\Intel Corporation
2012-06-20 08:38 . 2012-06-21 00:5630528----a-w-c:\windows\GVTDrv64.sys
2012-06-20 08:37 . 2012-06-20 08:37--------d-----w-c:\windows\SysWow64\Wat
2012-06-20 08:37 . 2012-06-20 08:37--------d-----w-c:\windows\system32\Wat
2012-06-20 08:34 . 2012-06-23 06:3770344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-20 08:34 . 2012-06-23 06:37426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-20 08:33 . 2012-06-20 08:33--------d-----w-c:\windows\SysWow64\Macromed
2012-06-20 08:31 . 2012-06-20 08:31--------d-----w-c:\program files (x86)\Opera
2012-06-20 08:11 . 2012-03-01 06:4623408----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-06-20 08:11 . 2012-03-01 06:38220672----a-w-c:\windows\system32\wintrust.dll
2012-06-20 08:11 . 2012-03-01 06:3381408----a-w-c:\windows\system32\imagehlp.dll
2012-06-20 08:11 . 2012-03-01 06:285120----a-w-c:\windows\system32\wmi.dll
2012-06-20 08:11 . 2012-03-01 05:37172544----a-w-c:\windows\SysWow64\wintrust.dll
2012-06-20 08:11 . 2012-03-01 05:33159232----a-w-c:\windows\SysWow64\imagehlp.dll
2012-06-20 08:11 . 2012-03-01 05:295120----a-w-c:\windows\SysWow64\wmi.dll
2012-06-20 08:09 . 2011-03-12 12:081465344----a-w-c:\windows\system32\XpsPrint.dll
2012-06-20 08:08 . 2012-05-04 11:065559664----a-w-c:\windows\system32\ntoskrnl.exe
2012-06-20 08:07 . 2011-05-24 11:42404480----a-w-c:\windows\system32\umpnpmgr.dll
2012-06-20 08:06 . 2012-06-20 08:06--------d-----w-c:\programdata\Downloaded Installations
2012-06-20 08:05 . 2012-06-20 08:05--------d-----w-c:\programdata\WinZip
2012-06-20 08:05 . 2012-01-13 01:3766336----a-w-c:\windows\system32\drivers\VirtuWDDM.sys
2012-06-20 08:05 . 2012-06-20 08:05--------d-----w-c:\program files\Lucidlogix Technologies
2012-06-20 08:05 . 2012-01-13 01:36475424----a-w-c:\windows\system32\appinit_dll.dll
2012-06-20 08:05 . 2012-01-13 01:35429856----a-w-c:\windows\SysWow64\appinit_dll.dll
2012-06-20 08:04 . 2012-06-20 08:04--------d-----w-c:\program files (x86)\Atheros ASAV
2012-06-20 08:04 . 2012-06-22 05:31--------d-----w-c:\program files (x86)\Common Files\Adobe
2012-06-20 08:04 . 2011-02-08 23:0266160----a-w-c:\windows\system32\drivers\VirtDiskBus64.sys
2012-06-20 08:04 . 2012-06-20 08:04--------d-----w-c:\program files (x86)\My Company Name
2012-06-20 08:03 . 2012-02-23 17:18279656------w-c:\windows\system32\MpSigStub.exe
2012-06-20 08:01 . 2012-06-20 08:01--------d-----w-c:\program files (x86)\Evernote
2012-06-20 07:58 . 2011-08-11 22:54104560----a-w-c:\windows\system32\drivers\L1C62x64.sys
2012-06-20 07:57 . 2012-06-22 03:18--------d-----w-c:\program files (x86)\Common Files\InstallShield
2012-06-20 07:56 . 2012-06-20 08:38--------d-----w-c:\programdata\Intel
2012-06-20 07:56 . 2012-06-20 07:56--------d-----w-c:\program files\Intel
2012-06-20 07:56 . 2011-12-06 23:5553248----a-r-c:\windows\SysWow64\CSVer.dll
2012-06-20 07:56 . 2012-06-20 07:56--------d-----w-c:\program files (x86)\Common Files\postureAgent
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 02:21 . 2009-07-14 02:36175616----a-w-c:\windows\system32\msclmd.dll
2012-06-21 02:21 . 2009-07-14 02:36152576----a-w-c:\windows\SysWow64\msclmd.dll
2012-05-15 09:21 . 2012-05-15 09:21423744----a-w-c:\windows\SysWow64\nvStreaming.exe
2012-04-25 19:11 . 2012-04-25 19:1152736----a-w-c:\windows\system32\drivers\usbaapl64.sys
2012-04-25 19:11 . 2012-04-25 19:114547944----a-w-c:\windows\system32\usbaaplrc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . BA6EE9B4E38B720A537A3EF48BD5903B . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-06-23_01.05.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-06-22 23:11 . 2012-06-23 00:5516384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-06-22 23:11 . 2012-06-23 19:4116384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-06-22 23:12 . 2012-06-23 19:4116384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
- 2012-06-22 23:12 . 2012-06-23 00:5616384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2012-06-23 19:39 . 2012-06-23 19:4149152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012062320120624\index.dat
+ 2012-06-23 04:14 . 2012-06-23 04:1842496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EE22B4AD-BCE9-11E1-B368-902B343164A9}.dat
+ 2012-06-23 06:08 . 2012-06-23 06:0810240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DAC1B255-BCF9-11E1-8D7D-902B343164A9}.dat
+ 2012-06-23 04:21 . 2012-06-23 04:2349152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DA7D18A6-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 04:20 . 2012-06-23 04:2112288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D186CE5C-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 03:44 . 2012-06-23 03:4413824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C38CDB2C-BCE5-11E1-B368-902B343164A9}.dat
+ 2012-06-23 03:44 . 2012-06-23 03:4422528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BD0D6686-BCE5-11E1-B368-902B343164A9}.dat
