Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advertisements playing in background


  • This topic is locked This topic is locked
11 replies to this topic

#1 Mr_Blockerson

Mr_Blockerson

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 02 January 2014 - 03:18 PM

Hello, bleepingcomputer! I've looked around a bit, and have noticed that others have been having this same problem, which just started last night. I have Norton Antivirus loaded with the latest definitions updated, Malwarebytes, TDSSKiller, and Malwarebytes Anti-Rootkit. Norton didn't find anything but a few tracking cookies, Malwarebytes found two trojans 'Trojan.Patched' (and supposedly removed them), TDSSKiller found nothing, and MBAR found nothing as well. In the audio mixer, I have confirmed that the ads are in fact coming from an svchost process, and can verify that by looking in task manager (one is always using a ridiculous amount of RAM, usually from 1,000,000 KB to 3,200,000, the highest amount I've seen so far). The system I'm using is a very high-end customized gaming computer, so I need it to be well at all costs. Best of luck! Here's the DDS Log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.45.2
Run by Administrator at 15:02:54 on 2014-01-02
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16322.11820 [GMT -5:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Windows\sysWow64\CtHdaSvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SndVol.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.digitalstormonline.com/
mWinlogon: Userinit = userinit.exe,
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll
uRun: [CTRegRun] C:\Windows\CTRegRun.EXE
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Sound Blaster Z-Series Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe" /r
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech Gaming Software\EReg\eReg.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 205.152.37.23 205.152.144.23
TCP: Interfaces\{0EEBD915-D74E-4D16-BEB3-A3AA03CF0C36} : DHCPNameServer = 205.152.37.23 205.152.144.23
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7-64bit\bin\ssv.dll
x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coieplg.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7-64bit\bin\jp2ssv.dll
x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coieplg.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\434zqmeu.default\
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-7-2 667496]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-7-2 28008]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-12-11 20464]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1501000.012\symds64.sys [2013-12-21 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1501000.012\symefa64.sys [2013-12-21 1147480]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488]
R1 ccSet_NAV;NAV Settings Manager;C:\Windows\System32\drivers\NAVx64\1501000.012\ccsetx64.sys [2013-12-21 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE06000.01B\ccsetx64.sys [2013-12-21 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\IPSDefs\20140101.001\IDSviA64.sys [2014-1-2 521944]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1501000.012\ironx64.sys [2013-12-21 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1501000.012\symnets.sys [2013-12-21 590936]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [2013-12-11 927232]
R2 CtHdaSvc;Sound Blaster Audio Service;C:\Windows\SysWOW64\CtHdaSvc.exe [2013-1-24 112640]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-7-2 15720]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-3 183200]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-12-11 169432]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-1 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-1 701512]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\nav.exe [2013-12-21 262288]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\nst.exe [2013-12-21 129424]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-11 15125280]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
R3 cthda;Sound Blaster Audio Driver;C:\Windows\System32\drivers\cthda.sys [2013-1-24 1055512]
R3 cthdb;Sound Blaster Audio Controller Driver;C:\Windows\System32\drivers\cthdb.sys [2013-1-24 27928]
R3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2013-6-28 496400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-21 137648]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-12-11 368112]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-12-11 786416]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-1 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-11 39200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-2-22 130024]
S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-2-22 395752]
S3 AthDfu;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-2-23 51872]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-2-23 29344]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-2-23 201376]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-2-23 154272]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-12-11 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-12-11 79360]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-2-22 96768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-2-22 213504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;C:\Windows\System32\drivers\ViaHub3.sys [2012-2-28 176640]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;C:\Windows\System32\drivers\xhcdrv.sys [2012-2-28 230400]
.
=============== Created Last 30 ================
.
2014-01-02 02:13:53    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-02 02:13:43    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-02 01:23:38    --------    d-----w-    C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-01-02 01:23:34    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-01-02 01:23:34    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-01-02 01:23:34    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 01:23:24    --------    d-----w-    C:\Users\Administrator\AppData\Local\Programs
2014-01-01 20:34:08    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-12-31 19:57:28    --------    d-----w-    C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
2013-12-31 19:57:28    --------    d-----w-    C:\Users\Administrator\AppData\Local\LogMeIn
