Solved Got a virus trying to run unkillable IE windows in background

Which browser is affected?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Opera and chrome are infected for sure. Firefox seems odd, when I go to the nortons or any other anti virus site from a google search I get redirected in opera and chrome in firefox it takes me to my google login and says I have been logged out instead of taking me to the page and IE seems fine.
 
OTL logfile created on: 6/23/2012 3:43:30 PM - Run 4
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\Skilz\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.96 Gb Total Physical Memory | 13.69 Gb Available Physical Memory | 85.74% Memory free
39.90 Gb Paging File | 37.76 Gb Available in Paging File | 94.62% Paging File free
Paging file location(s): c:\pagefile.sys 24516 49032 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237.47 Gb Total Space | 124.49 Gb Free Space | 52.42% Space Free | Partition Type: NTFS
Drive D: | 1024.00 Mb Total Space | 457.37 Mb Free Space | 44.66% Space Free | Partition Type: NTFS
Drive E: | 70.94 Gb Total Space | 51.41 Gb Free Space | 72.47% Space Free | Partition Type: NTFS
Drive G: | 860.57 Gb Total Space | 588.08 Gb Free Space | 68.34% Space Free | Partition Type: NTFS

Computer Name: SKILZ-PC | User Name: Skilz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/22 16:44:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Skilz\Desktop\OTL.exe
PRC - [2012/06/21 20:19:39 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
PRC - [2012/06/14 15:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/15 03:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe
PRC - [2012/03/14 22:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2012/02/21 16:17:56 | 001,920,888 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSOOBE.exe
PRC - [2012/02/21 16:17:52 | 000,531,328 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2012/01/27 02:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/12/16 12:30:40 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/12/16 12:30:38 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/12/16 11:02:56 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/21 10:05:02 | 000,064,512 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2010/11/20 05:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/11/15 04:21:56 | 000,841,544 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
PRC - [2010/11/15 04:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
PRC - [2009/12/15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/07/26 19:37:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- G:\Program Files (x86)\PowerISO\PWRISOVM.EXE


========== Modules (No Company Name) ==========

MOD - [2012/06/21 21:02:27 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll
MOD - [2012/06/21 20:58:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/21 20:58:39 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/21 20:58:30 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/06/21 20:58:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/06/21 20:58:27 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/21 20:58:24 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/06/14 15:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/12/15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/10 07:09:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2011/12/08 16:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) Capability Licensing Service Interface) Intel(R)
SRV:64bit: - [2010/12/28 01:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/22 23:37:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/14 15:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/15 03:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (NIS)
SRV - [2012/03/14 22:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2012/02/21 16:17:52 | 000,531,328 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2012/01/12 15:24:26 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R)
SRV - [2011/12/16 12:30:40 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/12/16 12:30:38 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011/12/16 11:02:56 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) Intel(R)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011/08/30 15:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) Intel(R) Integrated Clock Controller Service - Intel(R)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/21 10:05:02 | 000,064,512 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/11/15 04:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/22 19:20:50 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/18 10:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/28 23:28:38 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/28 23:28:30 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/03/28 23:06:25 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/28 23:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/03/28 23:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/27 02:39:33 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) Intel(R)
DRV:64bit: - [2012/01/27 02:39:33 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) Intel(R)
DRV:64bit: - [2012/01/27 02:39:33 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) Intel(R)
DRV:64bit: - [2012/01/12 18:37:02 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)
DRV:64bit: - [2012/01/10 07:09:44 | 002,184,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012/01/05 20:36:55 | 014,652,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/06 04:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/29 15:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/11/10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011/11/02 10:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011/08/11 15:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/25 11:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 16:02:44 | 000,066,160 | ---- | M] (Giga-Byte Technology CO., LTD.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VirtDiskBus64.sys -- (VirtDiskBus)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/26 19:54:30 | 000,090,544 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/06/23 13:41:42 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120622.033\ex64.sys -- (NAVEX15)
DRV - [2012/06/23 13:41:42 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120622.033\eng64.sys -- (NAVENG)
DRV - [2012/06/22 17:45:16 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/06/22 17:45:16 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/06/22 15:43:50 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120622.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/06/20 17:56:38 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012/06/19 00:03:24 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 74 C7 1C CE 50 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {51C4451C-2963-4f1f-B411-CDD91E728C36}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{51C4451C-2963-4f1f-B411-CDD91E728C36}: "URL" = http://www.google.com/cse?cx=partne...b-3794288947762788:7941509802&q={searchTerms}
IE - HKCU\..\SearchScopes\{728FD164-973A-407d-9505-FE1551FCCB06}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKCU\..\SearchScopes\{9A2A3673-D9B2-4d29-95B1-9E7A8474F122}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Skilz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Skilz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2012/06/20 00:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2012/06/20 00:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/06/22 18:42:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/06/23 13:21:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/21 21:07:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/21 21:07:33 | 000,000,000 | ---D | M]