+ 2012-06-23 04:19 . 2012-06-23 04:2349152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9672A66B-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 05:59 . 2012-06-23 06:0312800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{93194C75-BCF8-11E1-81AA-902B343164A9}.dat
+ 2012-06-23 04:18 . 2012-06-23 04:2342496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8878DEA7-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 04:18 . 2012-06-23 04:2252736 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{808B2EA0-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 04:18 . 2012-06-23 04:1818432 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6D1227E0-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 19:41 . 2012-06-23 19:4139936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6B60292F-BD6B-11E1-8D7D-902B343164A9}.dat
+ 2012-06-23 05:58 . 2012-06-23 06:0354784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6A544CE5-BCF8-11E1-81AA-902B343164A9}.dat
+ 2012-06-23 05:58 . 2012-06-23 05:5820992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6A3C099A-BCF8-11E1-81AA-902B343164A9}.dat
+ 2012-06-23 04:17 . 2012-06-23 04:2112800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{56A29253-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 04:17 . 2012-06-23 04:1826624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4E93771E-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 04:17 . 2012-06-23 04:1827136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{47EC7CB0-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 02:35 . 2012-06-23 02:4048128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{18040C09-BCDC-11E1-B368-902B343164A9}.dat
+ 2012-06-23 06:02 . 2012-06-23 06:0312800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0C05CFCA-BCF9-11E1-81AA-902B343164A9}.dat
+ 2012-06-22 23:12 . 2012-06-23 04:1332768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-06-22 23:12 . 2012-06-22 23:5932768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-06-20 08:43 . 2012-06-23 06:0640508 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-23 06:0630980 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-20 05:51 . 2011-02-20 05:5157168 c:\windows\system32\vcomp100.dll
- 2010-03-18 16:36 . 2010-03-18 16:3657168 c:\windows\system32\vcomp100.dll
+ 2011-02-20 05:51 . 2011-02-20 05:5193008 c:\windows\system32\mfcm100u.dll
+ 2011-02-20 05:51 . 2011-02-20 05:5193008 c:\windows\system32\mfcm100.dll
- 2010-03-18 16:36 . 2010-03-18 16:3660752 c:\windows\system32\mfc100rus.dll
+ 2011-02-20 05:51 . 2011-02-20 05:5160752 c:\windows\system32\mfc100rus.dll
- 2010-03-18 16:36 . 2010-03-18 16:3643344 c:\windows\system32\mfc100kor.dll
+ 2011-02-20 05:51 . 2011-02-20 05:5143344 c:\windows\system32\mfc100kor.dll
+ 2011-02-20 05:51 . 2011-02-20 05:5143856 c:\windows\system32\mfc100jpn.dll
- 2010-03-18 16:36 . 2010-03-18 16:3643856 c:\windows\system32\mfc100jpn.dll
- 2010-03-18 16:36 . 2010-03-18 16:3662288 c:\windows\system32\mfc100ita.dll
+ 2011-02-20 05:51 . 2011-02-20 05:5162288 c:\windows\system32\mfc100ita.dll
- 2010-03-18 16:36 . 2010-03-18 16:3664336 c:\windows\system32\mfc100fra.dll
+ 2011-02-20 05:51 . 2011-02-20 05:5164336 c:\windows\system32\mfc100fra.dll
+ 2011-02-20 05:51 . 2011-02-20 05:5163824 c:\windows\system32\mfc100esn.dll
- 2010-03-18 16:36 . 2010-03-18 16:3663824 c:\windows\system32\mfc100esn.dll
+ 2011-02-20 05:51 . 2011-02-20 05:5155120 c:\windows\system32\mfc100enu.dll
- 2010-03-18 16:36 . 2010-03-18 16:3655120 c:\windows\system32\mfc100enu.dll
- 2010-03-18 16:36 . 2010-03-18 16:3664336 c:\windows\system32\mfc100deu.dll
+ 2011-02-20 05:51 . 2011-02-20 05:5164336 c:\windows\system32\mfc100deu.dll
+ 2011-02-20 05:51 . 2011-02-20 05:5136176 c:\windows\system32\mfc100cht.dll
- 2010-03-18 16:36 . 2010-03-18 16:3636176 c:\windows\system32\mfc100cht.dll
- 2010-03-18 16:36 . 2010-03-18 16:3636176 c:\windows\system32\mfc100chs.dll
+ 2011-02-20 05:51 . 2011-02-20 05:5136176 c:\windows\system32\mfc100chs.dll
+ 2012-06-23 02:20 . 2012-03-29 06:0337496 c:\windows\system32\drivers\NISx64\1307010.005\srtspx64.sys
- 2012-06-20 07:51 . 2012-06-22 23:4016384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-20 07:51 . 2012-06-23 06:3716384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-20 07:51 . 2012-06-22 23:4032768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-23 02:24 . 2012-06-23 06:3732768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-23 06:3716384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-22 23:4016384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-23 06:22 . 2012-06-23 19:413584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{CE6A9764-BCFB-11E1-8D7D-902B343164A9}.dat
+ 2012-06-23 19:41 . 2012-06-23 19:413584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{73DCD4DA-BD6B-11E1-8D7D-902B343164A9}.dat
+ 2012-06-23 19:41 . 2012-06-23 19:415632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{763E4D66-BD6B-11E1-8D7D-902B343164A9}.dat