2013-12-31 19:57:28    --------    d-----w-    C:\ProgramData\LogMeIn
2013-12-31 19:54:30    --------    d-----w-    C:\Program Files (x86)\LogMeIn Hamachi
2013-12-31 19:51:40    --------    d-----w-    C:\Users\Administrator\AppData\Local\Deployment
2013-12-31 19:51:40    --------    d-----w-    C:\Users\Administrator\AppData\Local\Apps
2013-12-31 19:29:17    81768    ----a-w-    C:\Windows\SysWow64\xinput1_3.dll
2013-12-31 19:29:17    74072    ----a-w-    C:\Windows\SysWow64\XAPOFX1_4.dll
2013-12-31 19:29:17    528216    ----a-w-    C:\Windows\SysWow64\XAudio2_6.dll
2013-12-31 19:29:17    4178264    ----a-w-    C:\Windows\SysWow64\D3DX9_41.dll
2013-12-31 19:29:17    3495784    ----a-w-    C:\Windows\SysWow64\d3dx9_33.dll
2013-12-31 19:29:17    238936    ----a-w-    C:\Windows\SysWow64\xactengine3_6.dll
2013-12-31 19:29:17    22360    ----a-w-    C:\Windows\SysWow64\X3DAudio1_7.dll
2013-12-31 19:29:11    --------    d-----w-    C:\Program Files (x86)\Microsoft XNA
2013-12-30 23:22:12    --------    d-----w-    C:\Users\Administrator\AppData\Roaming\openvr
2013-12-30 15:20:09    --------    d-----w-    C:\Users\Administrator\AppData\Local\CrashDumps
2013-12-30 03:30:41    --------    d-----w-    C:\Program Files (x86)\Steam
2013-12-30 03:30:41    --------    d-----w-    C:\Program Files (x86)\Common Files\Steam
2013-12-26 02:54:09    --------    d-----w-    C:\Users\Administrator\AppData\Local\Macromedia
2013-12-25 04:09:30    16    ----a-w-    C:\Windows\SysWow64\msvcsv60.dll
2013-12-25 04:09:30    16    ----a-w-    C:\Users\Administrator\AppData\Roaming\msregsvv.dll
2013-12-25 04:09:28    --------    d-----w-    C:\Users\Administrator\AppData\Roaming\Cakewalk
2013-12-25 03:55:03    --------    d-----w-    C:\Cakewalk Content
2013-12-25 03:51:28    --------    d-----w-    C:\ProgramData\Cakewalk
2013-12-25 03:51:28    --------    d-----w-    C:\Program Files (x86)\Cakewalk
2013-12-23 16:19:08    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2013-12-23 16:19:07    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2013-12-23 16:19:06    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2013-12-23 16:19:06    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-12-23 04:18:07    --------    d-----w-    C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2013-12-22 18:36:41    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-12-22 05:15:53    --------    d-----w-    C:\Users\Administrator\AppData\Roaming\ftblauncher
2013-12-22 01:57:41    --------    d-----w-    C:\ProgramData\NCOTEMP
2013-12-21 23:46:58    --------    d-----r-    C:\Program Files (x86)\Skype
2013-12-21 22:45:16    --------    d-----w-    C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2013-12-21 18:59:42    --------    d-----w-    C:\Users\Administrator\AppData\Roaming\Petroglyph
2013-12-21 18:59:12    98304    ----a-w-    C:\Windows\SysWow64\CmdLineExt.dll
2013-12-21 18:59:12    --------    d-----w-    C:\Users\Administrator\AppData\Roaming\LucasArts
2013-12-21 18:44:46    --------    d-----w-    C:\Program Files (x86)\LucasArts
2013-12-21 18:41:45    753664    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-12-21 18:41:45    69714    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-12-21 18:41:45    63488    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2013-12-21 18:41:45    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2013-12-21 18:41:45    274432    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-12-21 18:41:45    184320    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-12-21 18:41:39    331908    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-12-21 18:41:39    200836    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-12-21 17:19:25    162392    ----a-w-    C:\Windows\System32\drivers\NSTx64\7DE06000.01B\ccsetx64.sys
2013-12-21 17:19:23    --------    d-----w-    C:\Windows\System32\drivers\NSTx64\7DE06000.01B
2013-12-21 17:04:05    --------    d-----w-    C:\Users\Administrator\AppData\Local\NVIDIA
2013-12-21 07:50:19    --------    d-----w-    C:\Users\Administrator\AppData\Local\Logitech
2013-12-21 07:50:13    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2013-12-21 07:50:10    --------    d-----w-    C:\Program Files\Logitech Gaming Software
2013-12-21 07:49:49    --------    d-----w-    C:\Users\Administrator\AppData\Roaming\Logishrd
2013-12-21 06:38:51    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-21 06:38:51    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-21 06:37:28    --------    d-----w-    C:\Users\Administrator\AppData\Local\Adobe
2013-12-21 06:09:51    --------    d-----w-    C:\Users\Administrator\AppData\Roaming\.minecraft
2013-12-21 06:06:15    --------    d-----w-    C:\ProgramData\Oracle
2013-12-21 06:06:09    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-21 05:27:14    --------    d-----w-    C:\Program Files (x86)\Common Files\Symantec Shared
2013-12-21 05:24:44    858200    ----a-w-    C:\Windows\System32\drivers\NAVx64\1501000.012\srtsp64.sys
2013-12-21 05:24:44    590936    ----a-w-    C:\Windows\System32\drivers\NAVx64\1501000.012\symnets.sys
2013-12-21 05:24:44    493656    ----a-r-    C:\Windows\System32\drivers\NAVx64\1501000.012\symds64.sys
2013-12-21 05:24:44    36952    ----a-r-    C:\Windows\System32\drivers\NAVx64\1501000.012\srtspx64.sys
2013-12-21 05:24:44    264280    ----a-r-    C:\Windows\System32\drivers\NAVx64\1501000.012\ironx64.sys
2013-12-21 05:24:44    23568    ----a-r-    C:\Windows\System32\drivers\NAVx64\1501000.012\symelam.sys
2013-12-21 05:24:44    162392    ----a-w-    C:\Windows\System32\drivers\NAVx64\1501000.012\ccsetx64.sys
2013-12-21 05:24:44    1147480    ----a-w-    C:\Windows\System32\drivers\NAVx64\1501000.012\symefa64.sys
2013-12-21 05:24:41    --------    d-----w-    C:\Windows\System32\drivers\NAVx64\1501000.012
2013-12-21 05:07:49    --------    d-----w-    C:\Windows\System32\drivers\NSTx64
2013-12-21 05:07:49    --------    d-----w-    C:\Program Files (x86)\Norton Identity Safe
2013-12-21 05:07:47    177752    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-12-21 05:07:47    --------    d-----w-    C:\Program Files\Common Files\Symantec Shared
2013-12-21 05:07:32    --------    d-----w-    C:\Windows\System32\drivers\NAVx64
2013-12-21 05:07:31    --------    d-----w-    C:\ProgramData\Norton