[2012/06/20 01:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skilz\AppData\Roaming\Mozilla\Extensions
[2012/06/22 14:40:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skilz\AppData\Roaming\Mozilla\Firefox\Profiles\ex5f8rp2.TonyGotSkilz-home\extensions
[2012/06/21 20:47:29 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Skilz\AppData\Roaming\Mozilla\Firefox\Profiles\ex5f8rp2.TonyGotSkilz-home\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012/06/22 14:40:41 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Skilz\AppData\Roaming\Mozilla\Firefox\Profiles\ex5f8rp2.TonyGotSkilz-home\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012/06/21 20:47:29 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\Skilz\AppData\Roaming\Mozilla\Firefox\Profiles\ex5f8rp2.TonyGotSkilz-home\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2012/06/21 20:47:29 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Skilz\AppData\Roaming\Mozilla\Firefox\Profiles\ex5f8rp2.TonyGotSkilz-home\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012/06/21 20:47:30 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\Skilz\AppData\Roaming\Mozilla\Firefox\Profiles\ex5f8rp2.TonyGotSkilz-home\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2012/06/21 20:47:29 | 000,000,000 | ---D | M] (MouseControl) -- C:\Users\Skilz\AppData\Roaming\Mozilla\Firefox\Profiles\ex5f8rp2.TonyGotSkilz-home\extensions\MouseControl@neocodex.us
[2012/06/21 00:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/14 15:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/12 01:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2012/06/14 15:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 15:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Skilz\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Skilz\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Skilz\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Skilz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: BIODIGITAL HUMAN = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: MeasureIt! = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma\1.1.3_1\
CHR - Extension: WOT = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.14.6_0\
CHR - Extension: Tiki'Surf iPhone/iPad page viewer = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkokcmfolfandebcgebllapgecabfkla\1.2_0\
CHR - Extension: YouTube = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Pandora to Spotify Playlist Converter = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgkmfkggcmoclhipfkabaemflflellek\0.4.0_0\
CHR - Extension: Google Search = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\7.0_0\
CHR - Extension: TiltShiftMaker = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo\1.3.3_0\
CHR - Extension: Eye Dropper = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka\0.2.6_0\
CHR - Extension: iPad Peek = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpdiobnbonmdfneifdahjglmemoppnjn\1.1_0\
CHR - Extension: Adobe Shadow = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoeapleklopieoejahbpdnhkjjgddem\1.0.242_0\
CHR - Extension: colorPicker 0.9 = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jegimleidpfmpepbfajjlielaheedkdo\0.9.90_0\
CHR - Extension: Gestures for Chrome(TM) = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk\1.12.1_0\
CHR - Extension: Evernote Web = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Awesome New Tab Page = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2012.105.106.100_0\
CHR - Extension: Norton Identity Protection = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\
CHR - Extension: Plants vs Zombies = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5_0\
CHR - Extension: Gmail = C:\Users\Skilz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/06/23 13:19:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] g:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Skilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A953ED16-64DE-4BB6-954D-50DE044C0253}: DhcpNameServer = 192.168.1.1
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\appinit_dll.dll) - C:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/01/21 16:28:39 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 13:21:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/23 13:19:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/23 13:14:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/22 23:47:20 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/22 23:37:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/06/22 20:11:10 | 000,000,000 | ---D | C] -- C:\Users\Skilz\Desktop\tdsskiller
[2012/06/22 19:46:11 | 000,000,000 | ---D | C] -- C:\Users\Skilz\Desktop\bootkit_remover
[2012/06/22 19:20:36 | 001,092,728 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa64.sys
[2012/06/22 19:20:36 | 000,737,912 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.sys
[2012/06/22 19:20:36 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds64.sys
[2012/06/22 19:20:36 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnets.sys
[2012/06/22 19:20:36 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ironx64.sys
[2012/06/22 19:20:36 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.sys
[2012/06/22 19:20:36 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.sys
[2012/06/22 19:20:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1307010.005
[2012/06/22 18:41:19 | 000,000,000 | ---D | C] -- C:\Users\Skilz\Documents\Rainmeter
[2012/06/22 18:41:19 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Rainmeter
[2012/06/22 18:39:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/22 18:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter
[2012/06/22 18:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter
[2012/06/22 18:13:04 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\CrashDumps
[2012/06/22 17:56:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/22 17:56:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/22 17:56:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/22 17:48:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 17:48:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/22 17:29:34 | 004,565,264 | R--- | C] (Swearware) -- C:\Users\Skilz\Desktop\ComboFix.exe
[2012/06/22 17:28:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Skilz\Desktop\aswMBR.exe
[2012/06/22 17:27:01 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Skilz\Desktop\tdsskiller.exe
[2012/06/22 17:20:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Skilz\Desktop\dds.scr
[2012/06/22 17:02:54 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Malwarebytes
[2012/06/22 17:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/22 17:02:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/22 17:02:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/22 17:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/22 16:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012/06/22 16:57:50 | 014,662,576 | ---- | C] (Foxit Corporation ) -- C:\Users\Skilz\Desktop\FoxitReader531.0606_enu_Setup.exe
[2012/06/22 16:43:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Skilz\Desktop\OTL.exe
[2012/06/22 16:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/06/22 16:40:31 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/06/22 16:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SymSilent
[2012/06/22 16:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/06/22 16:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/06/22 16:40:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2012/06/22 16:40:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/06/22 16:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012/06/22 16:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/06/22 16:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/06/22 16:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/06/22 16:33:40 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\ElevatedDiagnostics
[2012/06/22 14:37:12 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/06/22 14:25:15 | 000,090,544 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2012/06/22 14:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2012/06/22 14:19:17 | 000,000,000 | ---D | C] -- C:\CPU Monitor
[2012/06/22 14:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vertus Fluid Mask 3
[2012/06/22 14:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vertus Fluid Mask 3
[2012/06/22 14:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\VertusTech
[2012/06/22 14:06:50 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\WinRAR
[2012/06/22 14:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012/06/22 13:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\GlobalSCAPE
[2012/06/22 13:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlobalSCAPE
[2012/06/22 13:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GlobalSCAPE
[2012/06/21 22:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/06/21 22:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/06/21 22:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/06/21 22:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/06/21 22:30:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2012/06/21 22:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS5
[2012/06/21 22:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/06/21 22:27:50 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\Adobe
[2012/06/21 22:05:05 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\Skyrim
[2012/06/21 22:04:39 | 000,000,000 | ---D | C] -- C:\Users\Skilz\Documents\My Games
[2012/06/21 21:56:13 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\NVIDIA
[2012/06/21 21:56:12 | 000,000,000 | ---D | C] -- C:\Users\Skilz\Documents\BioWare
[2012/06/21 21:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012/06/21 21:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012/06/21 21:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit)
[2012/06/21 21:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet
[2012/06/21 21:17:00 | 000,000,000 | ---D | C] -- C:\Downloads
[2012/06/21 21:07:32 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\BitComet
[2012/06/21 20:56:09 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\Power2Go
[2012/06/21 20:19:32 | 000,000,000 | ---D | C] -- C:\Temp
[2012/06/21 20:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Tool Kit
[2012/06/21 20:18:59 | 000,016,384 | ---- | C] (BitLeader) -- C:\Windows\SysWow64\lgfwunis.exe
[2012/06/21 20:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lg_fwupdate
[2012/06/21 20:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Power Tools
[2012/06/21 20:18:14 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\CyberLink
[2012/06/21 20:17:28 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LG Power Tools
[2012/06/21 20:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2012/06/21 20:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/06/21 20:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012/06/21 02:06:53 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/06/21 00:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/21 00:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/21 00:11:25 | 000,000,000 | ---D | C] -- C:\aws
[2012/06/21 00:11:18 | 000,000,000 | ---D | C] -- C:\Asus WebStorage
[2012/06/21 00:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
[2012/06/21 00:06:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Git
[2012/06/21 00:06:14 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Apple Computer
[2012/06/21 00:06:14 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\Apple Computer
[2012/06/21 00:06:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/21 00:06:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/06/21 00:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/21 00:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/21 00:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/21 00:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/06/21 00:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/06/21 00:05:51 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\Apple