+ 2012-06-23 19:41 . 2012-06-23 19:414608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{73DCD4DC-BD6B-11E1-8D7D-902B343164A9}.dat
+ 2012-06-23 05:54 . 2012-06-23 05:544608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DD106D7D-BCF7-11E1-81AA-902B343164A9}.dat
+ 2012-06-23 06:08 . 2012-06-23 06:084608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DAC1B254-BCF9-11E1-8D7D-902B343164A9}.dat
+ 2012-06-23 04:21 . 2012-06-23 04:214608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DA7D18A5-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 04:13 . 2012-06-23 04:185632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C45716B6-BCE9-11E1-B368-902B343164A9}.dat
+ 2012-06-23 03:44 . 2012-06-23 03:444608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BD0D6684-BCE5-11E1-B368-902B343164A9}.dat
+ 2012-06-23 02:25 . 2012-06-23 02:254608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B671AF1F-BCDA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 04:12 . 2012-06-23 04:184608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{99E4D60B-BCE9-11E1-B368-902B343164A9}.dat
+ 2012-06-23 04:19 . 2012-06-23 04:234096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9672A66A-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 04:11 . 2012-06-23 04:174608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8C06D40F-BCE9-11E1-B368-902B343164A9}.dat
+ 2012-06-23 04:18 . 2012-06-23 04:234096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8878DEA6-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 04:18 . 2012-06-23 04:225120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{808B2E9F-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 19:41 . 2012-06-23 19:414608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6B60292D-BD6B-11E1-8D7D-902B343164A9}.dat
+ 2012-06-23 05:58 . 2012-06-23 06:034608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6A544CE4-BCF8-11E1-81AA-902B343164A9}.dat
+ 2012-06-23 05:58 . 2012-06-23 05:584608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6A3C0999-BCF8-11E1-81AA-902B343164A9}.dat
+ 2012-06-23 04:16 . 2012-06-23 04:205120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2A2F7119-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 04:23 . 2012-06-23 04:234608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1F5712EC-BCEB-11E1-B368-902B343164A9}.dat
+ 2012-06-23 02:21 . 2012-06-23 02:214608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{19967873-BCDA-11E1-97EC-902B343164A9}.dat
+ 2012-06-23 01:45 . 2012-06-23 01:455120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{187CCFE2-BCD5-11E1-97EC-902B343164A9}.dat
+ 2012-06-23 02:35 . 2012-06-23 02:405120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{18040C08-BCDC-11E1-B368-902B343164A9}.dat
+ 2012-06-23 06:01 . 2012-06-23 06:035632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E87D5FEC-BCF8-11E1-81AA-902B343164A9}.dat
+ 2012-06-23 06:01 . 2012-06-23 06:014608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E87D5FEB-BCF8-11E1-81AA-902B343164A9}.dat
+ 2012-06-23 05:54 . 2012-06-23 05:546144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DD106D7F-BCF7-11E1-81AA-902B343164A9}.dat
+ 2012-06-23 05:54 . 2012-06-23 05:545120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DD106D7E-BCF7-11E1-81AA-902B343164A9}.dat
+ 2012-06-23 06:08 . 2012-06-23 06:086144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DAC1B256-BCF9-11E1-8D7D-902B343164A9}.dat
+ 2012-06-23 02:25 . 2012-06-23 02:266144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C26D0756-BCDA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 02:25 . 2012-06-23 02:256144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B671AF20-BCDA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 05:59 . 2012-06-23 06:039216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{93194C73-BCF8-11E1-81AA-902B343164A9}.dat
+ 2012-06-23 04:18 . 2012-06-23 04:184096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8C1F3801-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 19:41 . 2012-06-23 19:416656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{72D720D5-BD6B-11E1-8D7D-902B343164A9}.dat
+ 2012-06-23 19:41 . 2012-06-23 19:414608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{72D720D4-BD6B-11E1-8D7D-902B343164A9}.dat
+ 2012-06-23 04:18 . 2012-06-23 04:188704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6D1227DD-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 04:17 . 2012-06-23 04:176144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{53FF06BF-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 04:17 . 2012-06-23 04:178704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{47EC7CAE-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 04:16 . 2012-06-23 04:164096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{34E83276-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 06:03 . 2012-06-23 06:038704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{28E633C8-BCF9-11E1-81AA-902B343164A9}.dat