2013-12-21 05:07:31    --------    d-----w-    C:\Program Files (x86)\Norton AntiVirus
2013-12-21 05:05:36    --------    d-----w-    C:\ProgramData\NortonInstaller
2013-12-21 05:05:36    --------    d-----w-    C:\Program Files (x86)\NortonInstaller
2013-12-21 04:42:15    --------    d-----w-    C:\Users\Administrator\AppData\Local\Microsoft Games
2013-12-12 01:28:55    88576    ------w-    C:\Windows\System32\CTOPT399.dll
2013-12-12 01:28:55    79360    ------w-    C:\Windows\SysWow64\CTOPT399.dll
2013-12-12 01:28:55    61440    ------w-    C:\Windows\SysWow64\CTChkAud.dll
2013-12-12 01:28:55    49664    ------w-    C:\Windows\System32\CTChkAud.dll
2013-12-12 01:28:52    --------    d-----w-    C:\Program Files (x86)\Common Files\Creative Labs Shared
2013-12-12 01:28:46    729088    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-12-12 01:28:46    69715    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-12-12 01:28:46    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-12-12 01:28:46    266240    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-12-12 01:28:46    192512    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-12-12 01:28:45    311428    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-12-12 01:28:45    188548    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-12-12 01:27:09    4850    ----a-w-    C:\Windows\cthdaENG.reg
2013-12-12 01:26:53    --------    d-----w-    C:\Program Files (x86)\Creative
2013-12-12 01:23:11    --------    d-----w-    C:\Users\Administrator\AppData\Roaming\Corsair
2013-12-12 01:23:07    --------    d-----w-    C:\Program Files (x86)\Silabs
2013-12-12 01:00:36    --------    d-----w-    C:\Program Files (x86)\Common Files\Intel Corporation
2013-12-12 00:59:52    --------    d-----w-    C:\Users\Administrator\AppData\Roaming\Intel Corporation
2013-12-12 00:59:42    --------    d-----w-    C:\Users\Administrator\Intel
2013-12-12 00:59:29    20464    ----a-w-    C:\Windows\System32\drivers\iusb3hcs.sys
2013-12-12 00:59:23    786416    ----a-w-    C:\Windows\System32\drivers\iusb3xhc.sys
2013-12-12 00:59:22    368112    ----a-w-    C:\Windows\System32\drivers\iusb3hub.sys
2013-12-12 00:59:17    --------    d-----w-    C:\Temp
2013-12-12 00:59:04    16344    ----a-w-    C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-12-12 00:58:37    --------    d-----w-    C:\Program Files (x86)\Common Files\postureAgent
2013-12-12 00:58:35    64624    ----a-w-    C:\Windows\System32\drivers\HECIx64.sys
2013-12-12 00:56:02    858032    ----a-w-    C:\Windows\System32\tossaeapo64.dll
2013-12-12 00:56:02    65944    ----a-w-    C:\Windows\System32\tepeqapo64.dll
2013-12-12 00:56:02    569256    ----a-w-    C:\Windows\System32\tosasfapo64.dll
2013-12-12 00:56:02    148912    ----a-w-    C:\Windows\System32\toseaeapo64.dll
2013-12-12 00:56:01    836544    ----a-w-    C:\Windows\System32\tadefxapo264.dll
2013-12-12 00:56:01    791808    ----a-w-    C:\Windows\System32\slcnt64.dll
2013-12-12 00:56:01    633088    ----a-w-    C:\Windows\System32\sltech64.dll
2013-12-12 00:56:01    521472    ----a-w-    C:\Windows\System32\sl3apo64.dll
2013-12-12 00:56:01    213760    ----a-w-    C:\Windows\System32\slprp64.dll
2013-12-12 00:53:50    53248    ----a-r-    C:\Windows\SysWow64\CSVer.dll
2013-12-12 00:53:38    --------    d-----w-    C:\Intel
2013-12-12 00:52:32    --------    d-----w-    C:\Windows\AsusInstAll
2013-12-12 00:52:28    296320    ----a-w-    C:\Windows\System32\drivers\volsnap.sys
2013-12-11 20:18:50    --------    d-----w-    C:\Users\Administrator\AppData\Roaming\NVIDIA
2013-12-11 20:07:00    955168    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2013-12-11 20:07:00    1064224    ----a-w-    C:\Windows\System32\nvspcap64.dll
2013-12-11 16:12:24    --------    d-----w-    C:\Users\Administrator\Heaven
2013-12-10 11:31:52    --------    d-----w-    C:\NVIDIA
2013-12-10 11:28:59    --------    d-sh--w-    C:\Windows\Installer
2013-12-10 11:25:03    --------    d-----w-    C:\Windows\SysWow64\RTCOM
2013-12-10 11:25:03    --------    d-----w-    C:\Program Files\Realtek
2013-12-10 11:24:25    --------    d-----w-    C:\Windows\Panther
.
==================== Find3M  ====================
.
2013-12-12 01:29:22    466520    ----a-w-    C:\Windows\System32\wrap_oal.dll
2013-12-12 01:29:22    445016    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2013-12-12 01:29:22    123480    ----a-w-    C:\Windows\System32\OpenAL32.dll
2013-12-12 01:29:22    109144    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
2013-11-11 16:59:28    590112    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-11-11 15:02:02    6674208    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-11-11 15:02:02    3490080    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-11-11 15:01:59    922912    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-11-11 15:01:59    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-11-11 15:01:59    219424    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-11-11 15:01:58    3467927    ----a-w-    C:\Windows\System32\nvcoproc.bin
.
============= FINISH: 15:03:01.46 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:40 PM

Posted 03 January 2014 - 10:00 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Also

  • Please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi


cXfZ4wS.png


#3 Mr_Blockerson

Mr_Blockerson
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 03 January 2014 - 10:35 AM

Hey Georgi, thanks for helping me! Here's the FRST log you've requested:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014
Ran by Administrator (administrator) on DIGITALSTORM-PC on 03-01-2014 10:11:02
Running from C:\Users\Administrator\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\nst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\nav.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\nst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-05] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-07-02] (Intel Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] - C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [733696 2012-11-27] (Creative Technology Ltd)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)
HKCU\...\Run: [CTRegRun] - C:\Windows\Ctregrun.exe [53248 2006-10-06] (Creative Technology Ltd )
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
