Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing Adpeak and Scorpion Saver


  • This topic is locked This topic is locked
12 replies to this topic

#1 ghoulreaper

ghoulreaper

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 01 December 2013 - 04:28 AM

Hi, I am seeing posts about removing Adpeak and Scorpion Saver. I also have both of these. I tried following some directions from helpful people on this site, but I'm not 100% sure I took care of the problem. I used Adwcleaner, Junkware Removal Tool, and Combofix. In my Fast boot asus app, I still see adpeakProxy, and I still see Scorpion Saver in IE add-on's even though it is now disabled. I use Avast antivirus.

I tried downloading DDS log from this site so I could get a jump start on the process, but it never successfully creates a log. It says the scan should not take longer than 3 minutes, but I have given it 15 and don't see any changes on the progress. 

Thanks in advance to anyone who helps me. You guys/gals are heroes. 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:29 PM

Posted 05 December 2013 - 10:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#3 ghoulreaper

ghoulreaper
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 05 December 2013 - 01:42 PM

Hello, nasdaq. Thanks for your help. This is the FRST.txt direct copy and paste.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-12-2013
Ran by Greg (administrator) on GREG-PC on 05-12-2013 10:34:20
Running from C:\Users\Greg\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Instant On\AsInstantOn.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Flux Software LLC) C:\Users\Greg\AppData\Local\FluxSoftware\Flux\flux.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(NEC Electronics Corporation) C:\Program Files (x86)\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Spotify Ltd) C:\Users\Greg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Adpeak, Inc.) C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-28] (Logitech Inc.)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [Cm108Sound] - C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-12] ()
HKCU\...\Run: [F.lux] - C:\Users\Greg\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKCU\...\Run: [SteelSeries Engine] - C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [237056 2012-11-28] (SteelSeries ApS)
MountPoints2: {a93642af-bdc0-11e2-b4db-3085a9a48816} - J:\setup.exe -a
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [RunAIShell] - C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS Easy Update] - C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [195200 2012-01-13] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUS Ai Charger] - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [465536 2011-09-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-29] (AVAST Software)
Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
ShortcutTarget: RollerCoaster Tycoon 3 Registration.lnk -> C:\Users\Greg\AppData\Local\Temp\{11E474EE-9CBA-4C9D-BA0B-F7147C530291}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ScorpionSaver - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
Tcpip\..\Interfaces\{BFBAF071-FB7C-4A10-97D4-F37F15DB85F6}: [NameServer]208.67.222.222,208.67.220.220
 
FireFox:
========
FF ProfilePath: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wj57ik64.default
FF Homepage: hxxp://www.google.com/firefox
FF NewTab: hxxp://www.google.com/firefox
FF SelectedSearchEngine: Google
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR HomePage: hxxp://asus.msn.com/
CHR Extension: (reddit) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\anbjdcdemclgpcafgdehfmmakkhnopen\0.0.0.2_0
CHR Extension: (Google Docs) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0
CHR Extension: (Google Wallet) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 
==================== Services (Whitelisted) =================
 
R3 AdpeakProxy; C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [3688448 2013-10-16] (Adpeak, Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [950912 2011-12-29] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-29] (AVAST Software)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-19] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-19] (CyberLink)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [512504 2013-12-03] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
R2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [76888 2013-12-03] ()
R2 PnkBstrA; C:\windows\SysWow64\PnkBstrA.exe [75064 2013-12-03] ()
 