[2012/06/21 00:05:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/06/21 00:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/06/21 00:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/06/21 00:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/06/21 00:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/06/21 00:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/06/21 00:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2012/06/21 00:04:10 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\ASUS WebStorage
[2012/06/21 00:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS WebStorage
[2012/06/21 00:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012/06/20 23:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/06/20 23:58:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012/06/20 23:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/06/20 23:58:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012/06/20 23:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/06/20 23:54:18 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\Spotify
[2012/06/20 23:52:20 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Spotify
[2012/06/20 23:51:17 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012/06/20 23:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3
[2012/06/20 23:37:13 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/06/20 23:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/06/20 23:37:12 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Notepad++
[2012/06/20 23:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2012/06/20 23:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012/06/20 23:31:00 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Origin
[2012/06/20 23:31:00 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\Origin
[2012/06/20 23:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/06/20 23:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012/06/20 23:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/06/20 23:30:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012/06/20 23:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/06/20 23:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/06/20 23:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/06/20 23:26:35 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\GlobalSCAPE
[2012/06/20 23:26:35 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\GlobalSCAPE
[2012/06/20 23:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/06/20 23:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/20 23:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/20 23:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/20 22:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/06/20 22:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/06/20 22:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/06/20 22:59:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/06/20 22:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/06/20 19:07:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/06/20 19:07:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/06/20 19:02:46 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012/06/20 19:02:43 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012/06/20 01:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/06/20 01:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/06/20 01:53:42 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/06/20 01:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/06/20 01:47:07 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/06/20 01:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2012/06/20 01:38:43 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Intel Corporation
[2012/06/20 01:37:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/06/20 01:37:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/06/20 01:33:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/06/20 01:31:42 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Opera
[2012/06/20 01:31:42 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\Opera
[2012/06/20 01:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2012/06/20 01:26:23 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Macromedia
[2012/06/20 01:25:51 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/20 01:25:33 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\Google
[2012/06/20 01:25:30 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\Deployment
[2012/06/20 01:25:30 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\Apps
[2012/06/20 01:25:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/06/20 01:20:45 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision X
[2012/06/20 01:20:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision X
[2012/06/20 01:07:21 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Mozilla
[2012/06/20 01:07:21 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\Mozilla
[2012/06/20 01:07:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/06/20 01:06:59 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Splashtop Remote Client
[2012/06/20 01:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012/06/20 01:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
[2012/06/20 01:06:43 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\{E0EE56A0-0D7C-4595-B400-919A3BA48EC1}
[2012/06/20 01:05:58 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Adobe
[2012/06/20 01:05:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012/06/20 01:05:40 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\WinZip
[2012/06/20 01:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012/06/20 01:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2012/06/20 01:05:03 | 000,066,336 | ---- | C] (Lucidlogix Inc.) -- C:\Windows\SysNative\drivers\VirtuWDDM.sys
[2012/06/20 01:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIRTU MVP
[2012/06/20 01:05:02 | 000,475,424 | ---- | C] (Lucidlogix Inc.) -- C:\Windows\SysNative\appinit_dll.dll
[2012/06/20 01:05:02 | 000,429,856 | ---- | C] (Lucidlogix Inc.) -- C:\Windows\SysWow64\appinit_dll.dll
[2012/06/20 01:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\Lucidlogix Technologies
[2012/06/20 01:05:02 | 000,000,000 | ---D | C] -- C:\Users\Skilz\Lucidlogix
[2012/06/20 01:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAN Optimizer
[2012/06/20 01:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros ASAV
[2012/06/20 01:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/06/20 01:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/06/20 01:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/06/20 01:04:18 | 000,066,160 | ---- | C] (Giga-Byte Technology CO., LTD.) -- C:\Windows\SysNative\drivers\VirtDiskBus64.sys
[2012/06/20 01:04:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2012/06/20 01:01:47 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\Evernote
[2012/06/20 01:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012/06/20 01:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2012/06/20 00:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
[2012/06/20 00:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2012/06/20 00:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\GIGABYTE
[2012/06/20 00:59:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE
[2012/06/20 00:58:58 | 000,104,560 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2012/06/20 00:58:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012/06/20 00:58:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2012/06/20 00:58:16 | 000,085,504 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2012/06/20 00:58:16 | 000,083,968 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2012/06/20 00:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2012/06/20 00:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/06/20 00:57:50 | 000,020,992 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/06/20 00:57:48 | 000,017,920 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/06/20 00:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/06/20 00:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012/06/20 00:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012/06/20 00:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/06/20 00:56:47 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012/06/20 00:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012/06/20 00:56:30 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/06/20 00:56:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/06/20 00:56:30 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\InstallShield
[2012/06/20 00:56:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
[2012/06/20 00:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop
[2012/06/20 00:56:09 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Splashtop
[2012/06/20 00:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop
[2012/06/20 00:56:02 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/06/20 00:54:20 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/06/20 00:53:26 | 000,000,000 | R--D | C] -- C:\Users\Skilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/20 00:53:26 | 000,000,000 | R--D | C] -- C:\Users\Skilz\Searches
[2012/06/20 00:53:26 | 000,000,000 | R--D | C] -- C:\Users\Skilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/20 00:53:26 | 000,000,000 | -H-D | C] -- C:\Users\Skilz\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/06/20 00:53:20 | 000,000,000 | R--D | C] -- C:\Users\Skilz\Contacts
[2012/06/20 00:53:20 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Identities
[2012/06/20 00:53:19 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\VirtualStore
[2012/06/20 00:53:17 | 000,000,000 | --SD | C] -- C:\Users\Skilz\AppData\Roaming\Microsoft
[2012/06/20 00:53:17 | 000,000,000 | R--D | C] -- C:\Users\Skilz\Videos
[2012/06/20 00:53:17 | 000,000,000 | R--D | C] -- C:\Users\Skilz\Saved Games
[2012/06/20 00:53:17 | 000,000,000 | R--D | C] -- C:\Users\Skilz\Pictures
[2012/06/20 00:53:17 | 000,000,000 | R--D | C] -- C:\Users\Skilz\Music
[2012/06/20 00:53:17 | 000,000,000 | R--D | C] -- C:\Users\Skilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/20 00:53:17 | 000,000,000 | R--D | C] -- C:\Users\Skilz\Links
[2012/06/20 00:53:17 | 000,000,000 | R--D | C] -- C:\Users\Skilz\Favorites
[2012/06/20 00:53:17 | 000,000,000 | R--D | C] -- C:\Users\Skilz\Downloads
[2012/06/20 00:53:17 | 000,000,000 | R--D | C] -- C:\Users\Skilz\Documents
[2012/06/20 00:53:17 | 000,000,000 | R--D | C] -- C:\Users\Skilz\Desktop
[2012/06/20 00:53:17 | 000,000,000 | R--D | C] -- C:\Users\Skilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/20 00:53:17 | 000,000,000 | -HSD | C] -- C:\Users\Skilz\AppData\Local\Temporary Internet Files
[2012/06/20 00:53:17 | 000,000,000 | -HSD | C] -- C:\Users\Skilz\Templates
[2012/06/20 00:53:17 | 000,000,000 | -HSD | C] -- C:\Users\Skilz\Start Menu
[2012/06/20 00:53:17 | 000,000,000 | -HSD | C] -- C:\Users\Skilz\SendTo
[2012/06/20 00:53:17 | 000,000,000 | -HSD | C] -- C:\Users\Skilz\Recent
[2012/06/20 00:53:17 | 000,000,000 | -HSD | C] -- C:\Users\Skilz\PrintHood
[2012/06/20 00:53:17 | 000,000,000 | -HSD | C] -- C:\Users\Skilz\NetHood
[2012/06/20 00:53:17 | 000,000,000 | -HSD | C] -- C:\Users\Skilz\Documents\My Videos
[2012/06/20 00:53:17 | 000,000,000 | -HSD | C] -- C:\Users\Skilz\Documents\My Pictures
[2012/06/20 00:53:17 | 000,000,000 | -HSD | C] -- C:\Users\Skilz\Documents\My Music
[2012/06/20 00:53:17 | 000,000,000 | -HSD | C] -- C:\Users\Skilz\My Documents
[2012/06/20 00:53:17 | 000,000,000 | -HSD | C] -- C:\Users\Skilz\Local Settings
[2012/06/20 00:53:17 | 000,000,000 | -HSD | C] -- C:\Users\Skilz\AppData\Local\History
[2012/06/20 00:53:17 | 000,000,000 | -HSD | C] -- C:\Users\Skilz\Cookies
[2012/06/20 00:53:17 | 000,000,000 | -HSD | C] -- C:\Users\Skilz\Application Data
[2012/06/20 00:53:17 | 000,000,000 | -HSD | C] -- C:\Users\Skilz\AppData\Local\Application Data
[2012/06/20 00:53:17 | 000,000,000 | -H-D | C] -- C:\Users\Skilz\AppData
[2012/06/20 00:53:17 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\Temp
[2012/06/20 00:53:17 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Local\Microsoft
[2012/06/20 00:53:17 | 000,000,000 | ---D | C] -- C:\Users\Skilz\AppData\Roaming\Media Center Programs
[2012/06/20 00:53:12 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/06/20 00:47:55 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/06/20 00:31:21 | 000,000,000 | ---D | C] -- C:\Intel
[2012/06/20 00:27:27 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/06/20 00:24:07 | 000,000,000 | ---D | C] -- C:\Recovery
 