MountPoints2: {54f780b1-6354-11e3-a0a1-806e6f6e6963} - D:\LaunchEAW.exe
MountPoints2: {ae5f21c8-618d-11e3-bbbd-806e6f6e6963} - D:\Audio\setup.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files\Logitech Gaming Software\EReg\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.digitalstormonline.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF8F0BA2CD4F6CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSNAV&chn=retail&geo=US&ver=2014&locale=en_US&gct=sb&qsrc=2869
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7-64bit\bin\ssv.dll (Oracle Corporation)
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coieplg.dll (Symantec Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7-64bit\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll (Symantec Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coieplg.dll (Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\434zqmeu.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7-64bit\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7-64bit\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.0.0.100\IPSFF

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-01-24] (Creative Technology Ltd)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-07-02] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe [262288 2013-10-08] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-05] (Symantec Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-14] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1055512 2013-01-24] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [27928 2013-01-24] (Creative Technology Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-21] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-07-02] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\IPSDefs\20140102.001\IDSvia64.sys [521944 2013-12-20] (Symantec Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\VirusDefs\20140103.001\ENG64.SYS [126040 2013-12-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\VirusDefs\20140103.001\EX64.SYS [2099288 2013-12-21] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-11-14] (NVIDIA Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1501000.012\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1501000.012\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1501000.012\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [176640 2011-05-21] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [230400 2011-05-21] (VIA Technologies, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Corsair\CorsairLINK2\CorsairLINK_HardwareMonitor.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-03 10:11 - 2014-01-03 10:11 - 00016003 _____ C:\Users\Administrator\Downloads\FRST.txt
2014-01-03 10:10 - 2014-01-03 10:10 - 00000000 ____D C:\FRST
2014-01-03 10:09 - 2014-01-03 10:09 - 01931750 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2014-01-02 15:03 - 2014-01-02 15:03 - 00029439 _____ C:\Users\Administrator\Desktop\dds.txt
2014-01-02 15:03 - 2014-01-02 15:03 - 00013602 _____ C:\Users\Administrator\Desktop\attach.txt
2014-01-02 15:01 - 2014-01-02 15:02 - 00688992 ____R (Swearware) C:\Users\Administrator\Downloads\dds.com
2014-01-01 21:13 - 2014-01-01 21:20 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2014-01-01 21:13 - 2014-01-01 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-01 21:13 - 2014-01-01 21:13 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-01 20:54 - 2014-01-01 21:13 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.07.0.1008.exe
2014-01-01 20:23 - 2014-01-01 20:23 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-01 20:23 - 2014-01-01 20:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-01-01 20:23 - 2014-01-01 20:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-01 20:23 - 2014-01-01 20:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-01 20:23 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-01 20:03 - 2014-01-01 20:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Administrator\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-01 20:03 - 2014-01-01 20:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Administrator\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-01 15:34 - 2014-01-01 15:34 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-01 15:24 - 2014-01-01 15:30 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe
2014-01-01 11:18 - 2014-01-01 11:18 - 00037376 _____ C:\Windows\system32\klusa.ygn
2014-01-01 11:08 - 2014-01-03 09:42 - 00000082 _____ C:\Windows\system32\gpcasr.hlr
2014-01-01 11:07 - 2014-01-01 11:18 - 00000098 _____ C:\Windows\system32\narjsaj.mug
2014-01-01 11:07 - 2014-01-01 11:07 - 00000064 _____ C:\Windows\system32\dozzm.axn
2014-01-01 10:52 - 2014-01-01 10:52 - 00219314 ____S C:\Windows\system32\gtophgs.quf
2014-01-01 01:53 - 2014-01-01 01:53 - 00000219 _____ C:\Users\Administrator\Desktop\Portal 2.url
2013-12-31 14:57 - 2014-01-03 10:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
2013-12-31 14:57 - 2013-12-31 14:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn
2013-12-31 14:57 - 2013-12-31 14:57 - 00000000 ____D C:\ProgramData\LogMeIn
2013-12-31 14:54 - 2013-12-31 14:54 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-12-31 14:51 - 2013-12-31 14:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Deployment
2013-12-31 14:51 - 2013-12-31 14:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2013-12-31 14:29 - 2013-12-31 14:29 - 00000000 ____D C:\Users\Administrator\Documents\My Games
2013-12-31 14:29 - 2013-12-31 14:29 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-12-31 14:29 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-12-31 14:29 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-12-31 14:29 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-12-31 14:29 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-12-31 14:29 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-12-31 14:29 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-12-31 14:29 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-12-31 14:09 - 2013-12-31 14:09 - 00000219 _____ C:\Users\Administrator\Desktop\Portal.url
2013-12-31 14:01 - 2013-12-31 14:01 - 00000222 _____ C:\Users\Administrator\Desktop\Terraria.url
2013-12-30 18:22 - 2013-12-30 18:22 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\openvr