==================== Drivers (Whitelisted) ====================
 
R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
R2 aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [38984 2013-11-29] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [84328 2013-11-29] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-11-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-29] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1032416 2013-11-29] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [409832 2013-11-29] (AVAST Software)
R1 aswTdi; C:\windows\system32\drivers\aswTdi.sys [65264 2013-11-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-29] ()
S3 GPU-Z; C:\Users\Greg\AppData\Local\Temp\GPU-Z.sys [27008 2013-11-28] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-03-22] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-03-22] (RapidSolution Software AG)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2012-10-15] (SteelSeries Corporation)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [x]
S1 ArcSec; system32\drivers\ArcSec.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-05 10:34 - 2013-12-05 10:34 - 00018018 _____ C:\Users\Greg\Downloads\FRST.txt
2013-12-05 09:42 - 2013-12-05 09:42 - 00000000 ____D C:\FRST
2013-12-05 09:41 - 2013-12-05 09:41 - 01925140 _____ (Farbar) C:\Users\Greg\Downloads\FRST64.exe
2013-12-03 16:57 - 2013-12-03 16:57 - 00076888 _____ C:\windows\system32\PnkBstrA.exe
2013-12-03 16:28 - 2013-12-03 16:28 - 00000000 ____D C:\Users\Greg\Documents\EA Games
2013-12-03 16:22 - 2013-08-15 14:28 - 02601752 _____ C:\windows\SysWOW64\pbsvc_moh.exe
2013-12-03 16:20 - 2013-12-03 16:20 - 00000000 ____D C:\windows\1C4551A64743409391E41477CD655043.TMP
2013-12-02 22:30 - 2013-10-30 09:03 - 00039200 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys
2013-12-02 22:30 - 2013-10-30 09:02 - 00032544 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll
2013-12-01 22:46 - 2013-12-01 22:46 - 00127080 _____ (Spotify Ltd) C:\Users\Greg\Downloads\SpotifySetup.exe
2013-12-01 01:14 - 2013-12-01 01:15 - 00688992 ____R (Swearware) C:\Users\Greg\Downloads\dds (1).com
2013-12-01 00:55 - 2013-12-01 00:55 - 00688992 ____R (Swearware) C:\Users\Greg\Downloads\dds.com
2013-11-30 17:29 - 2013-11-30 17:30 - 00000000 ____D C:\Users\Greg\Documents\cleaning malware
2013-11-30 10:56 - 2013-11-30 10:56 - 00000000 ____D C:\Users\Greg\AppData\Local\CDWLauncher
2013-11-29 22:35 - 2013-12-03 23:48 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Spotify
2013-11-29 22:35 - 2013-12-02 21:33 - 00000000 ____D C:\Users\Greg\AppData\Local\Spotify
2013-11-29 22:35 - 2013-11-29 22:35 - 00001803 _____ C:\Users\Greg\Desktop\Spotify.lnk
2013-11-29 22:35 - 2013-11-29 22:35 - 00001789 _____ C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-11-29 22:34 - 2013-11-29 22:35 - 31419768 _____ (Spotify Ltd) C:\Users\Greg\Downloads\Spotify Installer.exe
2013-11-29 22:31 - 2013-11-29 22:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-29 22:31 - 2013-11-29 22:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-29 22:23 - 2013-11-29 22:23 - 00079991 _____ C:\Users\Greg\Downloads\silverlight.diagcab
2013-11-29 13:16 - 2013-11-29 13:16 - 13079688 _____ (Microsoft Corporation) C:\Users\Greg\Downloads\Silverlight_x64 (3).exe
2013-11-29 12:14 - 2013-11-29 12:14 - 00025404 _____ C:\ComboFix.txt
2013-11-29 11:03 - 2013-11-30 17:22 - 00000000 ____D C:\windows\erdnt
2013-11-29 10:47 - 2013-11-29 10:47 - 00000000 ____D C:\windows\ERUNT
2013-11-29 10:46 - 2013-11-29 10:46 - 01034531 _____ (Thisisu) C:\Users\Greg\Downloads\JRT.exe
2013-11-29 10:35 - 2013-11-29 12:48 - 00000000 ____D C:\AdwCleaner
2013-11-29 10:35 - 2013-11-29 10:35 - 01091882 _____ C:\Users\Greg\Downloads\AdwCleaner.exe
2013-11-29 09:26 - 2013-11-29 09:26 - 00000000 ____D C:\Users\Greg\AppData\Roaming\AVAST Software
2013-11-29 00:03 - 2013-11-29 00:04 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-11-29 00:03 - 2013-11-29 00:04 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-11-28 23:57 - 2013-11-28 23:58 - 13079688 _____ (Microsoft Corporation) C:\Users\Greg\Downloads\Silverlight_x64 (2).exe
2013-11-28 22:30 - 2013-11-29 12:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-28 22:30 - 2013-11-28 22:30 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-28 22:30 - 2013-11-28 22:30 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Mozilla
2013-11-28 22:30 - 2013-11-28 22:30 - 00000000 ____D C:\Users\Greg\AppData\Local\Mozilla
2013-11-28 22:30 - 2013-11-28 22:30 - 00000000 ____D C:\Users\Greg\AppData\Local\Macromedia
2013-11-28 22:30 - 2013-11-28 22:30 - 00000000 ____D C:\ProgramData\Mozilla
2013-11-28 22:30 - 2013-11-28 22:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-28 22:29 - 2013-11-28 22:30 - 00282912 _____ (Mozilla) C:\Users\Greg\Downloads\Firefox Setup Stub 25.0.1-2.exe
2013-11-28 21:34 - 2013-11-28 21:34 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio 1.2
2013-11-28 21:33 - 2013-11-28 21:34 - 00000000 ____D C:\Users\Greg\GameMaker-Studio 1.2
2013-11-28 21:33 - 2013-11-28 21:33 - 00000000 ____D C:\Users\Greg\AppData\Local\GameMaker-Studio
2013-11-28 21:31 - 2013-11-28 21:32 - 141519856 _____ C:\Users\Greg\Downloads\GMStudio-Installer.exe
2013-11-28 20:40 - 2013-12-05 10:02 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-28 20:40 - 2013-12-05 09:30 - 00000890 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-28 19:14 - 2013-11-28 19:19 - 00000000 ____D C:\Users\Greg\Documents\Battlefield 4
2013-11-28 19:11 - 2013-11-28 19:11 - 03821064 _____ C:\Users\Greg\Downloads\battlelog-web-plugins_2.3.2_130.exe
2013-11-28 19:11 - 2013-11-28 19:11 - 00000000 ____D C:\Users\Greg\AppData\Local\ESN
2013-11-28 13:12 - 2013-11-30 14:26 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-11-28 13:11 - 2013-11-28 13:12 - 00000000 ____D C:\ProgramData\Package Cache
2013-11-25 00:03 - 2013-11-25 00:03 - 03065344 _____ C:\Users\Greg\Downloads\20_Ecosystems.ppt
2013-11-24 23:20 - 2013-11-24 23:27 - 187399849 _____ C:\Users\Greg\Downloads\Photosynthesis_test.pptx
2013-11-24 23:19 - 2013-11-24 23:20 - 02187587 _____ C:\Users\Greg\Downloads\19_Photosynthesis.pptx
2013-11-24 21:55 - 2013-11-24 21:55 - 03368960 _____ C:\Users\Greg\Downloads\17_Cellular_Respiration.ppt
2013-11-24 21:32 - 2013-11-24 21:32 - 04422144 _____ C:\Users\Greg\Downloads\18_Feeding_Digestion(2).ppt
2013-11-24 19:16 - 2013-11-24 19:20 - 00832278 _____ C:\Users\Greg\Downloads\SimBio-Grossmont-BIO.zip
2013-11-22 21:00 - 2013-11-22 21:00 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Real
2013-11-22 20:59 - 2013-11-22 20:59 - 16304976 _____ C:\Users\Greg\Downloads\RhapsodyReal.EXE
2013-11-20 20:02 - 2013-11-20 20:02 - 13079688 _____ (Microsoft Corporation) C:\Users\Greg\Downloads\Silverlight_x64 (1).exe
2013-11-20 19:59 - 2013-11-20 19:59 - 13079688 _____ (Microsoft Corporation) C:\Users\Greg\Downloads\Silverlight_x64.exe
2013-11-19 21:36 - 2013-11-19 21:36 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-11-19 21:36 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\windows\system32\AdpeakProxy64.dll
2013-11-19 21:36 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\windows\SysWOW64\AdpeakProxy.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 25257248 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 22951200 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 17560352 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 15862272 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 12613408 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2013-11-19 21:25 - 2013-11-14 03:55 - 11600432 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 11514624 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 09691888 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 09619872 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 03132704 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 03125024 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvenc.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 02947872 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 02747680 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvenc.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 01884448 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6433182.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 01511712 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6433182.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 01242400 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 00707360 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 00657184 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 00609568 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 00562464 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 00479520 _____ (NVIDIA Corporation) C:\windows\system32\nvEncodeAPI64.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 00405280 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncodeAPI.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 00357152 _____ C:\windows\system32\NvIFROpenGL.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 00317472 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 00314656 _____ C:\windows\SysWOW64\NvIFROpenGL.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 00266984 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 00168616 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
2013-11-19 21:25 - 2013-11-14 03:55 - 00141336 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2013-11-19 21:15 - 2013-12-02 22:31 - 00000000 ____D C:\Users\Greg\AppData\Local\NVIDIA Corporation
2013-11-18 21:53 - 2013-11-18 21:53 - 00293448 _____ C:\windows\Minidump\111813-112351-01.dmp
2013-11-18 21:36 - 2013-11-18 21:36 - 00000000 ____D C:\Users\Greg\AppData\Local\TempImages
2013-11-18 21:34 - 2013-11-29 12:38 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-18 21:34 - 2013-11-18 21:34 - 00894600 _____ (CNET Download.com) C:\Users\Greg\Downloads\Unconfirmed 935085.crdownload
2013-11-18 21:34 - 2013-11-18 21:34 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver
2013-11-18 20:15 - 2013-11-18 20:15 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2013-11-18 20:15 - 2013-11-18 20:15 - 00000000 ____D C:\Program Files (x86)\GPU-Z
2013-11-18 20:14 - 2013-11-18 20:14 - 01350232 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Greg\Downloads\GPU-Z.0.7.4.exe
2013-11-14 20:25 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-14 20:25 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-14 20:24 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-14 20:24 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-14 20:24 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-14 20:24 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 20:24 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-14 20:24 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2013-11-14 20:24 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-14 20:24 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-14 20:24 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-14 20:24 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-14 20:24 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-14 20:24 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-14 20:24 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-14 20:24 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-14 20:24 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-14 20:24 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-14 20:24 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-14 20:24 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2013-11-14 20:24 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-14 20:24 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2013-11-14 20:24 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2013-11-14 20:24 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-14 20:24 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-11-14 20:23 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-14 20:23 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-14 20:23 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-14 20:23 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2013-11-14 20:23 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2013-11-11 23:41 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2013-11-11 23:39 - 2013-11-11 23:39 - 23212032 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 17142784 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 12995584 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 11220992 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 05765120 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 04240384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-11 23:39 - 2013-11-11 23:39 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-11 23:39 - 2013-11-11 23:39 - 02332160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 02166272 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 01993728 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-11 23:39 - 2013-11-11 23:39 - 01926656 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-11-11 23:39 - 2013-11-11 23:39 - 01818112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 01394176 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 01156608 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-11-11 23:39 - 2013-11-11 23:39 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-11 23:39 - 2013-11-11 23:39 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-11 23:39 - 2013-11-11 23:39 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-11-11 23:39 - 2013-11-11 23:39 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-11 23:39 - 2013-11-11 23:39 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-11-11 23:39 - 2013-11-11 23:39 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-11 23:38 - 2013-11-11 23:41 - 00007469 _____ C:\windows\IE11_main.log
2013-11-11 08:59 - 2013-11-11 08:59 - 00590112 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvStreaming.exe
2013-11-10 18:14 - 2013-11-10 18:14 - 00000000 ____D C:\Users\Greg\AppData\Local\WB Games
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\windows\SysWOW64\AdpeakProxy.ini
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\windows\system32\AdpeakProxy.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\windows\SysWOW64\AdpeakProxyOff.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\windows\system32\AdpeakProxyOff.ini
 
