DDS LOG
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Owner at 17:01:19 on 2013-06-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2101 [GMT -7:00]
.
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\windows\system32\taskhost.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\notepad.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN33612886651136735&UM=2&ctid=CT3287375
uDefault_Page_URL = hxxp://
www.google.com/ig?brand=TSND&bmod=TSND
mStart Page = hxxp://
www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mDefault_Page_URL = hxxp://
www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
mRun: [TUSBSleepChargeSrv] "C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 66.253.214.16 50.30.208.77
TCP: Interfaces\{E2A3B892-4943-4578-A26B-252F97030C8B} : DHCPNameServer = 66.253.214.16 50.30.208.77
TCP: Interfaces\{E2A3B892-4943-4578-A26B-252F97030C8B}\0796E65697 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{E2A3B892-4943-4578-A26B-252F97030C8B}\3416274696E616C637 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{E2A3B892-4943-4578-A26B-252F97030C8B}\35572677169775966496 : DHCPNameServer = 64.68.252.10 64.68.248.10
TCP: Interfaces\{E2A3B892-4943-4578-A26B-252F97030C8B}\4557271757F6963756A4565607 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{E2A3B892-4943-4578-A26B-252F97030C8B}\4596765627 : DHCPNameServer = 68.105.28.12 68.105.28.11 192.168.1.104
TCP: Interfaces\{E2A3B892-4943-4578-A26B-252F97030C8B}\D497F6E65616E646F6E6C697 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [ThpSrv] "C:\windows\System32\thpsrv" /logon
x64-Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosVolRegulator] "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2010-7-12 24680]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-12-20 482384]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\windows\System32\drivers\cmderd.sys [2013-6-18 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\windows\System32\drivers\cmdguard.sys [2013-6-18 708632]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\windows\System32\drivers\cmdhlp.sys [2013-6-18 48360]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-12-29 404992]
R2 ssfmonm;ssfmonm;C:\windows\System32\drivers\ssfmonm.sys [2011-6-20 56408]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 bpenum;bpenum;C:\windows\System32\drivers\bpenum.sys [2009-12-22 71168]
R3 bpmp;bpmp;C:\windows\System32\drivers\bpmp.sys [2009-12-22 174592]
R3 bpusb;bpusb;C:\windows\System32\drivers\bpusb.sys [2009-12-22 81920]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2010-12-20 9216]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-12-20 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-27 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-6-21 287232]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-12-20 35008]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2009-7-14 9728]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-6-18 158936]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-12-20 232992]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\Winword.exe="C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "%1" [UserChoice] [default=edit - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2013-06-23 23:48:35--------d-s---w-C:\ComboFix
2013-06-23 23:33:40--------d-----w-C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-06-23 23:33:19--------d-----w-C:\ProgramData\Malwarebytes
2013-06-23 23:33:1625928----a-w-C:\windows\System32\drivers\mbam.sys
2013-06-23 23:33:16--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-23 22:22:37--------d-----w-C:\FRST
2013-06-23 22:20:50--------d-s---w-C:\ProgramData\Shared Space
2013-06-23 22:20:44--------d-----w-C:\Program Files\COMODO
2013-06-23 22:20:41--------d-----w-C:\ProgramData\Comodo
2013-06-23 22:20:37--------d-----w-C:\ProgramData\Comodo Downloader
2013-06-23 22:00:449552976----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{01F483A8-5721-42D4-87D6-FB76B9CC619E}\mpengine.dll
2013-06-23 06:17:49433752----a-w-C:\windows\System32\drivers\NISx64\1404000.028\symnets.sys
2013-06-23 06:17:48796760----a-w-C:\windows\System32\drivers\NISx64\1404000.028\srtsp64.sys