2013-12-30 12:01 - 2013-12-30 12:01 - 01501368 _____ (Project64                                                   ) C:\Users\Administrator\Downloads\setup Project64 1.6.exe
2013-12-30 11:51 - 2013-12-30 11:51 - 01376768 _____ C:\Users\Administrator\Downloads\7z920-x64.msi
2013-12-30 11:51 - 2013-12-30 11:51 - 00000000 ____D C:\Program Files\7-Zip
2013-12-30 10:40 - 2013-12-30 10:40 - 00000000 ____D C:\Program Files\WinRAR
2013-12-30 10:38 - 2013-12-30 10:40 - 01209160 _____ C:\Users\Administrator\Downloads\winrar-x64-501.exe
2013-12-30 10:26 - 2013-12-30 10:27 - 03703013 _____ C:\Users\Administrator\Downloads\Project64 2.1.rar
2013-12-30 10:20 - 2014-01-01 20:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2013-12-29 23:03 - 2014-01-01 01:53 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-12-29 23:03 - 2013-12-29 23:03 - 00000219 _____ C:\Users\Administrator\Desktop\Team Fortress 2.url
2013-12-29 22:30 - 2014-01-03 10:09 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-29 22:30 - 2013-12-29 22:30 - 01133552 _____ C:\Users\Administrator\Downloads\SteamSetup.exe
2013-12-29 22:30 - 2013-12-29 22:30 - 00000963 _____ C:\Users\Public\Desktop\Steam.lnk
2013-12-29 19:51 - 2014-01-02 21:39 - 00000000 _____ C:\Users\Administrator\Documents\1386635769180.jpg.part
2013-12-25 21:54 - 2013-12-25 21:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2013-12-25 21:48 - 2013-12-25 21:48 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-25 21:48 - 2013-12-25 21:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2013-12-25 21:48 - 2013-12-25 21:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2013-12-25 21:48 - 2013-12-25 21:48 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-25 21:48 - 2013-12-25 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-25 21:48 - 2013-12-25 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-25 21:44 - 2013-12-25 21:45 - 00282992 _____ (Mozilla) C:\Users\Administrator\Downloads\Firefox Setup Stub 26.0.exe
2013-12-25 11:02 - 2013-12-25 11:02 - 00001266 _____ C:\Users\Administrator\Desktop\Creator 6 Touch.url
2013-12-25 11:02 - 2013-12-25 11:02 - 00001033 _____ C:\Users\Administrator\Desktop\Creator 6 Upgrade.url
2013-12-25 10:53 - 2013-12-25 10:53 - 00001720 _____ C:\Users\Administrator\Desktop\Creator 6 Support.url
2013-12-25 10:53 - 2013-12-25 10:53 - 00001606 _____ C:\Users\Administrator\Desktop\Creator 6 Tutorial Videos.url
2013-12-25 00:20 - 2013-12-25 00:20 - 00031510 _____ C:\Users\Administrator\Downloads\portal_still_alive.mid
2013-12-25 00:19 - 2013-12-25 00:22 - 00003584 _____ C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-25 00:14 - 2013-12-25 00:14 - 00015750 _____ C:\Users\Administrator\Downloads\000000004700.mid
2013-12-25 00:13 - 2013-12-25 00:13 - 00011618 _____ C:\Users\Administrator\Downloads\000000004498.mid
2013-12-25 00:12 - 2013-12-25 00:12 - 00023036 _____ C:\Users\Administrator\Downloads\000000004487.mid
2013-12-25 00:12 - 2013-12-25 00:12 - 00015583 _____ C:\Users\Administrator\Downloads\000000004482.mid
2013-12-25 00:12 - 2013-12-25 00:12 - 00013275 _____ C:\Users\Administrator\Downloads\000000004485.mid
2013-12-25 00:07 - 2013-12-25 00:07 - 00012581 _____ C:\Users\Administrator\Downloads\Still Alive.mid
2013-12-24 23:09 - 2013-12-24 23:09 - 00000016 _____ C:\Windows\SysWOW64\w3data.vss
2013-12-24 23:09 - 2013-12-24 23:09 - 00000016 _____ C:\Windows\SysWOW64\msvcsv60.dll
2013-12-24 23:09 - 2013-12-24 23:09 - 00000016 _____ C:\Windows\msocreg32.dat
2013-12-24 23:09 - 2013-12-24 23:09 - 00000016 _____ C:\Users\Administrator\AppData\Roaming\msregsvv.dll
2013-12-24 23:09 - 2013-12-24 23:09 - 00000016 _____ C:\ProgramData\autobk.inc
2013-12-24 23:09 - 2013-12-24 23:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Cakewalk
2013-12-24 23:08 - 2013-12-25 14:04 - 00000000 ____D C:\Cakewalk Projects
2013-12-24 23:08 - 2013-12-24 23:09 - 00000000 ____D C:\Users\Administrator\Documents\IK Multimedia
2013-12-24 23:08 - 2013-12-24 23:09 - 00000000 ____D C:\Program Files (x86)\IK Multimedia
2013-12-24 23:08 - 2013-12-24 23:08 - 00002146 _____ C:\Users\Public\Desktop\Music Creator 6.lnk
2013-12-24 23:08 - 2013-12-24 23:08 - 00000000 ____D C:\Program Files\Cakewalk
2013-12-24 23:08 - 2010-12-22 14:33 - 09410736 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_p4m.dll
2013-12-24 23:08 - 2010-12-22 14:33 - 09210032 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_p4.dll
2013-12-24 23:08 - 2010-12-22 14:33 - 09078960 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_p4p.dll
2013-12-24 23:08 - 2010-12-22 14:33 - 09033904 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_p4m3.dll
2013-12-24 23:08 - 2010-12-22 14:33 - 06944944 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_core.dll
2013-12-24 23:08 - 2010-12-22 14:33 - 03868848 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_intel_thread.dll
2013-12-24 23:08 - 2010-12-22 14:33 - 00530608 _____ (Intel Corporation) C:\Windows\SysWOW64\libiomp5md.dll
2013-12-24 23:08 - 2010-11-04 14:52 - 12708016 _____ (Intel Corporation) C:\Windows\system32\mkl_def.dll
2013-12-24 23:08 - 2010-11-04 14:52 - 12474544 _____ (Intel Corporation) C:\Windows\system32\mkl_core.dll
2013-12-24 23:08 - 2010-11-04 14:52 - 09917616 _____ (Intel Corporation) C:\Windows\system32\mkl_intel_thread.dll
2013-12-24 23:08 - 2010-11-04 14:52 - 00529072 _____ (Intel Corporation) C:\Windows\system32\libiomp5md.dll
2013-12-24 23:08 - 2009-10-14 19:15 - 00499712 _____ (Microsoft Corporation) C:\Windows\msvcp71.dll
2013-12-24 23:08 - 2009-10-14 19:15 - 00348160 _____ (Microsoft Corporation) C:\Windows\msvcr71.dll
2013-12-24 23:08 - 2006-11-30 18:49 - 00368640 _____ (Propellerhead Software AB) C:\Windows\SysWOW64\ReWire.dll
2013-12-24 23:08 - 2006-02-24 13:00 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2013-12-24 23:08 - 2006-02-24 13:00 - 01047552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71u.dll
2013-12-24 23:08 - 2006-02-24 13:00 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-12-24 23:08 - 2006-02-24 13:00 - 00487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll
2013-12-24 23:08 - 2006-02-24 13:00 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-12-24 23:08 - 2006-02-24 13:00 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2013-12-24 22:55 - 2013-12-24 23:07 - 00000000 ____D C:\Cakewalk Content
2013-12-24 22:51 - 2013-12-24 23:08 - 00000000 ____D C:\ProgramData\Cakewalk