==================== One Month Modified Files and Folders =======
 
2013-12-05 10:34 - 2013-12-05 10:34 - 00018018 _____ C:\Users\Greg\Downloads\FRST.txt
2013-12-05 10:34 - 2013-01-12 08:30 - 00000000 ____D C:\Users\Greg\AppData\Local\PMB Files
2013-12-05 10:34 - 2013-01-12 08:30 - 00000000 ____D C:\ProgramData\PMB Files
2013-12-05 10:02 - 2013-11-28 20:40 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-05 09:46 - 2009-07-13 20:45 - 00016976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-05 09:46 - 2009-07-13 20:45 - 00016976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-05 09:42 - 2013-12-05 09:42 - 00000000 ____D C:\FRST
2013-12-05 09:41 - 2013-12-05 09:41 - 01925140 _____ (Farbar) C:\Users\Greg\Downloads\FRST64.exe
2013-12-05 09:34 - 2013-01-11 23:45 - 01103997 _____ C:\windows\WindowsUpdate.log
2013-12-05 09:33 - 2013-01-12 23:05 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-05 09:30 - 2013-11-28 20:40 - 00000890 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-05 09:28 - 2013-01-12 00:15 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-05 09:28 - 2009-07-13 21:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-05 09:28 - 2009-07-13 20:51 - 00139122 _____ C:\windows\setupact.log
2013-12-04 20:52 - 2012-03-26 15:08 - 00001906 _____ C:\windows\system32\ServiceFilter.ini
2013-12-03 23:48 - 2013-11-29 22:35 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Spotify
2013-12-03 23:21 - 2013-01-12 22:13 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Skype
2013-12-03 22:06 - 2013-01-14 01:15 - 00214392 _____ C:\windows\SysWOW64\PnkBstrB.exe
2013-12-03 17:00 - 2013-01-14 01:15 - 00214392 _____ C:\windows\SysWOW64\PnkBstrB.ex0
2013-12-03 16:57 - 2013-12-03 16:57 - 00076888 _____ C:\windows\system32\PnkBstrA.exe
2013-12-03 16:28 - 2013-12-03 16:28 - 00000000 ____D C:\Users\Greg\Documents\EA Games
2013-12-03 16:28 - 2013-05-30 17:31 - 00218496 _____ C:\windows\SysWOW64\PnkBstrB.xtr
2013-12-03 16:28 - 2013-05-30 17:31 - 00000000 ____D C:\Users\Greg\AppData\Local\PunkBuster
2013-12-03 16:22 - 2013-01-14 01:15 - 00075064 _____ C:\windows\SysWOW64\PnkBstrA.exe
2013-12-03 16:21 - 2012-03-26 15:19 - 00327145 _____ C:\windows\DirectX.log
2013-12-03 16:20 - 2013-12-03 16:20 - 00000000 ____D C:\windows\1C4551A64743409391E41477CD655043.TMP
2013-12-03 15:35 - 2012-03-26 15:08 - 00001950 _____ C:\windows\system32\AutoRunFilter.ini
2013-12-02 22:31 - 2013-11-19 21:15 - 00000000 ____D C:\Users\Greg\AppData\Local\NVIDIA Corporation
2013-12-02 22:31 - 2013-10-30 22:19 - 00000000 ____D C:\Users\Greg\AppData\Local\NVIDIA
2013-12-02 22:31 - 2013-01-12 00:15 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-02 22:30 - 2013-01-12 00:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-02 22:30 - 2013-01-12 00:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-02 21:33 - 2013-11-29 22:35 - 00000000 ____D C:\Users\Greg\AppData\Local\Spotify
2013-12-02 14:53 - 2013-01-12 01:11 - 00003890 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-02 14:53 - 2013-01-12 01:11 - 00003638 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-01 22:46 - 2013-12-01 22:46 - 00127080 _____ (Spotify Ltd) C:\Users\Greg\Downloads\SpotifySetup.exe
2013-12-01 01:15 - 2013-12-01 01:14 - 00688992 ____R (Swearware) C:\Users\Greg\Downloads\dds (1).com
2013-12-01 01:07 - 2010-11-20 19:47 - 00735672 _____ C:\windows\PFRO.log
2013-12-01 00:55 - 2013-12-01 00:55 - 00688992 ____R (Swearware) C:\Users\Greg\Downloads\dds.com
2013-12-01 00:43 - 2012-03-26 15:08 - 00000105 _____ C:\windows\system32\FastBoot.ini
2013-11-30 17:30 - 2013-11-30 17:29 - 00000000 ____D C:\Users\Greg\Documents\cleaning malware
2013-11-30 17:29 - 2013-05-05 14:31 - 00009561 _____ C:\Users\Greg\Documents\Work out records.xlsx
2013-11-30 17:22 - 2013-11-29 11:03 - 00000000 ____D C:\windows\erdnt
2013-11-30 14:26 - 2013-11-28 13:12 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-11-30 10:56 - 2013-11-30 10:56 - 00000000 ____D C:\Users\Greg\AppData\Local\CDWLauncher
2013-11-30 10:56 - 2013-01-13 14:38 - 00000000 ____D C:\Users\Greg\Documents\My Games
2013-11-29 22:35 - 2013-11-29 22:35 - 00001803 _____ C:\Users\Greg\Desktop\Spotify.lnk
2013-11-29 22:35 - 2013-11-29 22:35 - 00001789 _____ C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-11-29 22:35 - 2013-11-29 22:34 - 31419768 _____ (Spotify Ltd) C:\Users\Greg\Downloads\Spotify Installer.exe
2013-11-29 22:31 - 2013-11-29 22:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-29 22:31 - 2013-11-29 22:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-29 22:23 - 2013-11-29 22:23 - 00079991 _____ C:\Users\Greg\Downloads\silverlight.diagcab
2013-11-29 13:16 - 2013-11-29 13:16 - 13079688 _____ (Microsoft Corporation) C:\Users\Greg\Downloads\Silverlight_x64 (3).exe
2013-11-29 12:48 - 2013-11-29 10:35 - 00000000 ____D C:\AdwCleaner
2013-11-29 12:40 - 2013-01-11 23:46 - 00000000 ____D C:\Users\Greg
2013-11-29 12:39 - 2013-01-11 23:46 - 00000000 ___RD C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-29 12:38 - 2013-11-28 22:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-29 12:38 - 2013-11-18 21:34 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-29 12:38 - 2009-07-13 19:20 - 00000000 ____D C:\windows\registration
2013-11-29 12:37 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Default
2013-11-29 12:14 - 2013-11-29 12:14 - 00025404 _____ C:\ComboFix.txt
2013-11-29 11:23 - 2009-07-13 18:34 - 79953920 _____ C:\windows\system32\config\SOFTWARE.bak
2013-11-29 11:23 - 2009-07-13 18:34 - 20709376 _____ C:\windows\system32\config\SYSTEM.bak
2013-11-29 11:23 - 2009-07-13 18:34 - 00262144 _____ C:\windows\system32\config\SECURITY.bak
2013-11-29 11:23 - 2009-07-13 18:34 - 00262144 _____ C:\windows\system32\config\SAM.bak
2013-11-29 11:23 - 2009-07-13 18:34 - 00262144 _____ C:\windows\system32\config\DEFAULT.bak
2013-11-29 10:47 - 2013-11-29 10:47 - 00000000 ____D C:\windows\ERUNT
2013-11-29 10:46 - 2013-11-29 10:46 - 01034531 _____ (Thisisu) C:\Users\Greg\Downloads\JRT.exe
2013-11-29 10:35 - 2013-11-29 10:35 - 01091882 _____ C:\Users\Greg\Downloads\AdwCleaner.exe
2013-11-29 09:26 - 2013-11-29 09:26 - 00000000 ____D C:\Users\Greg\AppData\Roaming\AVAST Software
2013-11-29 08:56 - 2013-10-30 22:19 - 01096480 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll
2013-11-29 08:56 - 2013-10-30 22:19 - 00979744 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll
2013-11-29 00:04 - 2013-11-29 00:03 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-11-29 00:04 - 2013-11-29 00:03 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-11-29 00:04 - 2013-01-12 00:30 - 01032416 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-11-29 00:04 - 2013-01-12 00:30 - 00409832 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-11-29 00:04 - 2013-01-12 00:30 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-11-29 00:04 - 2013-01-12 00:30 - 00092544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-11-29 00:04 - 2013-01-12 00:30 - 00084328 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-11-29 00:04 - 2013-01-12 00:30 - 00065264 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2013-11-29 00:04 - 2013-01-12 00:30 - 00038984 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys
2013-11-29 00:04 - 2013-01-12 00:30 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-11-29 00:04 - 2013-01-12 00:29 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2013-11-29 00:03 - 2013-01-12 00:30 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-11-29 00:03 - 2013-01-12 00:29 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-28 23:58 - 2013-11-28 23:57 - 13079688 _____ (Microsoft Corporation) C:\Users\Greg\Downloads\Silverlight_x64 (2).exe
2013-11-28 22:30 - 2013-11-28 22:30 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-28 22:30 - 2013-11-28 22:30 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Mozilla
2013-11-28 22:30 - 2013-11-28 22:30 - 00000000 ____D C:\Users\Greg\AppData\Local\Mozilla
2013-11-28 22:30 - 2013-11-28 22:30 - 00000000 ____D C:\Users\Greg\AppData\Local\Macromedia
2013-11-28 22:30 - 2013-11-28 22:30 - 00000000 ____D C:\ProgramData\Mozilla
2013-11-28 22:30 - 2013-11-28 22:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-28 22:30 - 2013-11-28 22:29 - 00282912 _____ (Mozilla) C:\Users\Greg\Downloads\Firefox Setup Stub 25.0.1-2.exe
2013-11-28 21:34 - 2013-11-28 21:34 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio 1.2
2013-11-28 21:34 - 2013-11-28 21:33 - 00000000 ____D C:\Users\Greg\GameMaker-Studio 1.2
2013-11-28 21:33 - 2013-11-28 21:33 - 00000000 ____D C:\Users\Greg\AppData\Local\GameMaker-Studio
2013-11-28 21:32 - 2013-11-28 21:31 - 141519856 _____ C:\Users\Greg\Downloads\GMStudio-Installer.exe
2013-11-28 20:41 - 2013-01-12 01:11 - 00000000 ____D C:\Users\Greg\AppData\Local\Google
2013-11-28 20:41 - 2013-01-12 01:11 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-28 20:40 - 2013-01-12 01:11 - 00000000 ____D C:\Users\Greg\AppData\Local\Deployment
2013-11-28 19:19 - 2013-11-28 19:14 - 00000000 ____D C:\Users\Greg\Documents\Battlefield 4
2013-11-28 19:14 - 2013-08-15 13:50 - 00000000 ____D C:\ProgramData\Origin
2013-11-28 19:14 - 2013-08-15 13:50 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-11-28 19:11 - 2013-11-28 19:11 - 03821064 _____ C:\Users\Greg\Downloads\battlelog-web-plugins_2.3.2_130.exe
2013-11-28 19:11 - 2013-11-28 19:11 - 00000000 ____D C:\Users\Greg\AppData\Local\ESN
2013-11-28 13:12 - 2013-11-28 13:11 - 00000000 ____D C:\ProgramData\Package Cache
2013-11-28 11:15 - 2013-08-15 14:06 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Origin
2013-11-26 21:38 - 2013-01-12 22:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-26 21:38 - 2013-01-12 22:13 - 00000000 ____D C:\ProgramData\Skype
2013-11-25 00:03 - 2013-11-25 00:03 - 03065344 _____ C:\Users\Greg\Downloads\20_Ecosystems.ppt
2013-11-24 23:27 - 2013-11-24 23:20 - 187399849 _____ C:\Users\Greg\Downloads\Photosynthesis_test.pptx
2013-11-24 23:20 - 2013-11-24 23:19 - 02187587 _____ C:\Users\Greg\Downloads\19_Photosynthesis.pptx
2013-11-24 21:55 - 2013-11-24 21:55 - 03368960 _____ C:\Users\Greg\Downloads\17_Cellular_Respiration.ppt
2013-11-24 21:32 - 2013-11-24 21:32 - 04422144 _____ C:\Users\Greg\Downloads\18_Feeding_Digestion(2).ppt
2013-11-24 19:20 - 2013-11-24 19:16 - 00832278 _____ C:\Users\Greg\Downloads\SimBio-Grossmont-BIO.zip
2013-11-22 21:00 - 2013-11-22 21:00 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Real
2013-11-22 20:59 - 2013-11-22 20:59 - 16304976 _____ C:\Users\Greg\Downloads\RhapsodyReal.EXE
2013-11-20 20:02 - 2013-11-20 20:02 - 13079688 _____ (Microsoft Corporation) C:\Users\Greg\Downloads\Silverlight_x64 (1).exe
2013-11-20 19:59 - 2013-11-20 19:59 - 13079688 _____ (Microsoft Corporation) C:\Users\Greg\Downloads\Silverlight_x64.exe
2013-11-19 21:36 - 2013-11-19 21:36 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-11-18 21:53 - 2013-11-18 21:53 - 00293448 _____ C:\windows\Minidump\111813-112351-01.dmp
2013-11-18 21:53 - 2013-05-09 14:50 - 750019307 _____ C:\windows\MEMORY.DMP
2013-11-18 21:53 - 2013-05-09 14:50 - 00000000 ____D C:\windows\Minidump
2013-11-18 21:36 - 2013-11-18 21:36 - 00000000 ____D C:\Users\Greg\AppData\Local\TempImages
2013-11-18 21:34 - 2013-11-18 21:34 - 00894600 _____ (CNET Download.com) C:\Users\Greg\Downloads\Unconfirmed 935085.crdownload
2013-11-18 21:34 - 2013-11-18 21:34 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver
2013-11-18 20:15 - 2013-11-18 20:15 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2013-11-18 20:15 - 2013-11-18 20:15 - 00000000 ____D C:\Program Files (x86)\GPU-Z
2013-11-18 20:14 - 2013-11-18 20:14 - 01350232 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Greg\Downloads\GPU-Z.0.7.4.exe
2013-11-15 20:58 - 2013-01-12 00:34 - 00000000 ____D C:\Users\Greg\AppData\Local\Adobe
2013-11-15 20:33 - 2013-01-13 12:23 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-11-15 20:33 - 2012-03-26 14:56 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-15 19:14 - 2009-07-13 19:20 - 00000000 ____D C:\windows\rescache
2013-11-15 18:24 - 2009-07-13 21:13 - 00794646 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-14 21:39 - 2013-01-12 01:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 21:38 - 2013-08-14 20:39 - 00000000 ____D C:\windows\system32\MRT
2013-11-14 21:36 - 2013-01-12 00:17 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-14 20:47 - 2013-02-16 02:18 - 00000000 ____D C:\Users\Greg\Documents\Car stuff