========== Files - Modified Within 30 Days ==========

[2012/06/23 15:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/23 15:30:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-901204113-2561923739-3919432305-1000UA.job
[2012/06/23 15:21:44 | 000,012,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 15:21:44 | 000,012,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 13:19:48 | 000,000,342 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012/06/23 13:19:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/23 13:19:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/23 13:19:37 | 4265,312,254 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/23 12:44:43 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-901204113-2561923739-3919432305-1000Core.job
[2012/06/23 12:41:16 | 000,001,467 | ---- | M] () -- C:\Users\Skilz\Desktop\ComboFix - Shortcut.lnk
[2012/06/22 23:10:24 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/22 23:10:24 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/22 23:10:24 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/22 20:06:38 | 002,109,806 | ---- | M] () -- C:\Users\Skilz\Desktop\tdsskiller.zip
[2012/06/22 19:52:42 | 000,000,512 | ---- | M] () -- C:\Users\Skilz\Desktop\MBR.dat
[2012/06/22 19:46:00 | 000,044,607 | ---- | M] () -- C:\Users\Skilz\Desktop\bootkit_remover.zip
[2012/06/22 19:21:49 | 000,002,498 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/06/22 19:21:42 | 001,826,817 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\Cat.DB
[2012/06/22 19:21:38 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\VT20120410.035
[2012/06/22 19:20:50 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/06/22 19:20:50 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/06/22 19:20:50 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/06/22 18:35:01 | 000,001,718 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2012/06/22 18:12:50 | 001,012,656 | ---- | M] () -- C:\Users\Skilz\Desktop\rkill.com
[2012/06/22 17:29:54 | 004,565,264 | R--- | M] (Swearware) -- C:\Users\Skilz\Desktop\ComboFix.exe
[2012/06/22 17:28:49 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Skilz\Desktop\aswMBR.exe
[2012/06/22 17:27:08 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Skilz\Desktop\tdsskiller.exe
[2012/06/22 17:20:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Skilz\Desktop\dds.scr
[2012/06/22 17:02:38 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/22 16:57:59 | 014,662,576 | ---- | M] (Foxit Corporation ) -- C:\Users\Skilz\Desktop\FoxitReader531.0606_enu_Setup.exe
[2012/06/22 16:44:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Skilz\Desktop\OTL.exe
[2012/06/22 16:38:48 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2012/06/22 16:07:01 | 004,828,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/22 14:25:15 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2012/06/22 14:13:21 | 000,000,348 | ---- | M] () -- C:\Windows\SysWow64\aibkdhj.tgz
[2012/06/22 14:13:21 | 000,000,114 | ---- | M] () -- C:\Windows\SysWow64\prsgrc.tgz
[2012/06/22 14:13:21 | 000,000,086 | ---- | M] () -- C:\Windows\SysWow64\ssprs.tgz
[2012/06/22 14:11:56 | 000,001,024 | ---- | M] () -- C:\Windows\SysWow64\obfci80.tgz
[2012/06/22 14:11:56 | 000,001,024 | ---- | M] () -- C:\Windows\SysWow64\obfci80.dll
[2012/06/22 14:11:56 | 000,001,024 | ---- | M] () -- C:\Windows\SysWow64\grcauth2.dll
[2012/06/22 14:11:56 | 000,001,024 | ---- | M] () -- C:\Windows\SysWow64\grcauth1.dll
[2012/06/22 14:11:56 | 000,001,024 | ---- | M] () -- C:\Windows\SysWow64\clauth2.dll
[2012/06/22 14:11:56 | 000,001,024 | ---- | M] () -- C:\Windows\SysWow64\clauth1.dll
[2012/06/21 20:33:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/06/21 20:20:00 | 000,016,384 | ---- | M] (BitLeader) -- C:\Windows\SysWow64\lgfwunis.exe
[2012/06/21 00:17:47 | 000,002,050 | ---- | M] () -- C:\Users\Skilz\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/21 00:06:50 | 000,001,880 | ---- | M] () -- C:\Users\Skilz\Application Data\Microsoft\Internet Explorer\Quick Launch\Git Bash.lnk
[2012/06/20 17:56:38 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2012/06/20 17:56:38 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2012/06/20 01:53:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/06/20 01:50:25 | 000,001,443 | ---- | M] () -- C:\Users\Skilz\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/20 01:48:44 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/06/20 01:48:44 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/20 01:46:56 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/06/20 01:07:22 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2012/06/20 01:04:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_VirtDiskBus64_01009.Wdf
[2012/06/20 01:02:09 | 000,001,133 | ---- | M] () -- C:\Users\Skilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012/06/20 00:59:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2012/06/20 00:48:59 | 000,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/06/20 00:48:59 | 000,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/06/20 00:24:23 | 000,171,136 | RHS- | M] () -- C:\w7ldr