+ 2012-06-23 01:45 . 2012-06-23 01:456144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{22F97E32-BCD5-11E1-97EC-902B343164A9}.dat
+ 2012-06-23 04:15 . 2012-06-23 04:154096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1DA01411-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 02:21 . 2012-06-23 02:215120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{19967874-BCDA-11E1-97EC-902B343164A9}.dat
+ 2012-06-23 01:45 . 2012-06-23 01:456144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{187CCFE4-BCD5-11E1-97EC-902B343164A9}.dat
+ 2012-06-20 08:43 . 2012-06-23 06:065274 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-901204113-2561923739-3919432305-1000_UserData.bin
+ 2012-06-23 02:20 . 2012-03-29 06:284782 c:\windows\system32\drivers\NISx64\1307010.005\symvtcer.dat
+ 2012-06-23 19:52 . 2012-06-23 19:522048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-23 01:05 . 2012-06-23 01:052048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-23 06:37 . 2012-06-23 06:37686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe
+ 2012-06-20 08:34 . 2012-06-23 06:37250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2009-07-14 04:54 . 2012-06-23 19:41131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-22 23:11 . 2012-06-23 06:46262144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012062220120623\index.dat
+ 2012-06-23 04:20 . 2012-06-23 04:21237568 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D186CE5A-BCEA-11E1-B368-902B343164A9}.dat
+ 2012-06-23 03:44 . 2012-06-23 03:44100864 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BD0D6685-BCE5-11E1-B368-902B343164A9}.dat
+ 2012-06-23 04:11 . 2012-06-23 04:18199168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8C06D410-BCE9-11E1-B368-902B343164A9}.dat
+ 2012-06-23 19:41 . 2012-06-23 19:41110080 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6B60292E-BD6B-11E1-8D7D-902B343164A9}.dat
+ 2012-06-23 04:23 . 2012-06-23 04:23102400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1F5712ED-BCEB-11E1-B368-902B343164A9}.dat
- 2009-07-14 02:36 . 2012-06-22 23:37623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-23 06:10623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-23 06:10106316 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-22 23:37106316 c:\windows\system32\perfc009.dat
+ 2011-02-19 07:52 . 2011-02-19 07:52829264 c:\windows\system32\msvcr100.dll
+ 2011-02-20 05:51 . 2011-02-20 05:51608080 c:\windows\system32\msvcp100.dll
+ 2012-06-23 06:37 . 2012-06-23 06:37417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_262_Plugin.exe
+ 2012-06-23 02:20 . 2012-03-29 06:28405624 c:\windows\system32\drivers\NISx64\1307010.005\symnets.sys
+ 2012-06-23 02:20 . 2011-07-25 18:18451192 c:\windows\system32\drivers\NISx64\1307010.005\symds64.sys
+ 2012-06-23 02:20 . 2012-03-29 06:03737912 c:\windows\system32\drivers\NISx64\1307010.005\srtsp64.sys
+ 2012-06-23 02:20 . 2012-03-29 06:06190072 c:\windows\system32\drivers\NISx64\1307010.005\ironx64.sys
+ 2012-06-23 02:20 . 2011-11-29 22:44167048 c:\windows\system32\drivers\NISx64\1307010.005\ccsetx64.sys
- 2010-03-18 16:36 . 2010-03-18 16:36158536 c:\windows\system32\atl100.dll
+ 2011-02-20 05:51 . 2011-02-20 05:51158536 c:\windows\system32\atl100.dll
- 2009-07-14 04:46 . 2012-06-23 00:03101472 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-06-23 02:13101472 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-06-23 19:52316832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-23 01:05316832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-06-21 06:00 . 2012-06-23 01:05618792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-901204113-2561923739-3919432305-1000-12288.dat
+ 2012-06-21 06:00 . 2012-06-23 19:52618792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-901204113-2561923739-3919432305-1000-12288.dat
+ 2011-02-20 05:57 . 2011-02-20 05:57177664 c:\windows\Installer\a076b.msi
+ 2012-06-23 06:37 . 2012-06-23 06:379459912 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
+ 2012-06-23 06:37 . 2012-06-23 06:371535176 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
+ 2012-06-22 23:11 . 2012-06-23 19:411015808 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2009-07-14 04:54 . 2012-06-23 19:411458176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-23 19:411835008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-23 04:12 . 2012-06-23 04:191025024 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99E4D60C-BCE9-11E1-B368-902B343164A9}.dat
+ 2012-06-23 04:18 . 2012-06-23 04:181324544 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6D1227DE-BCEA-11E1-B368-902B343164A9}.dat
+ 2011-02-20 05:51 . 2011-02-20 05:515601616 c:\windows\system32\mfc100u.dll
+ 2011-02-20 05:51 . 2011-02-20 05:515574472 c:\windows\system32\mfc100.dll
+ 2012-06-23 02:20 . 2012-03-29 06:281092728 c:\windows\system32\drivers\NISx64\1307010.005\symefa64.sys