2013-11-14 03:55 - 2013-11-19 21:25 - 25257248 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 22951200 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 17560352 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 15862272 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 12613408 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2013-11-14 03:55 - 2013-11-19 21:25 - 11600432 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 11514624 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 09691888 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 09619872 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 03132704 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 03125024 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvenc.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 02947872 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 02747680 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvenc.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 01884448 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6433182.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 01511712 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6433182.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 01242400 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 00707360 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 00657184 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 00609568 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 00562464 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 00479520 _____ (NVIDIA Corporation) C:\windows\system32\nvEncodeAPI64.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 00405280 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncodeAPI.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 00357152 _____ C:\windows\system32\NvIFROpenGL.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 00317472 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 00314656 _____ C:\windows\SysWOW64\NvIFROpenGL.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 00266984 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 00168616 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
2013-11-14 03:55 - 2013-11-19 21:25 - 00141336 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2013-11-14 03:55 - 2012-10-10 21:23 - 18293608 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2013-11-14 03:55 - 2012-10-10 21:23 - 18208624 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2013-11-14 03:55 - 2012-10-10 21:23 - 03069608 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
2013-11-14 03:55 - 2012-10-10 21:23 - 01436528 _____ (NVIDIA Corporation) C:\windows\system32\nvumdshimx.dll
2013-11-14 03:55 - 2012-10-10 21:22 - 30361888 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2013-11-14 03:55 - 2012-10-10 21:22 - 15218504 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2013-11-14 03:55 - 2012-10-10 21:22 - 02697248 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2013-11-14 03:55 - 2012-10-10 21:22 - 00023754 _____ C:\windows\system32\nvinfo.pb
2013-11-14 03:55 - 2012-03-26 14:15 - 00061216 _____ (Khronos Group) C:\windows\system32\OpenCL.dll
2013-11-14 03:55 - 2012-03-26 14:15 - 00053024 _____ (Khronos Group) C:\windows\SysWOW64\OpenCL.dll
2013-11-12 09:23 - 2013-01-11 23:46 - 00001413 _____ C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-12 09:19 - 2009-07-13 19:20 - 00000000 ____D C:\windows\PolicyDefinitions
2013-11-11 23:41 - 2013-11-11 23:38 - 00007469 _____ C:\windows\IE11_main.log
2013-11-11 23:39 - 2013-11-11 23:39 - 23212032 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 17142784 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 12995584 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 11220992 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 05765120 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 04240384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-11 23:39 - 2013-11-11 23:39 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-11 23:39 - 2013-11-11 23:39 - 02332160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 02166272 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 01993728 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-11 23:39 - 2013-11-11 23:39 - 01926656 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-11-11 23:39 - 2013-11-11 23:39 - 01818112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 01394176 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 01156608 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-11-11 23:39 - 2013-11-11 23:39 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-11 23:39 - 2013-11-11 23:39 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-11 23:39 - 2013-11-11 23:39 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-11-11 23:39 - 2013-11-11 23:39 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-11 23:39 - 2013-11-11 23:39 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-11-11 23:39 - 2013-11-11 23:39 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-11-11 23:39 - 2013-11-11 23:39 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-11-11 23:39 - 2013-11-11 23:39 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-11 08:59 - 2013-11-11 08:59 - 00590112 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvStreaming.exe
2013-11-11 07:02 - 2013-01-12 00:15 - 06674208 _____ (NVIDIA Corporation) C:\windows\system32\nvcpl.dll
2013-11-11 07:02 - 2013-01-12 00:15 - 03490080 _____ (NVIDIA Corporation) C:\windows\system32\nvsvc64.dll
2013-11-11 07:01 - 2013-01-12 00:15 - 03467927 _____ C:\windows\system32\nvcoproc.bin
2013-11-11 07:01 - 2013-01-12 00:15 - 00922912 _____ (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
2013-11-11 07:01 - 2013-01-12 00:15 - 00219424 _____ (NVIDIA Corporation) C:\windows\system32\nvmctray.dll
2013-11-11 07:01 - 2013-01-12 00:15 - 00063776 _____ (NVIDIA Corporation) C:\windows\system32\nvshext.dll
2013-11-11 05:50 - 2010-11-20 19:27 - 00267936 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2013-11-10 18:14 - 2013-11-10 18:14 - 00000000 ____D C:\Users\Greg\AppData\Local\WB Games
2013-11-09 16:21 - 2012-03-26 15:04 - 00000000 ____D C:\Program Files (x86)\ASUS
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\windows\SysWOW64\AdpeakProxy.ini
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\windows\system32\AdpeakProxy.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\windows\SysWOW64\AdpeakProxyOff.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\windows\system32\AdpeakProxyOff.ini
2013-11-05 21:14 - 2013-08-10 13:17 - 00000000 ____D C:\Users\Greg\AppData\Local\Arma 3
2013-11-05 00:09 - 2009-07-13 18:34 - 00000478 _____ C:\windows\win.ini
 