========== Files Created - No Company Name ==========

[2012/06/23 12:41:16 | 000,001,467 | ---- | C] () -- C:\Users\Skilz\Desktop\ComboFix - Shortcut.lnk
[2012/06/22 20:06:30 | 002,109,806 | ---- | C] () -- C:\Users\Skilz\Desktop\tdsskiller.zip
[2012/06/22 19:45:59 | 000,044,607 | ---- | C] () -- C:\Users\Skilz\Desktop\bootkit_remover.zip
[2012/06/22 19:21:49 | 000,002,498 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/06/22 19:21:38 | 001,826,817 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\Cat.DB
[2012/06/22 19:21:38 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\VT20120410.035
[2012/06/22 19:20:36 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds64.cat
[2012/06/22 19:20:36 | 000,007,468 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.cat
[2012/06/22 19:20:36 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.cat
[2012/06/22 19:20:36 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa64.cat
[2012/06/22 19:20:36 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnet64.cat
[2012/06/22 19:20:36 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.cat
[2012/06/22 19:20:36 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\iron.cat
[2012/06/22 19:20:36 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa.inf
[2012/06/22 19:20:36 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds.inf
[2012/06/22 19:20:36 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnet.inf
[2012/06/22 19:20:36 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.inf
[2012/06/22 19:20:36 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.inf
[2012/06/22 19:20:36 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.inf
[2012/06/22 19:20:36 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\iron.inf
[2012/06/22 19:20:34 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symvtcer.dat
[2012/06/22 19:20:34 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\isolate.ini
[2012/06/22 18:35:01 | 000,001,718 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2012/06/22 18:12:45 | 001,012,656 | ---- | C] () -- C:\Users\Skilz\Desktop\rkill.com
[2012/06/22 17:56:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/22 17:56:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/22 17:56:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/22 17:56:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/22 17:56:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/22 17:32:21 | 000,000,512 | ---- | C] () -- C:\Users\Skilz\Desktop\MBR.dat
[2012/06/22 17:02:38 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/22 16:40:31 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/06/22 16:40:31 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/06/22 14:25:15 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2012/06/22 14:11:56 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\obfci80.tgz
[2012/06/21 22:29:57 | 000,001,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/06/21 20:33:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/06/21 20:19:02 | 000,000,342 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012/06/21 00:17:47 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/21 00:06:50 | 000,001,880 | ---- | C] () -- C:\Users\Skilz\Application Data\Microsoft\Internet Explorer\Quick Launch\Git Bash.lnk
[2012/06/21 00:05:51 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/06/20 23:54:17 | 000,001,799 | ---- | C] () -- C:\Users\Skilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/06/20 22:59:22 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/06/20 22:59:10 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/06/20 19:02:58 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012/06/20 19:02:52 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
[2012/06/20 19:02:40 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012/06/20 19:02:36 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012/06/20 19:02:36 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012/06/20 19:02:31 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012/06/20 01:53:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/06/20 01:48:44 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/06/20 01:48:44 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/20 01:38:50 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/06/20 01:38:50 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref
[2012/06/20 01:34:08 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/20 01:31:41 | 000,001,847 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012/06/20 01:25:33 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-901204113-2561923739-3919432305-1000UA.job
[2012/06/20 01:25:33 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-901204113-2561923739-3919432305-1000Core.job
[2012/06/20 01:08:02 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\obfci80.dll
[2012/06/20 01:08:02 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2012/06/20 01:08:02 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2012/06/20 01:08:02 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2012/06/20 01:08:02 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2012/06/20 01:08:02 | 000,000,348 | ---- | C] () -- C:\Windows\SysWow64\aibkdhj.tgz
[2012/06/20 01:08:02 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.tgz
[2012/06/20 01:08:02 | 000,000,086 | ---- | C] () -- C:\Windows\SysWow64\ssprs.tgz
[2012/06/20 01:08:02 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\v16qi5y.dll
[2012/06/20 01:07:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/06/20 01:07:17 | 000,002,050 | ---- | C] () -- C:\Users\Skilz\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/20 01:04:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/06/20 01:04:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_VirtDiskBus64_01009.Wdf
[2012/06/20 01:02:09 | 000,001,133 | ---- | C] () -- C:\Users\Skilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012/06/20 00:59:45 | 000,001,443 | ---- | C] () -- C:\Users\Skilz\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/20 00:59:07 | 000,031,272 | ---- | C] () -- C:\Windows\SysNative\AppleChargerSrv.exe
[2012/06/20 00:59:07 | 000,021,616 | ---- | C] () -- C:\Windows\SysNative\drivers\AppleCharger.sys
[2012/06/20 00:59:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2012/06/20 00:58:23 | 000,001,220 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2012/06/20 00:57:26 | 000,079,360 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll
[2012/06/20 00:57:26 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2012/06/20 00:57:26 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/06/20 00:57:26 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2012/06/20 00:57:26 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp
[2012/06/20 00:57:26 | 000,009,216 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/06/20 00:57:25 | 018,098,176 | ---- | C] () -- C:\Windows\SysNative\ig4icd64.dll
[2012/06/20 00:57:25 | 013,184,512 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/06/20 00:57:25 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012/06/20 00:57:25 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/06/20 00:57:25 | 000,963,912 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin
[2012/06/20 00:57:25 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/20 00:57:25 | 000,261,208 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin
[2012/06/20 00:57:25 | 000,221,099 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012/06/20 00:57:25 | 000,207,830 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012/06/20 00:57:25 | 000,191,775 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012/06/20 00:57:25 | 000,164,334 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012/06/20 00:57:25 | 000,161,613 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012/06/20 00:57:25 | 000,157,226 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012/06/20 00:57:25 | 000,148,033 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012/06/20 00:57:25 | 000,146,675 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012/06/20 00:57:25 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/06/20 00:57:25 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin
[2012/06/20 00:57:25 | 000,145,687 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012/06/20 00:57:25 | 000,145,579 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012/06/20 00:57:25 | 000,144,338 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012/06/20 00:57:25 | 000,143,805 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012/06/20 00:57:25 | 000,143,155 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012/06/20 00:57:25 | 000,142,664 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012/06/20 00:57:25 | 000,142,335 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012/06/20 00:57:25 | 000,142,189 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012/06/20 00:57:25 | 000,141,644 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012/06/20 00:57:25 | 000,141,435 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012/06/20 00:57:25 | 000,140,923 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012/06/20 00:57:25 | 000,140,885 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012/06/20 00:57:25 | 000,140,549 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012/06/20 00:57:25 | 000,140,122 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012/06/20 00:57:25 | 000,139,487 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012/06/20 00:57:25 | 000,136,451 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012/06/20 00:57:25 | 000,136,369 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012/06/20 00:57:25 | 000,135,868 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012/06/20 00:57:25 | 000,131,317 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012/06/20 00:57:25 | 000,124,962 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012/06/20 00:57:25 | 000,123,467 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012/06/20 00:57:25 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2012/06/20 00:57:25 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/06/20 00:57:25 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/06/20 00:57:25 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/06/20 00:57:25 | 000,018,488 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/06/20 00:57:25 | 000,000,264 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2012/06/20 00:57:14 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2012/06/20 00:56:09 | 000,001,416 | ---- | C] () -- C:\Users\Skilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk
[2012/06/20 00:55:23 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/06/20 00:53:28 | 000,001,415 | ---- | C] () -- C:\Users\Skilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/06/20 00:53:27 | 000,001,449 | ---- | C] () -- C:\Users\Skilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/06/20 00:53:17 | 000,000,290 | ---- | C] () -- C:\Users\Skilz\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/06/20 00:53:17 | 000,000,272 | ---- | C] () -- C:\Users\Skilz\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/06/20 00:48:54 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/06/20 00:48:51 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/06/20 00:47:46 | 4265,312,254 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/20 00:24:23 | 000,171,136 | RHS- | C] () -- C:\w7ldr
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/12/08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== LOP Check ==========