- 2009-07-14 04:45 . 2012-06-22 23:097106385 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-06-23 01:077106385 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-06-22 23:27 . 2012-06-23 19:523402992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-06-23 06:37 . 2012-06-23 06:3712310216 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll
 
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-08-29 165776]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-06-21 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-08-29 771968]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSPanel.exe" [2012-05-17 3417984]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2012-06-22 557056]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"PWRISOVM.EXE"="g:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Skilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-01-12 274200]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-06-21 30528]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120622.001\IDSvia64.sys [2012-06-22 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [x]
S1 VirtDiskBus;3TB+ Unlock;c:\windows\system32\DRIVERS\VirtDiskBus64.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-21 531328]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-23 138912]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 06:37]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-901204113-2561923739-3919432305-1000Core.job
- c:\users\Skilz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 08:25]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-901204113-2561923739-3919432305-1000UA.job
- c:\users\Skilz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 08:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:231500672----a-w-c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:231500672----a-w-c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:231500672----a-w-c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-12 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-12 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-12 440600]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\appinit_dll.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Skilz\AppData\Roaming\Mozilla\Firefox\Profiles\ex5f8rp2.TonyGotSkilz-home\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://insite.bridgepoint.local/dept/bts/Applications/Engineering%20Dashboard.aspx
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0E5680D1-BF44-4929-94AF-FD30D784AD1D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,83,45,
0a,76,f1,47,0c,eb,b9,be,70,d2,da,e9,09
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"=hex:51,66,7a,6c,4c,1d,38,12,0c,e0,e4,
3d,b8,cc,34,0e,c3,b9,18,39,ba,81,ae,74
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:2d,4c,9d,4a,cc,50,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,3e,10,8d,e5,39,1d,40,bf,f8,c9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,3e,10,8d,e5,39,1d,40,bf,f8,c9,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\nlssrv32.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRSOOBE.exe
.
**************************************************************************
.
Completion time: 2012-06-23 12:54:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 19:54
ComboFix2.txt 2012-06-23 01:25
ComboFix3.txt 2012-06-23 01:07
.
Pre-Run: 128,035,692,544 bytes free
Post-Run: 127,967,207,424 bytes free
.
- - End Of File - - 4633F4BEEE83054ACF15F2DDB42FD5B7
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
FCopy::
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll | c:\windows\SysWOW64\user32.dll

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-06-23.05 - Skilz 06/23/2012 13:15:28.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16346.14214 [GMT -7:00]
Running from: c:\users\Skilz\Downloads\ComboFix.exe
Command switches used :: c:\users\Skilz\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --> c:\windows\SysWOW64\user32.dll
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 20:19 . 2012-06-23 20:19--------d-----w-c:\users\Default\AppData\Local\temp
2012-06-23 06:47 . 2012-06-23 06:47--------d-----w-C:\FRST
2012-06-23 06:37 . 2012-06-23 06:37--------d-----w-c:\windows\system32\Macromed
2012-06-23 01:39 . 2012-06-23 01:39--------d-----w-C:\_OTL
2012-06-23 01:35 . 2012-06-23 01:44--------d-----w-c:\program files\Rainmeter
2012-06-23 00:02 . 2012-06-23 00:02--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-23 00:02 . 2012-06-23 00:02--------d-----w-c:\programdata\Malwarebytes
2012-06-23 00:02 . 2012-04-04 22:5624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-06-22 23:58 . 2012-06-22 23:58--------d-----w-c:\program files (x86)\Foxit Software
2012-06-22 23:40 . 2012-06-22 23:40--------d-----w-c:\program files (x86)\Common Files\Symantec Shared
2012-06-22 23:40 . 2012-06-23 02:20175736----a-w-c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-22 23:40 . 2012-06-23 02:20--------d-----w-c:\program files\Symantec