2013-12-24 22:51 - 2013-12-24 23:08 - 00000000 ____D C:\Program Files (x86)\Cakewalk
2013-12-24 15:45 - 2013-12-24 15:45 - 00000015 _____ C:\Users\Administrator\Desktop\Base Coordinates.txt
2013-12-23 18:21 - 2013-12-23 20:38 - 00001714 _____ C:\Users\Administrator\Downloads\server.log
2013-12-23 18:01 - 2013-12-30 18:21 - 00000000 ____D C:\Users\Administrator\Downloads\Unleashed
2013-12-23 11:19 - 2012-06-02 18:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-12-23 11:19 - 2012-06-02 18:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-12-23 11:19 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-12-23 11:19 - 2012-06-02 17:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-12-23 11:19 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-12-23 11:19 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-12-23 11:19 - 2012-06-02 17:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-12-23 11:19 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-12-23 11:19 - 2012-06-02 17:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-12-22 13:36 - 2013-12-22 13:36 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-22 13:36 - 2013-12-22 13:36 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-22 13:36 - 2013-12-22 13:36 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-22 13:36 - 2013-12-22 13:36 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-22 13:27 - 2013-12-22 13:27 - 30694824 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jre-7u45-windows-x64.exe
2013-12-22 12:55 - 2013-12-22 23:17 - 00000770 _____ C:\Users\Administrator\Desktop\Minecraft Waypoints.txt
2013-12-22 12:51 - 2014-01-03 01:46 - 123607399 _____ C:\Users\Administrator\Desktop\[1.6.2]ReiMinimap_v3.4_01.zip
2013-12-22 12:48 - 2013-12-22 12:48 - 00000000 ____D C:\Users\Administrator\Downloads\Cave Story Soundtrack
2013-12-22 00:21 - 2013-12-22 00:52 - 00001788 _____ C:\Users\Administrator\Desktop\server.log
2013-12-22 00:16 - 2013-12-31 02:39 - 00000000 ____D C:\Users\Administrator\Downloads\Ultimate
2013-12-22 00:15 - 2013-12-25 21:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ftblauncher
2013-12-22 00:15 - 2013-12-22 00:15 - 00765101 _____ () C:\Users\Administrator\Downloads\launcher^FTB_Launcher.exe
2013-12-21 18:47 - 2014-01-03 10:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2013-12-21 18:46 - 2013-12-21 18:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-21 18:46 - 2013-12-21 18:48 - 00000000 ____D C:\ProgramData\Skype
2013-12-21 18:46 - 2013-12-21 18:46 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-21 18:44 - 2013-12-21 18:44 - 01551008 _____ (Skype Technologies S.A.) C:\Users\Administrator\Downloads\SkypeSetup.exe
2013-12-21 18:17 - 2013-12-21 18:17 - 00040663 _____ C:\Users\Administrator\Downloads\SEUS_v10.0_Ultra_DOF.zip
2013-12-21 18:14 - 2013-12-21 18:14 - 00040661 _____ C:\Users\Administrator\Downloads\SEUS_v10.0_Ultra_Motion_Blur.zip
2013-12-21 17:57 - 2013-12-21 18:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2013-12-21 17:57 - 2013-12-21 17:57 - 00001059 _____ C:\Users\UpdatusUser\Desktop\Notepad++.lnk
2013-12-21 17:57 - 2013-12-21 17:57 - 00001059 _____ C:\Users\Administrator\Desktop\Notepad++.lnk
2013-12-21 17:57 - 2013-12-21 17:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-12-21 17:57 - 2013-12-21 17:57 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-12-21 17:55 - 2013-12-21 17:55 - 07549839 _____ C:\Users\Administrator\Downloads\npp.6.5.2.Installer.exe
2013-12-21 17:49 - 2013-12-29 22:33 - 01069302 _____ C:\Users\Administrator\Downloads\SEUS_v10.0_Standard.zip
2013-12-21 17:45 - 2013-12-21 17:45 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2013-12-21 17:36 - 2013-12-21 17:36 - 211183464 _____ (NVIDIA Corporation) C:\Users\Administrator\Downloads\331.82-desktop-win8-win7-winvista-64bit-english-whql.exe
2013-12-21 17:04 - 2013-12-21 17:04 - 00040662 _____ C:\Users\Administrator\Downloads\SEUS_v10.0_Ultra_No_Blur.zip
2013-12-21 17:02 - 2013-12-21 17:02 - 00000000 ____D C:\Users\Administrator\Documents\shaders
2013-12-21 16:46 - 2013-12-21 16:46 - 00188064 _____ C:\Users\Administrator\Downloads\ShadersModCore-v2.2.0-mc1.6.4-f953.jar
2013-12-21 16:37 - 2013-12-21 16:38 - 02269709 _____ C:\Users\Administrator\Downloads\forge-1.6.4-9.11.1.953-installer.jar
2013-12-21 14:19 - 2013-12-30 12:53 - 00001031 _____ C:\Users\Administrator\Desktop\Minecraft.lnk
2013-12-21 14:16 - 2013-12-21 14:18 - 00000097 _____ C:\Users\Administrator\Documents\memory.bat
2013-12-21 14:11 - 2013-12-21 14:11 - 22706524 _____ (LucasArts) C:\Users\Administrator\Downloads\EAWUpdate1_5.exe
2013-12-21 13:59 - 2013-12-21 13:59 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2013-12-21 13:59 - 2013-12-21 13:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Petroglyph
2013-12-21 13:59 - 2013-12-21 13:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-21 13:59 - 2013-12-21 13:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\LucasArts
2013-12-21 13:58 - 2013-12-21 13:58 - 00017967 _____ C:\Windows\DirectX.log
2013-12-21 13:58 - 2013-12-21 13:58 - 00001050 _____ C:\Users\Administrator\Desktop\Play Star Wars Empire at War.lnk
2013-12-21 13:58 - 2005-07-22 22:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-12-21 13:58 - 2005-07-22 22:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-12-21 13:44 - 2013-12-21 13:44 - 00000000 ____D C:\Program Files (x86)\LucasArts
2013-12-21 13:38 - 2013-12-22 01:31 - 00000000 ____D C:\Windows\System32\Tasks\Norton Identity Safe
2013-12-21 12:04 - 2013-12-21 12:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2013-12-21 02:50 - 2014-01-01 10:23 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-12-21 02:50 - 2014-01-01 10:23 - 00000774 _____ C:\Windows\LkmdfCoInst.log
2013-12-21 02:50 - 2013-12-21 02:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Leadertech
2013-12-21 02:50 - 2013-12-21 02:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\Logitech
2013-12-21 02:50 - 2013-12-21 02:50 - 00000000 ____D C:\ProgramData\LogiShrd
2013-12-21 02:50 - 2013-12-21 02:50 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-12-21 02:49 - 2013-12-21 02:49 - 56601328 _____ (Logitech Inc.) C:\Users\Administrator\Downloads\LGS_8.51.5_x64_Logitech.exe
2013-12-21 02:49 - 2013-12-21 02:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Logitech
2013-12-21 02:49 - 2013-12-21 02:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Logishrd