[2012/06/22 23:04:37 | 000,000,000 | ---D | M] -- C:\Users\Skilz\AppData\Roaming\ASUS WebStorage
[2012/06/22 16:04:49 | 000,000,000 | ---D | M] -- C:\Users\Skilz\AppData\Roaming\BitComet
[2012/06/20 23:26:35 | 000,000,000 | ---D | M] -- C:\Users\Skilz\AppData\Roaming\GlobalSCAPE
[2012/06/20 23:38:07 | 000,000,000 | ---D | M] -- C:\Users\Skilz\AppData\Roaming\Notepad++
[2012/06/21 21:11:49 | 000,000,000 | ---D | M] -- C:\Users\Skilz\AppData\Roaming\Opera
[2012/06/20 23:31:58 | 000,000,000 | ---D | M] -- C:\Users\Skilz\AppData\Roaming\Origin
[2012/06/22 18:41:19 | 000,000,000 | ---D | M] -- C:\Users\Skilz\AppData\Roaming\Rainmeter
[2012/06/20 00:56:24 | 000,000,000 | ---D | M] -- C:\Users\Skilz\AppData\Roaming\Splashtop
[2012/06/20 01:07:01 | 000,000,000 | ---D | M] -- C:\Users\Skilz\AppData\Roaming\Splashtop Remote Client
[2012/06/22 16:30:55 | 000,000,000 | ---D | M] -- C:\Users\Skilz\AppData\Roaming\Spotify
[2009/07/13 22:08:49 | 000,012,896 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/11/20 05:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2012/06/20 01:46:56 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/06/23 13:21:04 | 000,031,180 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/06/20 01:00:50 | 000,000,156 | ---- | M] () -- C:\csb.log
[2012/06/23 13:19:37 | 4265,312,254 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/20 22:52:58 | 000,000,836 | ---- | M] () -- C:\lucid.log
[2012/06/23 13:19:37 | 4232,052,731 | -HS- | M] () -- C:\pagefile.sys
[2012/06/22 18:14:55 | 000,001,300 | ---- | M] () -- C:\rkill.log
[2012/06/22 17:28:07 | 000,132,694 | ---- | M] () -- C:\TDSSKiller.2.7.41.0_22.06.2012_17.27.17_log.txt
[2012/06/22 20:11:59 | 000,133,052 | ---- | M] () -- C:\TDSSKiller.2.7.41.0_22.06.2012_20.11.14_log.txt
[2012/06/20 00:24:23 | 000,171,136 | RHS- | M] () -- C:\w7ldr

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >
[2009/02/25 23:50:32 | 000,000,176 | ---- | M] () -- C:\Windows\explorer.exe.config

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/06/20 01:50:25 | 000,000,221 | -HS- | M] () -- C:\Users\Skilz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/22 17:28:49 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Skilz\Desktop\aswMBR.exe
[2012/06/22 17:29:54 | 004,565,264 | R--- | M] (Swearware) -- C:\Users\Skilz\Desktop\ComboFix.exe
[2012/06/22 16:57:59 | 014,662,576 | ---- | M] (Foxit Corporation ) -- C:\Users\Skilz\Desktop\FoxitReader531.0606_enu_Setup.exe
[2012/06/22 16:44:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Skilz\Desktop\OTL.exe
[2012/06/22 17:27:08 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Skilz\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/23 15:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/23 12:44:43 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-901204113-2561923739-3919432305-1000Core.job
[2012/06/23 15:30:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-901204113-2561923739-3919432305-1000UA.job
[2012/06/23 13:19:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/13 22:08:49 | 000,012,896 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/06/20 19:38:02 | 000,000,402 | -HS- | M] () -- C:\Users\Skilz\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >
< End of report >
 
OTL logs look all clean.

Delete your Combofix file, download fresh one and post new log.
 