2012-06-22 23:40 . 2012-06-22 23:40--------d-----w-c:\users\Public\Symantec
2012-06-22 23:40 . 2012-06-22 23:40--------d-----w-c:\program files\Common Files\Symantec Shared
2012-06-22 23:40 . 2012-06-22 23:40--------d-----w-c:\program files (x86)\SymSilent
2012-06-22 23:40 . 2012-06-23 02:21--------d-----w-c:\windows\system32\drivers\NISx64
2012-06-22 23:40 . 2012-06-22 23:40--------d-----w-c:\programdata\Norton
2012-06-22 23:40 . 2012-06-22 23:40--------d-----w-c:\program files (x86)\Norton Internet Security
2012-06-22 23:40 . 2012-06-22 23:40--------d-----w-c:\program files (x86)\NortonInstaller
2012-06-22 21:41 . 2012-06-18 10:129013136----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4FCF840-2E30-48EE-9EF4-550C0C991BFF}\mpengine.dll
2012-06-22 21:37 . 2012-06-22 21:37--------d-----w-c:\windows\Sun
2012-06-22 21:25 . 2009-07-27 02:5490544----a-w-c:\windows\system32\drivers\scdemu.sys
2012-06-22 21:19 . 2012-06-22 21:19--------d-----w-c:\windows\system32\wbem\Framework
2012-06-22 21:19 . 2012-06-22 21:22--------d-----w-C:\CPU Monitor
2012-06-22 21:14 . 2012-06-22 21:14--------d-----w-c:\program files (x86)\Vertus Fluid Mask 3
2012-06-22 21:11 . 2012-06-22 21:11--------d-----w-c:\programdata\VertusTech
2012-06-22 20:57 . 2012-06-22 20:57--------d-----w-c:\programdata\GlobalSCAPE
2012-06-22 20:56 . 2012-06-22 20:56--------d-----w-c:\program files (x86)\GlobalSCAPE
2012-06-22 05:32 . 2012-06-22 05:32--------d-----w-c:\programdata\ALM
2012-06-22 05:31 . 2012-06-22 05:32--------d-----w-c:\program files\Common Files\Adobe
2012-06-22 05:30 . 2012-06-22 05:30--------d-----w-c:\program files (x86)\Adobe Media Player
2012-06-22 05:29 . 2012-06-22 05:29--------d-----w-c:\program files (x86)\Common Files\Adobe AIR
2012-06-22 04:56 . 2012-06-22 04:56--------d-----w-c:\programdata\EA Core
2012-06-22 04:55 . 2012-06-22 05:24--------d-----w-c:\programdata\EA Logs
2012-06-22 04:22 . 2012-06-22 04:22--------d-----w-c:\program files\BitComet
2012-06-22 04:17 . 2012-06-22 04:17--------d-----w-C:\Downloads
2012-06-22 03:31 . 2012-05-04 11:00366592----a-w-c:\windows\system32\qdvd.dll
2012-06-22 03:31 . 2012-05-04 09:59514560----a-w-c:\windows\SysWow64\qdvd.dll
2012-06-22 03:19 . 2012-06-22 03:20--------d-----w-C:\Temp
2012-06-22 03:18 . 2012-06-22 03:2016384----a-w-c:\windows\SysWow64\lgfwunis.exe
2012-06-22 03:18 . 2001-08-30 04:0059904----a-w-c:\windows\SysWow64\wbemdisp.tlb
2012-06-22 03:18 . 1998-07-22 07:00102912----a-w-c:\windows\SysWow64\Vb6stkit.dll
2012-06-22 03:18 . 1998-07-22 07:00102160----a-w-c:\windows\SysWow64\VB6KO.DLL
2012-06-22 03:18 . 1998-06-24 07:00115016----a-w-c:\windows\SysWow64\MSINET.OCX
2012-06-22 03:18 . 2012-06-23 20:19--------d-----w-c:\program files (x86)\lg_fwupdate
2012-06-22 03:16 . 2012-06-22 03:19--------d-----w-c:\program files (x86)\CyberLink
2012-06-22 03:16 . 2012-06-22 03:18--------d-----w-c:\programdata\CyberLink
2012-06-22 03:15 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-22 03:15 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-06-22 03:15 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-06-22 03:15 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-06-22 03:15 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
2012-06-22 03:15 . 2012-06-02 22:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-22 03:15 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
2012-06-22 03:15 . 2012-06-02 22:1536864----a-w-c:\windows\system32\wuapp.exe
2012-06-22 03:15 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
2012-06-21 07:17 . 2012-06-21 07:17--------d-----w-c:\program files (x86)\Mozilla Maintenance Service
2012-06-21 07:11 . 2012-06-21 07:11--------d-----w-C:\aws
2012-06-21 07:11 . 2012-06-21 07:11--------d-----w-C:\Asus WebStorage
2012-06-21 07:06 . 2012-06-21 07:06--------d-----w-c:\program files (x86)\Git
2012-06-21 07:06 . 2012-06-21 07:06--------dc----w-c:\windows\system32\DRVSTORE
2012-06-21 07:05 . 2012-06-21 07:05--------d-----w-c:\programdata\Apple
2012-06-21 07:04 . 2012-06-21 07:04--------d-----w-c:\programdata\ASUS WebStorage
2012-06-21 07:04 . 2012-06-21 07:04--------d-----w-c:\program files (x86)\ASUS
2012-06-21 06:58 . 2012-06-22 04:25--------d-----w-c:\program files (x86)\Diablo III
2012-06-21 06:58 . 2012-06-21 07:12--------d-----w-c:\programdata\Blizzard Entertainment
2012-06-21 06:58 . 2012-06-21 07:12--------d-----w-c:\program files (x86)\Common Files\Blizzard Entertainment
2012-06-21 06:57 . 2012-06-21 06:58--------d-----w-c:\programdata\Battle.net
2012-06-21 06:51 . 2012-06-21 06:51--------d--h--w-c:\program files (x86)\Common Files\EAInstaller
2012-06-21 06:37 . 2012-06-21 06:37--------d-----w-c:\program files (x86)\Notepad++
2012-06-21 06:31 . 2012-06-21 06:32--------d-----w-c:\program files (x86)\Origin Games
2012-06-21 06:30 . 2012-06-22 04:56--------d-----w-c:\programdata\Electronic Arts
2012-06-21 06:30 . 2012-06-22 04:56--------d-----w-c:\programdata\Origin