Some content of TEMP:
====================
C:\Users\Greg\AppData\Local\Temp\BackupSetup.exe
C:\Users\Greg\AppData\Local\Temp\COMAP.EXE
C:\Users\Greg\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Greg\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Greg\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Greg\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Greg\AppData\Local\Temp\nvStInst.exe
C:\Users\Greg\AppData\Local\Temp\Quarantine.exe
C:\Users\Greg\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Greg\AppData\Local\Temp\sonarinst.exe
C:\Users\Greg\AppData\Local\Temp\SpOrder.dll
C:\Users\Greg\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Greg\AppData\Local\Temp\WiseUpdX.exe
C:\Users\Greg\AppData\Local\Temp\x2blapi.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-01 13:12
 
==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:29 PM

Posted 06 December 2013 - 09:52 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

(Adpeak, Inc.) C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
BHO-x32: ScorpionSaver - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll ()
R3 AdpeakProxy; C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [3688448 2013-10-16] (Adpeak, Inc.)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [512504 2013-12-03] ()
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
C:\Program Files (x86)\ScorpionSaver\IECore.dll
C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe

end
Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note:
    Do not mouse click ComboFix's window while it's running. That may cause it to stall


    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ==============

    Please paste the logs in your next reply DO NOT ATTACH THEM.
    Let me know what problem persists.


#5 ghoulreaper

ghoulreaper
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 07 December 2013 - 01:11 AM

Results from Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2013
Ran by Greg at 2013-12-06 20:58:43 Run:1
Running from C:\Users\Greg\Desktop\New folder
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
(Adpeak, Inc.) C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
BHO-x32: ScorpionSaver - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll ()
R3 AdpeakProxy; C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [3688448 2013-10-16] (Adpeak, Inc.)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [512504 2013-12-03] ()
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
C:\Program Files (x86)\ScorpionSaver\IECore.dll
C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
 
end
*****************
 
[4628] C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe => Process closed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3} => Key deleted successfully.
AdpeakProxy => Service deleted successfully.
Level Quality Watcher => Service deleted successfully.
[2940] C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe => Process closed successfully.
C:\Program Files (x86)\ScorpionSaver\IECore.dll => Moved successfully.
C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe => Moved successfully.
 
 
The system needs a manual reboot. 
 