2013-12-21 02:36 - 2013-12-21 02:36 - 96928277 _____ C:\Users\Administrator\Downloads\Cave Story Soundtrack.zip
2013-12-21 02:14 - 2013-12-21 02:14 - 01136575 _____ C:\Users\Administrator\Downloads\cavestoryen.zip
2013-12-21 02:14 - 2013-12-21 02:14 - 00921985 _____ C:\Users\Administrator\Downloads\dou_1006.zip
2013-12-21 02:14 - 2013-12-21 02:14 - 00000000 ____D C:\Users\Administrator\Downloads\cavestoryen
2013-12-21 01:39 - 2013-12-21 01:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-12-21 01:38 - 2013-12-25 21:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-21 01:38 - 2013-12-25 21:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-21 01:38 - 2013-12-21 01:38 - 00000000 ____D C:\Windows\system32\Macromed
2013-12-21 01:38 - 2013-12-21 01:38 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-12-21 01:37 - 2013-12-25 21:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2013-12-21 01:09 - 2014-01-02 21:45 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\.minecraft
2013-12-21 01:06 - 2013-12-22 13:36 - 00000000 ____D C:\ProgramData\Oracle
2013-12-21 01:06 - 2013-12-22 13:36 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-21 01:06 - 2013-12-21 01:06 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-21 01:06 - 2013-12-21 01:06 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-21 01:06 - 2013-12-21 01:06 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-21 01:06 - 2013-12-21 01:06 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-21 01:06 - 2013-12-21 01:06 - 00000000 ____D C:\Windows\Sun
2013-12-21 01:06 - 2013-12-21 01:06 - 00000000 ____D C:\ProgramData\Sun
2013-12-21 01:05 - 2013-12-21 01:05 - 00000000 ____D C:\ProgramData\McAfee
2013-12-21 01:03 - 2013-12-21 01:03 - 00915368 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\JavaSetup7u45.exe
2013-12-21 01:03 - 2013-12-21 01:03 - 00675988 _____ C:\Users\Administrator\Documents\Minecraft.exe
2013-12-21 00:26 - 2013-12-21 00:26 - 00000000 ____D C:\Windows\System32\Tasks\Norton AntiVirus
2013-12-21 00:08 - 2013-12-21 00:08 - 00000000 ____D C:\Users\Administrator\Documents\Symantec
2013-12-21 00:07 - 2013-12-21 20:57 - 00000000 ____D C:\Windows\system32\Drivers\NSTx64
2013-12-21 00:07 - 2013-12-21 00:25 - 00003218 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-12-21 00:07 - 2013-12-21 00:25 - 00002397 _____ C:\Users\Public\Desktop\Norton AntiVirus.lnk
2013-12-21 00:07 - 2013-12-21 00:25 - 00000000 ____D C:\Windows\system32\Drivers\NAVx64
2013-12-21 00:07 - 2013-12-21 00:07 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-12-21 00:07 - 2013-12-21 00:07 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-12-21 00:07 - 2013-12-21 00:07 - 00000000 ____D C:\ProgramData\Norton
2013-12-21 00:07 - 2013-12-21 00:07 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-21 00:07 - 2013-12-21 00:07 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe
2013-12-21 00:07 - 2013-12-21 00:07 - 00000000 ____D C:\Program Files (x86)\Norton AntiVirus
2013-12-20 23:51 - 2013-12-20 23:51 - 00103759 _____ C:\Users\Administrator\Documents\Microphone Test.wma
2013-12-20 23:42 - 2013-12-21 00:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Games
2013-12-12 14:30 - 2013-12-12 14:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-12-12 14:27 - 2013-12-12 14:27 - 00001300 _____ C:\Users\Administrator\Desktop\Sound Blaster Z-Series Control Panel.lnk
2013-12-12 12:39 - 2013-12-12 12:39 - 00000000 ____D C:\ProgramData\Creative
2013-12-11 20:29 - 2013-12-11 20:29 - 00466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-12-11 20:29 - 2013-12-11 20:29 - 00445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-12-11 20:29 - 2013-12-11 20:29 - 00123480 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-12-11 20:29 - 2013-12-11 20:29 - 00109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-12-11 20:29 - 2013-12-11 20:29 - 00000000 ____D C:\Program Files\Creative
2013-12-11 20:29 - 2012-11-26 20:19 - 00005687 ____N C:\Windows\SysWOW64\CTOPT352.cat
2013-12-11 20:29 - 2012-11-26 19:52 - 00005783 ____N C:\Windows\system32\CTOPT352.cat
2013-12-11 20:29 - 2012-08-13 17:51 - 00183808 ____N (Creative Technology Ltd) C:\Windows\system32\CTOPT352.dll
2013-12-11 20:29 - 2012-08-13 17:51 - 00167424 ____N (Creative Technology Ltd) C:\Windows\SysWOW64\CTOPT352.dll
2013-12-11 20:29 - 2012-01-13 14:23 - 01944064 ____N (Creative) C:\Windows\system32\Sens_oal.dll
2013-12-11 20:29 - 2012-01-13 14:21 - 02906586 ____N (Creative) C:\Windows\SysWOW64\Sens_oal.dll
2013-12-11 20:29 - 2009-12-23 21:49 - 00809560 ____R (Creative Labs Inc.) C:\Windows\SysWOW64\tmp9B75.tmp
2013-12-11 20:29 - 2006-12-05 16:53 - 00042496 ____N (Creative Technology Ltd.) C:\Windows\SysWOW64\AddCat.exe
2013-12-11 20:29 - 2006-12-05 16:53 - 00042496 ____N (Creative Technology Ltd.) C:\Windows\system32\AddCat.exe
2013-12-11 20:29 - 2006-10-06 01:17 - 00053248 ____N (Creative Technology Ltd ) C:\Windows\Ctregrun.exe
2013-12-11 20:29 - 2003-06-13 02:25 - 00007062 _____ C:\Windows\SysWOW64\audiopid.vxd
2013-12-11 20:29 - 2000-05-22 03:58 - 00647872 ____N (Microsoft Corporation) C:\Windows\SysWOW64\Mscomct2.ocx
2013-12-11 20:29 - 2000-05-11 04:00 - 00090112 ____N (Creative Technology Ltd.) C:\Windows\Updreg.EXE
2013-12-11 20:28 - 2013-12-11 20:28 - 00000000 ____D C:\Users\Public\Creative
2013-12-11 20:28 - 2010-10-04 18:20 - 00088576 ____N (Creative Technology Ltd) C:\Windows\system32\CTOPT399.dll
2013-12-11 20:28 - 2010-10-04 18:20 - 00079360 ____N (Creative Technology Ltd) C:\Windows\SysWOW64\CTOPT399.dll
2013-12-11 20:28 - 2010-10-03 17:54 - 00005594 ____N C:\Windows\system32\CTOPT399.cat
2013-12-11 20:28 - 2010-10-03 17:48 - 00005498 ____N C:\Windows\SysWOW64\CTOPT399.cat
2013-12-11 20:28 - 2008-12-22 23:13 - 00061440 ____N (Creative Technology Ltd) C:\Windows\SysWOW64\CTChkAud.dll
2013-12-11 20:28 - 2008-12-22 23:13 - 00049664 ____N (Creative Technology Ltd) C:\Windows\system32\CTChkAud.dll
2013-12-11 20:27 - 2013-12-11 20:28 - 00000078 ___RH C:\Windows\ctfile.rfc
2013-12-11 20:27 - 2012-04-02 02:51 - 00004850 _____ C:\Windows\cthdaENG.reg
2013-12-11 20:26 - 2013-12-11 20:29 - 00000000 ____D C:\Program Files (x86)\Creative
2013-12-11 20:23 - 2013-12-11 20:24 - 00000021 _____ C:\Users\Administrator\AppData\Roaming\config_data.dat
2013-12-11 20:23 - 2013-12-11 20:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Corsair