2012-06-21 06:30 . 2012-06-21 06:31--------d-----w-c:\program files (x86)\Origin
2012-06-21 06:29 . 2012-06-23 20:19--------d-----w-c:\program files (x86)\Steam
2012-06-21 06:29 . 2012-06-21 06:29--------d-----w-c:\program files (x86)\Common Files\Steam
2012-06-21 06:00 . 2012-06-21 06:00--------d-----w-c:\program files (x86)\Common Files\Java
2012-06-21 06:00 . 2012-06-21 06:00--------d-----w-c:\program files (x86)\Oracle
2012-06-21 02:07 . 2012-06-21 02:07--------d-----w-c:\windows\system32\SPReview
2012-06-21 02:07 . 2012-06-21 02:07--------d-----w-c:\windows\system32\EventProviders
2012-06-21 02:02 . 2010-11-20 13:33273792----a-w-c:\windows\system32\drivers\msiscsi.sys
2012-06-21 01:56 . 2011-03-25 03:29343040----a-w-c:\windows\system32\drivers\usbhub.sys
2012-06-20 08:53 . 2012-06-20 08:53--------d-----w-c:\program files\Microsoft IntelliPoint
2012-06-20 08:53 . 2012-06-20 08:53--------d-----w-c:\windows\PCHEALTH
2012-06-20 08:52 . 2011-02-19 12:051139200----a-w-c:\windows\system32\FntCache.dll
2012-06-20 08:52 . 2011-02-19 12:04902656----a-w-c:\windows\system32\d2d1.dll
2012-06-20 08:52 . 2011-02-19 06:30739840----a-w-c:\windows\SysWow64\d2d1.dll
2012-06-20 08:51 . 2012-06-20 08:51--------d-----w-c:\program files (x86)\Microsoft.NET
2012-06-20 08:47 . 2012-06-20 07:53--------d-----w-c:\windows\Panther
2012-06-20 08:43 . 2012-06-20 08:43--------d-----w-c:\program files (x86)\Common Files\Intel Corporation
2012-06-20 08:38 . 2012-06-21 00:5630528----a-w-c:\windows\GVTDrv64.sys
2012-06-20 08:37 . 2012-06-20 08:37--------d-----w-c:\windows\SysWow64\Wat
2012-06-20 08:37 . 2012-06-20 08:37--------d-----w-c:\windows\system32\Wat
2012-06-20 08:34 . 2012-06-23 06:3770344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-20 08:34 . 2012-06-23 06:37426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-20 08:33 . 2012-06-20 08:33--------d-----w-c:\windows\SysWow64\Macromed
2012-06-20 08:31 . 2012-06-20 08:31--------d-----w-c:\program files (x86)\Opera
2012-06-20 08:11 . 2012-03-01 06:4623408----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-06-20 08:11 . 2012-03-01 06:38220672----a-w-c:\windows\system32\wintrust.dll
2012-06-20 08:11 . 2012-03-01 06:3381408----a-w-c:\windows\system32\imagehlp.dll
2012-06-20 08:11 . 2012-03-01 06:285120----a-w-c:\windows\system32\wmi.dll
2012-06-20 08:11 . 2012-03-01 05:37172544----a-w-c:\windows\SysWow64\wintrust.dll
2012-06-20 08:11 . 2012-03-01 05:33159232----a-w-c:\windows\SysWow64\imagehlp.dll
2012-06-20 08:11 . 2012-03-01 05:295120----a-w-c:\windows\SysWow64\wmi.dll
2012-06-20 08:09 . 2011-03-12 12:081465344----a-w-c:\windows\system32\XpsPrint.dll
2012-06-20 08:08 . 2012-05-04 11:065559664----a-w-c:\windows\system32\ntoskrnl.exe
2012-06-20 08:07 . 2011-05-24 11:42404480----a-w-c:\windows\system32\umpnpmgr.dll
2012-06-20 08:06 . 2012-06-20 08:06--------d-----w-c:\programdata\Downloaded Installations
2012-06-20 08:05 . 2012-06-20 08:05--------d-----w-c:\programdata\WinZip
2012-06-20 08:05 . 2012-01-13 01:3766336----a-w-c:\windows\system32\drivers\VirtuWDDM.sys
2012-06-20 08:05 . 2012-06-20 08:05--------d-----w-c:\program files\Lucidlogix Technologies
2012-06-20 08:05 . 2012-01-13 01:36475424----a-w-c:\windows\system32\appinit_dll.dll
2012-06-20 08:05 . 2012-01-13 01:35429856----a-w-c:\windows\SysWow64\appinit_dll.dll
2012-06-20 08:04 . 2012-06-20 08:04--------d-----w-c:\program files (x86)\Atheros ASAV
2012-06-20 08:04 . 2012-06-22 05:31--------d-----w-c:\program files (x86)\Common Files\Adobe
2012-06-20 08:04 . 2011-02-08 23:0266160----a-w-c:\windows\system32\drivers\VirtDiskBus64.sys
2012-06-20 08:04 . 2012-06-20 08:04--------d-----w-c:\program files (x86)\My Company Name
2012-06-20 08:03 . 2012-02-23 17:18279656------w-c:\windows\system32\MpSigStub.exe
2012-06-20 08:01 . 2012-06-20 08:01--------d-----w-c:\program files (x86)\Evernote
2012-06-20 07:58 . 2011-08-11 22:54104560----a-w-c:\windows\system32\drivers\L1C62x64.sys
2012-06-20 07:57 . 2012-06-22 03:18--------d-----w-c:\program files (x86)\Common Files\InstallShield
2012-06-20 07:56 . 2012-06-20 08:38--------d-----w-c:\programdata\Intel
2012-06-20 07:56 . 2012-06-20 07:56--------d-----w-c:\program files\Intel
2012-06-20 07:56 . 2011-12-06 23:5553248----a-r-c:\windows\SysWow64\CSVer.dll
2012-06-20 07:56 . 2012-06-20 07:56--------d-----w-c:\program files (x86)\Common Files\postureAgent
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 02:21 . 2009-07-14 02:36175616----a-w-c:\windows\system32\msclmd.dll
2012-06-21 02:21 . 2009-07-14 02:36152576----a-w-c:\windows\SysWow64\msclmd.dll
2012-05-15 09:21 . 2012-05-15 09:21423744----a-w-c:\windows\SysWow64\nvStreaming.exe
2012-04-25 19:11 . 2012-04-25 19:1152736----a-w-c:\windows\system32\drivers\usbaapl64.sys