==== End of Fixlog ====


#6 ghoulreaper

ghoulreaper
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 07 December 2013 - 01:14 AM

Adwcleaner scan: 

# AdwCleaner v3.014 - Report created 06/12/2013 at 21:06:49
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Greg - GREG-PC
# Running from : C:\Users\Greg\Downloads\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\windows\System32\AdpeakProxy.ini
File Found : C:\windows\System32\AdpeakProxyOff.ini
File Found : C:\windows\SysWOW64\AdpeakProxy.ini
File Found : C:\windows\SysWOW64\AdpeakProxyOff.ini
Folder Found C:\Program Files (x86)\ScorpionSaver
Folder Found C:\Program Files\Level Quality Watcher
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wj57ik64.default\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2955 octets] - [29/11/2013 10:35:59]
AdwCleaner[R1].txt - [1014 octets] - [29/11/2013 12:47:54]
AdwCleaner[R2].txt - [1239 octets] - [06/12/2013 21:06:49]
AdwCleaner[S0].txt - [2965 octets] - [29/11/2013 10:36:39]
AdwCleaner[S1].txt - [1075 octets] - [29/11/2013 12:48:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1419 octets] ##########
 
 
AdwCleaner clean: 
# AdwCleaner v3.014 - Report created 06/12/2013 at 21:09:41
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Greg - GREG-PC
# Running from : C:\Users\Greg\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\ScorpionSaver
Folder Deleted : C:\Program Files\Level Quality Watcher
File Deleted : C:\windows\SysWOW64\AdpeakProxy.ini
File Deleted : C:\windows\SysWOW64\AdpeakProxyOff.ini
File Deleted : C:\windows\System32\AdpeakProxy.ini
File Deleted : C:\windows\System32\AdpeakProxyOff.ini
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wj57ik64.default\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2955 octets] - [29/11/2013 10:35:59]
AdwCleaner[R1].txt - [1014 octets] - [29/11/2013 12:47:54]
AdwCleaner[R2].txt - [1499 octets] - [06/12/2013 21:06:49]
AdwCleaner[S0].txt - [2965 octets] - [29/11/2013 10:36:39]
AdwCleaner[S1].txt - [1075 octets] - [29/11/2013 12:48:30]
AdwCleaner[S2].txt - [1438 octets] - [06/12/2013 21:09:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1498 octets] ##########
 

JRT results;

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Greg on Fri 12/06/2013 at 21:31:31.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/06/2013 at 21:33:24.38
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix results:

 

 

 

 

ComboFix 13-12-07.01 - Greg 12/06/2013  21:40:43.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16340.13785 [GMT -8:00]
Running from: c:\users\Greg\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Greg\AppData\Local\Temp\34d80461-26c7-4268-b914-6f5055c6a1d2\CliSecureRT64.dll
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\icon64.ico
c:\windows\SysWOW64\AdpeakProxy.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdpeakProxy
-------\Service_Level Quality Watcher
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-07 to 2013-12-07  )))))))))))))))))))))))))))))))
.
.
2013-12-07 05:51 . 2013-12-07 05:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-07 04:36 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30D2D68B-B0A3-410F-AD0A-56FAE4876A8B}\mpengine.dll
2013-12-05 17:42 . 2013-12-07 04:58 -------- d-----w- C:\FRST
2013-12-04 00:57 . 2013-12-04 00:57 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-12-04 00:22 . 2013-08-15 22:28 2601752 ----a-w- c:\windows\SysWow64\pbsvc_moh.exe
2013-12-04 00:20 . 2013-12-04 00:20 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2013-12-03 06:30 . 2013-10-30 17:03 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-12-03 06:30 . 2013-10-30 17:02 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-11-30 18:56 . 2013-11-30 18:56 -------- d-----w- c:\users\Greg\AppData\Local\CDWLauncher
2013-11-30 06:35 . 2013-12-03 05:33 -------- d-----w- c:\users\Greg\AppData\Local\Spotify
2013-11-30 06:35 . 2013-12-06 05:58 -------- d-----w- c:\users\Greg\AppData\Roaming\Spotify
2013-11-30 06:31 . 2013-11-30 06:31 -------- d-----w- c:\program files\Microsoft Silverlight
2013-11-30 06:31 . 2013-11-30 06:31 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-11-29 19:09 . 2013-11-29 19:09 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-11-29 18:47 . 2013-11-29 18:47 -------- d-----w- c:\windows\ERUNT
2013-11-29 18:35 . 2013-12-07 05:09 -------- d-----w- C:\AdwCleaner
2013-11-29 17:26 . 2013-11-29 17:26 -------- d-----w- c:\users\Greg\AppData\Roaming\AVAST Software
2013-11-29 08:03 . 2013-11-29 08:04 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-29 08:03 . 2013-11-29 08:04 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-29 06:30 . 2013-11-29 06:30 -------- d-----w- c:\users\Greg\AppData\Local\Macromedia
2013-11-29 06:30 . 2013-11-29 06:30 -------- d-----w- c:\users\Greg\AppData\Local\Mozilla
2013-11-29 06:30 . 2013-11-29 06:30 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-11-29 05:33 . 2013-11-29 05:34 -------- d-----w- c:\users\Greg\GameMaker-Studio 1.2
2013-11-29 05:33 . 2013-11-29 05:33 -------- d-----w- c:\users\Greg\AppData\Local\GameMaker-Studio
2013-11-29 03:11 . 2013-11-29 03:11 -------- d-----w- c:\users\Greg\AppData\Local\ESN
2013-11-28 21:12 . 2013-11-30 22:26 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2013-11-28 21:11 . 2013-11-28 21:12 -------- d-----w- c:\programdata\Package Cache
2013-11-23 04:59 . 2002-11-12 20:22 569397 ----a-w- c:\program files\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll
2013-11-20 05:36 . 2013-10-16 18:18 439296 ----a-w- c:\windows\system32\AdpeakProxy64.dll
2013-11-20 05:36 . 2013-12-07 04:58 -------- d-----w- c:\program files\ScorpionSaver Services
2013-11-20 05:15 . 2013-12-03 06:31 -------- d-----w- c:\users\Greg\AppData\Local\NVIDIA Corporation
2013-11-19 05:36 . 2013-11-19 05:36 -------- d-----w- c:\users\Greg\AppData\Local\TempImages
2013-11-19 05:34 . 2013-12-03 23:35 -------- d-----w- C:\temp
2013-11-19 04:15 . 2013-11-19 04:15 -------- d-----w- c:\program files (x86)\GPU-Z
2013-11-15 04:25 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-15 04:25 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-15 04:23 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-15 04:23 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-15 04:23 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-15 04:23 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-11-15 04:23 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-11-12 07:41 . 2013-10-15 02:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-11 16:59 . 2013-11-11 16:59 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-11-11 02:14 . 2013-11-11 02:14 -------- d-----w- c:\users\Greg\AppData\Local\WB Games
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-06 06:27 . 2013-01-14 09:15 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-12-06 06:17 . 2013-01-14 09:15 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-04 00:28 . 2013-05-31 01:31 218496 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-12-04 00:22 . 2013-01-14 09:15 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-11-29 16:56 . 2013-10-31 06:19 1096480 ----a-w- c:\windows\system32\nvspcap64.dll
2013-11-29 16:56 . 2013-10-31 06:19 979744 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-11-29 08:04 . 2013-01-12 08:30 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-29 08:04 . 2013-01-12 08:30 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-29 08:04 . 2013-01-12 08:30 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-29 08:04 . 2013-01-12 08:30 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-29 08:04 . 2013-01-12 08:30 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-29 08:04 . 2013-01-12 08:30 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-29 08:04 . 2013-01-12 08:30 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-29 08:04 . 2013-01-12 08:29 43152 ----a-w- c:\windows\avastSS.scr
2013-11-16 04:33 . 2013-01-13 20:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-16 04:33 . 2012-03-26 22:56 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-15 05:36 . 2013-01-12 08:17 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-14 11:55 . 2012-10-11 05:23 18293608 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-11-14 11:55 . 2012-03-26 22:15 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-11-14 11:55 . 2012-03-26 22:15 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-11-14 11:55 . 2012-10-11 05:23 1436528 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-11-14 11:55 . 2012-10-11 05:22 30361888 ----a-w- c:\windows\system32\nvoglv64.dll
2013-11-14 11:55 . 2012-10-11 05:23 18208624 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-11-14 11:55 . 2012-10-11 05:22 15218504 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-11-14 11:55 . 2012-10-11 05:23 3069608 ----a-w- c:\windows\system32\nvapi64.dll
2013-11-14 11:55 . 2012-10-11 05:22 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-11-11 15:02 . 2013-01-12 08:15 6674208 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-11 15:02 . 2013-01-12 08:15 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2013-11-11 15:01 . 2013-01-12 08:15 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-11 15:01 . 2013-01-12 08:15 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-11-11 15:01 . 2013-01-12 08:15 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-11 15:01 . 2013-01-12 08:15 3467927 ----a-w- c:\windows\system32\nvcoproc.bin
2013-11-11 13:50 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-30 17:02 . 2013-10-31 06:16 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-10-23 10:30 . 2013-10-31 06:16 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2013-10-23 10:30 . 2013-10-31 06:16 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2013-10-22 23:18 . 2013-10-22 23:18 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-12 3093624]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"F.lux"="c:\users\Greg\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2012-11-28 237056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-09-03 40312]
"ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2012-01-13 195200]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2011-09-28 465536]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"NUSB3MON"="c:\program files (x86)\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-29 3568312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 ArcCtrl;ArcCtrl;c:\windows\system32\drivers\ArcCtrl.sys;c:\windows\SYSNATIVE\drivers\ArcCtrl.sys [x]
R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys;c:\windows\SYSNATIVE\drivers\ArcSec.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 GPU-Z;GPU-Z;c:\users\Greg\AppData\Local\Temp\GPU-Z.sys;c:\users\Greg\AppData\Local\Temp\GPU-Z.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys;c:\windows\SYSNATIVE\drivers\CM10864.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys;c:\windows\SYSNATIVE\drivers\mv91xx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/04/04 22:49];c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [x]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [x]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe;c:\windows\SysWOW64\AsHookDevice.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys;c:\windows\SYSNATIVE\DRIVERS\SAlpham64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 18:01 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-29 04:40]
.
2013-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-29 04:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-29 08:04 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2013-01-17 8757248]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-29 1096480]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-11-29 2273056]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{BFBAF071-FB7C-4A10-97D4-F37F15DB85F6}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\wj57ik64.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk - c:\users\Greg\AppData\Local\Temp\{11E474EE-9CBA-4C9D-BA0B-F7147C530291}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=ENU /PRNM="RollerCoaster Tycoon 3"/PRMP="RCT3"/SKUN="PCXX"/GTYP="STRY"
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-286405194-27575687-2766832465-1000\Software\SecuROM\License information*]
"datasecu"=hex:5d,6b,84,4e,98,ae,30,be,6c,78,ac,05,af,39,da,f3,d2,44,43,4b,b6,
   a8,8e,44,08,4e,17,a8,7e,63,98,9e,71,3b,01,4d,bf,ca,d0,ef,10,5c,fd,c4,41,62,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-12-06  21:59:02 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-07 05:59
ComboFix2.txt  2013-11-29 20:14
.
Pre-Run: 298,018,934,784 bytes free
Post-Run: 298,167,767,040 bytes free
.
- - End Of File - - D7F66DAEA07F0E1A10402DFD3550D29D
A36C5E4F47E84449FF07ED3517B43A31