2013-06-23 06:17:48493656----a-w-C:\windows\System32\drivers\NISx64\1404000.028\symds64.sys
2013-06-23 06:17:4836952----a-w-C:\windows\System32\drivers\NISx64\1404000.028\srtspx64.sys
2013-06-23 06:17:4823448----a-r-C:\windows\System32\drivers\NISx64\1404000.028\symelam.sys
2013-06-23 06:17:48224416----a-w-C:\windows\System32\drivers\NISx64\1404000.028\ironx64.sys
2013-06-23 06:17:48169048----a-w-C:\windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys
2013-06-23 06:17:481139800----a-w-C:\windows\System32\drivers\NISx64\1404000.028\symefa64.sys
2013-06-23 06:17:09--------d-----w-C:\windows\System32\drivers\NISx64\1404000.028
2013-06-23 06:02:23--------d-----w-C:\Users\Owner\AppData\Local\VS Revo Group
2013-06-23 06:02:09--------d-----w-C:\ProgramData\VS Revo Group
2013-06-23 06:01:51--------d-----w-C:\Users\Owner\AppData\Local\Programs
2013-06-23 05:58:51--------d-----w-C:\Program Files\Common Files\Symantec Shared
2013-06-23 05:56:55--------d-----w-C:\windows\System32\drivers\NISx64
2013-06-23 05:56:12--------d-----w-C:\Program Files (x86)\NortonInstaller
2013-06-23 04:55:33--------d-----w-C:\Program Files\CCleaner
2013-06-18 23:16:10708632----a-w-C:\windows\System32\drivers\cmdguard.sys
2013-06-18 23:16:1048360----a-w-C:\windows\System32\drivers\cmdhlp.sys
2013-06-18 23:16:0823168----a-w-C:\windows\System32\drivers\cmderd.sys
2013-06-18 23:15:5043216----a-w-C:\windows\System32\cmdcsr.dll
2013-06-18 23:15:48437688----a-w-C:\windows\System32\guard64.dll
2013-06-18 23:15:48348584----a-w-C:\windows\SysWow64\guard32.dll
2013-06-18 23:15:4045784----a-w-C:\windows\System32\cmdkbd64.dll
2013-06-18 23:15:40344792----a-w-C:\windows\System32\cmdvrt64.dll
2013-06-18 23:15:3640664----a-w-C:\windows\SysWow64\cmdkbd32.dll
2013-06-18 23:15:36278232----a-w-C:\windows\SysWow64\cmdvrt32.dll
2013-06-12 05:35:59760320----a-w-C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
.
==================== Find3M ====================
.
2013-05-17 06:14:051188864----a-w-C:\windows\System32\wininet.dll
2013-05-16 18:21:48981504----a-w-C:\windows\SysWow64\wininet.dll
2013-05-16 17:10:291638912----a-w-C:\windows\System32\mshtml.tlb
2013-05-16 16:44:211638912----a-w-C:\windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01184320----a-w-C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:001464320----a-w-C:\windows\System32\crypt32.dll
2013-05-13 05:51:00139776----a-w-C:\windows\System32\cryptnet.dll
2013-05-13 05:50:4052224----a-w-C:\windows\System32\certenc.dll
2013-05-13 04:45:55140288----a-w-C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:551160192----a-w-C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55103936----a-w-C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:551192448----a-w-C:\windows\System32\certutil.exe
2013-05-13 03:08:10903168----a-w-C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:0643008----a-w-C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:2730720----a-w-C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:5424576----a-w-C:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:011910632----a-w-C:\windows\System32\drivers\tcpip.sys
2013-05-02 09:06:08278800------w-C:\windows\System32\MpSigStub.exe
2013-04-26 05:51:36751104----a-w-C:\windows\System32\win32spl.dll
2013-04-26 04:55:21492544----a-w-C:\windows\SysWow64\win32spl.dll
2013-04-13 05:49:23135168----a-w-C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19350208----a-w-C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19308736----a-w-C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19111104----a-w-C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16474624----a-w-C:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:152176512----a-w-C:\windows\apppatch\AcGenral.dll
2013-04-12 14:45:081656680----a-w-C:\windows\System32\drivers\ntfs.sys
2013-04-11 14:22:56770384----a-w-C:\windows\SysWow64\msvcr100.dll
2013-04-11 14:22:56421200----a-w-C:\windows\SysWow64\msvcp100.dll
2013-04-10 06:01:54265064----a-w-C:\windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53983400----a-w-C:\windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:503153920----a-w-C:\windows\System32\win32k.sys
.
============= FINISH: 17:02:56.77 ===============