2012-04-25 19:11 . 2012-04-25 19:114547944----a-w-c:\windows\system32\usbaaplrc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . BA6EE9B4E38B720A537A3EF48BD5903B . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-06-23_19.52.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-20 08:43 . 2012-06-23 19:5440896 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2012-06-23 20:19 . 2012-06-23 20:192048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-23 19:52 . 2012-06-23 19:522048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-23 20:19 . 2012-06-23 20:192048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-06-23 20:19316832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-23 19:52316832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-21 06:00 . 2012-06-23 20:19618792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-901204113-2561923739-3919432305-1000-12288.dat
- 2012-06-21 06:00 . 2012-06-23 19:52618792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-901204113-2561923739-3919432305-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-08-29 165776]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-06-21 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-08-29 771968]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSPanel.exe" [2012-05-17 3417984]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2012-06-22 557056]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"PWRISOVM.EXE"="g:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Skilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-01-12 274200]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-06-21 30528]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120622.001\IDSvia64.sys [2012-06-22 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [x]
S1 VirtDiskBus;3TB+ Unlock;c:\windows\system32\DRIVERS\VirtDiskBus64.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-21 531328]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-23 138912]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 06:37]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-901204113-2561923739-3919432305-1000Core.job
- c:\users\Skilz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 08:25]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-901204113-2561923739-3919432305-1000UA.job
- c:\users\Skilz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 08:25]
.
.
--------- X64 Entries -----------
 
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:231500672----a-w-c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:231500672----a-w-c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:231500672----a-w-c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-12 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-12 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-12 440600]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\appinit_dll.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Skilz\AppData\Roaming\Mozilla\Firefox\Profiles\ex5f8rp2.TonyGotSkilz-home\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://insite.bridgepoint.local/dept/bts/Applications/Engineering%20Dashboard.aspx
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0E5680D1-BF44-4929-94AF-FD30D784AD1D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,83,45,
0a,76,f1,47,0c,eb,b9,be,70,d2,da,e9,09
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"=hex:51,66,7a,6c,4c,1d,38,12,0c,e0,e4,
3d,b8,cc,34,0e,c3,b9,18,39,ba,81,ae,74
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:2d,4c,9d,4a,cc,50,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,3e,10,8d,e5,39,1d,40,bf,f8,c9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,3e,10,8d,e5,39,1d,40,bf,f8,c9,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\nlssrv32.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRSOOBE.exe
.
**************************************************************************
.
Completion time: 2012-06-23 13:21:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 20:21
ComboFix2.txt 2012-06-23 19:54
ComboFix3.txt 2012-06-23 01:25
ComboFix4.txt 2012-06-23 01:07
.
Pre-Run: 128,016,896,000 bytes free
Post-Run: 127,733,710,848 bytes free
.
- - End Of File - - 138F69DAAE61CE4FBF0E16FF303A413C
 
I dunno what did it but its looking better. I haven't had any popups from Malwarebytes or nortons since restart.

I wanted to know if you noticed any trojans in my log. I am asking because I know from previous threads that if there are any trojans I need to change all my passwords. I have changed my banking password but thats all so far, should I change all of my passwords?
 
Looks like there are still issues, my browser is still getting hijacked / redirected when I try to go to different websites, and shockwave is still crashing in chrome constantly.
 
You must log in or register to reply here.

Similar threads

D
Avira update is causing Windows PCs to freeze up, no fix in sight
Replies
0
Views
205
DragonSlayer101
D
Shawn Knight
Nintendo Switch console overclocked and modded to run modern PC games
Replies
3
Views
535
hwertz
hwertz
midian182
Microsoft accused of malware-like tactics, again, in attempt to push users onto Bing
Replies
24
Views
781
Hotlynx16
H

Latest posts

Back