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:29 PM

Posted 07 December 2013 - 10:00 AM

Looking good. Any remaining issues?

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#8 ghoulreaper

ghoulreaper
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 07 December 2013 - 03:27 PM

It's pretty amazing! Scorpion saver looks like its gone far as I can tell! The only question I have, is; was it actually deleted? It looks like the folder was deleted, does that mean that the contents were as well?
 

Folder Deleted : C:\Program Files (x86)\ScorpionSaver
Folder Deleted : C:\Program Files\Level Quality Watcher
 
 
Results from Security Check:
 
 
 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 11.9.900.152  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (25.0.1) 
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#9 ghoulreaper

ghoulreaper
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 11 December 2013 - 10:26 PM

BUMP



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:29 PM

Posted 12 December 2013 - 09:13 AM

I apologize for for delay.

The infection is gone. The tool did their work.



Flash 11.9.900.170 released
Dec 10, 2013.

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.327 and earlier versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Flash test site:
http://www.adobe.com/software/flash/about/

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine

===

Adobe Reader/Acrobat v11.0.05 released Oct 8, 2013


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===


Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#11 ghoulreaper

ghoulreaper
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 16 December 2013 - 09:19 PM

Thanks again for your help! I installed the comodo firewall you posted above. I also tried the script blocker, but it was blocking almost every website I went to. I would have to tell it to allow every website and it got annoying. 

Is there any way I can check through my registry's myself? So I can periodically check on what malware might be hiding? 

Just today, I saw scorpion saver in my uninstall programs on the control panel, and I was able to uninstall it. I don't know if it was a residual of when we cleaned my system or if It was new but it kind of freaked me out. 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:29 PM

Posted 17 December 2013 - 09:42 AM

Is there any way I can check through my registry's myself? So I can periodically check on what malware might be hiding?

No. What would you be looking for? Just a name what about the other keys that you would not even know about.

I can only suggest you run the AdwCleaner and the JunkRemoval tools when you have some delays in accomplishing tasks.
These tools are updated often. So keep them up to date.
===

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:29 PM

Posted 23 December 2013 - 10:25 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users