ComboFix 12-06-23.05 - Skilz 06/23/2012 16:15:40.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16346.13608 [GMT -7:00]
Running from: c:\users\Skilz\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 23:19 . 2012-06-23 23:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 06:47 . 2012-06-23 06:47 -------- d-----w- C:\FRST
2012-06-23 06:37 . 2012-06-23 06:37 -------- d-----w- c:\windows\system32\Macromed
2012-06-23 01:39 . 2012-06-23 01:39 -------- d-----w- C:\_OTL
2012-06-23 01:35 . 2012-06-23 01:44 -------- d-----w- c:\program files\Rainmeter
2012-06-23 00:02 . 2012-06-23 00:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-23 00:02 . 2012-06-23 00:02 -------- d-----w- c:\programdata\Malwarebytes
2012-06-23 00:02 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 23:58 . 2012-06-22 23:58 -------- d-----w- c:\program files (x86)\Foxit Software
2012-06-22 23:40 . 2012-06-22 23:40 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-06-22 23:40 . 2012-06-23 02:20 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-22 23:40 . 2012-06-23 02:20 -------- d-----w- c:\program files\Symantec
2012-06-22 23:40 . 2012-06-22 23:40 -------- d-----w- c:\users\Public\Symantec
2012-06-22 23:40 . 2012-06-22 23:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-06-22 23:40 . 2012-06-22 23:40 -------- d-----w- c:\program files (x86)\SymSilent
2012-06-22 23:40 . 2012-06-23 02:21 -------- d-----w- c:\windows\system32\drivers\NISx64
2012-06-22 23:40 . 2012-06-22 23:40 -------- d-----w- c:\programdata\Norton
2012-06-22 23:40 . 2012-06-22 23:40 -------- d-----w- c:\program files (x86)\Norton Internet Security
2012-06-22 23:40 . 2012-06-22 23:40 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-06-22 21:41 . 2012-06-18 10:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4FCF840-2E30-48EE-9EF4-550C0C991BFF}\mpengine.dll
2012-06-22 21:37 . 2012-06-22 21:37 -------- d-----w- c:\windows\Sun
2012-06-22 21:25 . 2009-07-27 02:54 90544 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-06-22 21:19 . 2012-06-22 21:19 -------- d-----w- c:\windows\system32\wbem\Framework
2012-06-22 21:19 . 2012-06-22 21:22 -------- d-----w- C:\CPU Monitor
2012-06-22 21:14 . 2012-06-22 21:14 -------- d-----w- c:\program files (x86)\Vertus Fluid Mask 3
2012-06-22 21:11 . 2012-06-22 21:11 -------- d-----w- c:\programdata\VertusTech
2012-06-22 20:57 . 2012-06-22 20:57 -------- d-----w- c:\programdata\GlobalSCAPE
2012-06-22 20:56 . 2012-06-22 20:56 -------- d-----w- c:\program files (x86)\GlobalSCAPE
2012-06-22 05:32 . 2012-06-22 05:32 -------- d-----w- c:\programdata\ALM
2012-06-22 05:31 . 2012-06-22 05:32 -------- d-----w- c:\program files\Common Files\Adobe
2012-06-22 05:30 . 2012-06-22 05:30 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-06-22 05:29 . 2012-06-22 05:29 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-06-22 04:56 . 2012-06-22 04:56 -------- d-----w- c:\programdata\EA Core
2012-06-22 04:55 . 2012-06-22 05:24 -------- d-----w- c:\programdata\EA Logs
2012-06-22 04:22 . 2012-06-22 04:22 -------- d-----w- c:\program files\BitComet
2012-06-22 04:17 . 2012-06-22 04:17 -------- d-----w- C:\Downloads
2012-06-22 03:31 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-22 03:31 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-22 03:19 . 2012-06-22 03:20 -------- d-----w- C:\Temp
2012-06-22 03:18 . 2012-06-22 03:20 16384 ----a-w- c:\windows\SysWow64\lgfwunis.exe
2012-06-22 03:18 . 2001-08-30 04:00 59904 ----a-w- c:\windows\SysWow64\wbemdisp.tlb
2012-06-22 03:18 . 1998-07-22 07:00 102912 ----a-w- c:\windows\SysWow64\Vb6stkit.dll
2012-06-22 03:18 . 1998-07-22 07:00 102160 ----a-w- c:\windows\SysWow64\VB6KO.DLL
2012-06-22 03:18 . 1998-06-24 07:00 115016 ----a-w- c:\windows\SysWow64\MSINET.OCX
2012-06-22 03:18 . 2012-06-23 23:20 -------- d-----w- c:\program files (x86)\lg_fwupdate
2012-06-22 03:16 . 2012-06-22 03:19 -------- d-----w- c:\program files (x86)\CyberLink
2012-06-22 03:16 . 2012-06-22 03:18 -------- d-----w- c:\programdata\CyberLink
2012-06-22 03:15 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 03:15 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 03:15 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 03:15 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 03:15 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 03:15 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 03:15 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 03:15 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 03:15 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 07:17 . 2012-06-21 07:17 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-21 07:11 . 2012-06-21 07:11 -------- d-----w- C:\aws
2012-06-21 07:11 . 2012-06-21 07:11 -------- d-----w- C:\Asus WebStorage
2012-06-21 07:06 . 2012-06-21 07:06 -------- d-----w- c:\program files (x86)\Git
2012-06-21 07:06 . 2012-06-21 07:06 -------- dc----w- c:\windows\system32\DRVSTORE
2012-06-21 07:05 . 2012-06-21 07:05 -------- d-----w- c:\programdata\Apple
2012-06-21 07:04 . 2012-06-21 07:04 -------- d-----w- c:\programdata\ASUS WebStorage
2012-06-21 07:04 . 2012-06-21 07:04 -------- d-----w- c:\program files (x86)\ASUS
2012-06-21 06:58 . 2012-06-22 04:25 -------- d-----w- c:\program files (x86)\Diablo III
2012-06-21 06:58 . 2012-06-21 07:12 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-06-21 06:58 . 2012-06-21 07:12 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-06-21 06:57 . 2012-06-21 06:58 -------- d-----w- c:\programdata\Battle.net
2012-06-21 06:51 . 2012-06-21 06:51 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-06-21 06:37 . 2012-06-21 06:37 -------- d-----w- c:\program files (x86)\Notepad++
2012-06-21 06:31 . 2012-06-21 06:32 -------- d-----w- c:\program files (x86)\Origin Games
2012-06-21 06:30 . 2012-06-22 04:56 -------- d-----w- c:\programdata\Electronic Arts
2012-06-21 06:30 . 2012-06-22 04:56 -------- d-----w- c:\programdata\Origin
2012-06-21 06:30 . 2012-06-21 06:31 -------- d-----w- c:\program files (x86)\Origin
2012-06-21 06:29 . 2012-06-23 23:20 -------- d-----w- c:\program files (x86)\Steam
2012-06-21 06:29 . 2012-06-21 06:29 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-06-21 06:00 . 2012-06-21 06:00 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-21 06:00 . 2012-06-21 06:00 -------- d-----w- c:\program files (x86)\Oracle
2012-06-21 02:07 . 2012-06-21 02:07 -------- d-----w- c:\windows\system32\SPReview
2012-06-21 02:07 . 2012-06-21 02:07 -------- d-----w- c:\windows\system32\EventProviders
2012-06-21 02:02 . 2010-11-20 13:33 273792 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2012-06-21 01:56 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-06-20 08:53 . 2012-06-20 08:53 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-06-20 08:53 . 2012-06-20 08:53 -------- d-----w- c:\windows\PCHEALTH
2012-06-20 08:52 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-06-20 08:52 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-06-20 08:52 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-06-20 08:51 . 2012-06-20 08:51 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-06-20 08:47 . 2012-06-20 07:53 -------- d-----w- c:\windows\Panther
2012-06-20 08:43 . 2012-06-20 08:43 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-06-20 08:38 . 2012-06-21 00:56 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-06-20 08:37 . 2012-06-20 08:37 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-20 08:37 . 2012-06-20 08:37 -------- d-----w- c:\windows\system32\Wat
2012-06-20 08:34 . 2012-06-23 06:37 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-20 08:34 . 2012-06-23 06:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-20 08:33 . 2012-06-20 08:33 -------- d-----w- c:\windows\SysWow64\Macromed
2012-06-20 08:31 . 2012-06-20 08:31 -------- d-----w- c:\program files (x86)\Opera
2012-06-20 08:11 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-20 08:11 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-20 08:11 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-20 08:11 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-20 08:11 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-20 08:11 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-20 08:11 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-20 08:09 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-06-20 08:08 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-20 08:07 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-06-20 08:06 . 2012-06-20 08:06 -------- d-----w- c:\programdata\Downloaded Installations
2012-06-20 08:05 . 2012-06-20 08:05 -------- d-----w- c:\programdata\WinZip
2012-06-20 08:05 . 2012-01-13 01:37 66336 ----a-w- c:\windows\system32\drivers\VirtuWDDM.sys
2012-06-20 08:05 . 2012-06-20 08:05 -------- d-----w- c:\program files\Lucidlogix Technologies
2012-06-20 08:05 . 2012-01-13 01:36 475424 ----a-w- c:\windows\system32\appinit_dll.dll
2012-06-20 08:05 . 2012-01-13 01:35 429856 ----a-w- c:\windows\SysWow64\appinit_dll.dll
2012-06-20 08:04 . 2012-06-20 08:04 -------- d-----w- c:\program files (x86)\Atheros ASAV
2012-06-20 08:04 . 2012-06-22 05:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-20 08:04 . 2011-02-08 23:02 66160 ----a-w- c:\windows\system32\drivers\VirtDiskBus64.sys
2012-06-20 08:04 . 2012-06-20 08:04 -------- d-----w- c:\program files (x86)\My Company Name
2012-06-20 08:03 . 2012-02-23 17:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-06-20 08:01 . 2012-06-20 08:01 -------- d-----w- c:\program files (x86)\Evernote
2012-06-20 07:58 . 2011-08-11 22:54 104560 ----a-w- c:\windows\system32\drivers\L1C62x64.sys
2012-06-20 07:57 . 2012-06-22 03:18 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-06-20 07:56 . 2012-06-20 08:38 -------- d-----w- c:\programdata\Intel
2012-06-20 07:56 . 2012-06-20 07:56 -------- d-----w- c:\program files\Intel
2012-06-20 07:56 . 2011-12-06 23:55 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2012-06-20 07:56 . 2012-06-20 07:56 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 02:21 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-21 02:21 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-04-25 19:11 . 2012-04-25 19:11 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-04-25 19:11 . 2012-04-25 19:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . BA6EE9B4E38B720A537A3EF48BD5903B . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-06-23_19.52.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-20 08:43 . 2012-06-23 20:21 41188 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2012-06-23 19:52 . 2012-06-23 19:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-23 23:20 . 2012-06-23 23:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-06-23 23:19 316832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-23 19:52 316832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-21 06:00 . 2012-06-23 23:19 1451340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-901204113-2561923739-3919432305-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-08-29 165776]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-06-21 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-08-29 771968]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSPanel.exe" [2012-05-17 3417984]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2012-06-22 557056]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"PWRISOVM.EXE"="g:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Skilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-01-12 274200]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-06-21 30528]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120622.001\IDSvia64.sys [2012-06-22 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [x]
S1 VirtDiskBus;3TB+ Unlock;c:\windows\system32\DRIVERS\VirtDiskBus64.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-21 531328]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-23 138912]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 06:37]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-901204113-2561923739-3919432305-1000Core.job
- c:\users\Skilz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 08:25]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-901204113-2561923739-3919432305-1000UA.job
- c:\users\Skilz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 08:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.2.97\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-12 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-12 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-12 440600]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\appinit_dll.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Skilz\AppData\Roaming\Mozilla\Firefox\Profiles\ex5f8rp2.TonyGotSkilz-home\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://insite.bridgepoint.local/dept/bts/Applications/Engineering%20Dashboard.aspx
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0E5680D1-BF44-4929-94AF-FD30D784AD1D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,83,45,
0a,76,f1,47,0c,eb,b9,be,70,d2,da,e9,09
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"=hex:51,66,7a,6c,4c,1d,38,12,0c,e0,e4,
3d,b8,cc,34,0e,c3,b9,18,39,ba,81,ae,74
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:2d,4c,9d,4a,cc,50,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,3e,10,8d,e5,39,1d,40,bf,f8,c9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,3e,10,8d,e5,39,1d,40,bf,f8,c9,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\nlssrv32.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRSOOBE.exe
.
**************************************************************************
.
Completion time: 2012-06-23 16:21:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 23:21
ComboFix2.txt 2012-06-23 20:21
ComboFix3.txt 2012-06-23 19:54
ComboFix4.txt 2012-06-23 01:25
ComboFix5.txt 2012-06-23 23:15
.
Pre-Run: 130,628,595,712 bytes free
Post-Run: 130,590,568,448 bytes free
.
- - End Of File - - 259C2C2A42514B2BE5F6295FBC76F42B
 
user32.dll may be a possible culprit because I can see it wasn't replaced successfully by Combofix.

Do you still have that USB stick with FRST on it?
If you do delete "fixlist.txt" file from it.
Let me know.
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Post new Combofix log.
 

Attachments

  • fixlist.txt
    153 bytes · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 22-06-2012
Ran by SYSTEM at 2012-06-23 17:29:49 Run:1
Running from H:\

==============================================

c:\windows\SysWOW64\user32.dll moved successfully.
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll copied successfully to c:\windows\SysWOW64\user32.dll

==== End of Fixlog ====
 
Restart computer normally.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code: 
    :filefind
user32.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
You must log in or register to reply here.

Similar threads

D
Avira update is causing Windows PCs to freeze up, no fix in sight
Replies
0
Views
205
DragonSlayer101
D
Shawn Knight
Nintendo Switch console overclocked and modded to run modern PC games
Replies
3
Views
534
hwertz
hwertz
midian182
Microsoft accused of malware-like tactics, again, in attempt to push users onto Bing
Replies
24
Views
779
Hotlynx16
H

Latest posts

Back