2013-12-11 20:23 - 2013-12-11 20:23 - 00000000 ____D C:\Program Files (x86)\Silabs
2013-12-11 19:59 - 2013-12-11 19:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2013-12-11 19:59 - 2013-12-11 19:59 - 00000000 ____D C:\Users\Administrator\Intel
2013-12-11 19:59 - 2013-12-11 19:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2013-12-11 19:59 - 2013-12-11 19:59 - 00000000 ____D C:\ProgramData\Intel
2013-12-11 19:59 - 2013-04-25 21:24 - 00786416 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2013-12-11 19:59 - 2013-04-25 21:24 - 00368112 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2013-12-11 19:59 - 2013-04-25 21:24 - 00020464 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2013-12-11 19:59 - 2013-03-12 16:19 - 00016344 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2013-12-11 19:58 - 2013-12-11 19:59 - 00000086 _____ C:\Windows\MEI.log
2013-12-11 19:58 - 2013-12-11 19:59 - 00000000 ____D C:\Program Files\Intel
2013-12-11 19:58 - 2013-12-11 19:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\InstallShield
2013-12-11 19:58 - 2013-03-12 16:19 - 00064624 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys
2013-12-11 19:58 - 2006-01-12 17:52 - 00001904 ____N C:\Windows\system32\SetupBD.din
2013-12-11 19:56 - 2013-06-13 06:20 - 05448460 _____ C:\Windows\system32\Drivers\rtvienna.dat
2013-12-11 19:56 - 2013-06-10 14:10 - 00791808 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2013-12-11 19:56 - 2013-06-10 14:10 - 00633088 _____ (SRS Labs, Inc.) C:\Windows\system32\sltech64.dll
2013-12-11 19:56 - 2013-06-10 14:10 - 00521472 _____ (SRS Labs, Inc.) C:\Windows\system32\sl3apo64.dll
2013-12-11 19:56 - 2013-06-10 14:10 - 00213760 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2013-12-11 19:56 - 2013-04-08 04:37 - 00148912 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2013-12-11 19:56 - 2013-04-08 04:36 - 00858032 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2013-12-11 19:56 - 2013-04-08 04:36 - 00569256 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2013-12-11 19:56 - 2012-01-29 22:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2013-12-11 19:56 - 2012-01-09 21:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2013-12-11 19:56 - 2011-08-11 03:55 - 00001332 ____R C:\Windows\system32\Drivers\DTSU2P.DAT
2013-12-11 19:55 - 2013-12-21 13:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-11 19:55 - 2013-12-11 19:56 - 00000206 _____ C:\audio.log
2013-12-11 19:55 - 2013-12-11 19:55 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-12-11 19:55 - 2013-07-16 07:14 - 03486680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-12-11 19:55 - 2013-07-16 05:20 - 29216256 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2013-12-11 19:55 - 2013-07-16 00:52 - 00147160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-12-11 19:55 - 2013-07-12 01:26 - 00618913 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-12-11 19:55 - 2013-07-09 04:20 - 03760344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-12-11 19:55 - 2013-07-08 05:32 - 04810008 _____ (ASUSTeKcomputer.Inc) C:\Windows\system32\RTKSMlfx.dll
2013-12-11 19:55 - 2013-07-08 05:31 - 00758104 _____ (A-Volute) C:\Windows\system32\RTKSMSettingsIPC.dll
2013-12-11 19:55 - 2013-06-27 01:12 - 02795224 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-12-11 19:55 - 2013-06-26 05:18 - 14041344 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2013-12-11 19:55 - 2013-06-26 05:18 - 00920832 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2013-12-11 19:55 - 2013-06-26 05:17 - 27515648 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2013-12-11 19:55 - 2013-06-26 05:17 - 03603712 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2013-12-11 19:55 - 2013-06-26 05:17 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2013-12-11 19:55 - 2013-06-26 05:17 - 02032896 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2013-12-11 19:55 - 2013-06-26 05:17 - 01904384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2013-12-11 19:55 - 2013-06-20 22:01 - 00109848 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2013-12-11 19:55 - 2013-06-18 06:52 - 01004248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-12-11 19:55 - 2013-06-18 04:44 - 02736160 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-12-11 19:55 - 2013-06-18 04:00 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2013-12-11 19:55 - 2013-06-10 02:44 - 02080472 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2013-12-11 19:55 - 2013-06-05 08:42 - 00208072 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-12-11 19:55 - 2013-04-24 04:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-12-11 19:55 - 2013-04-14 22:19 - 00722688 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2013-12-11 19:55 - 2013-04-03 09:02 - 00613448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-12-11 19:55 - 2013-04-03 01:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2013-12-11 19:55 - 2013-02-20 05:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-12-11 19:55 - 2012-12-17 04:49 - 00547784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2013-12-11 19:55 - 2012-12-11 22:17 - 00395208 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-12-11 19:55 - 2012-10-02 01:41 - 00501192 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2013-12-11 19:55 - 2012-10-02 01:41 - 00487368 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2013-12-11 19:55 - 2012-10-02 01:41 - 00415688 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2013-12-11 19:55 - 2012-09-10 07:06 - 00612728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2013-12-11 19:55 - 2012-08-31 06:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2013-12-11 19:55 - 2012-08-31 06:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2013-12-11 19:55 - 2012-08-31 06:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2013-12-11 19:55 - 2012-08-31 06:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2013-12-11 19:55 - 2012-08-31 06:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2013-12-11 19:55 - 2012-07-15 08:13 - 00394616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-12-11 19:55 - 2012-06-20 04:26 - 00110592 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-11 19:55 - 2012-03-07 22:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-12-11 19:55 - 2011-12-20 02:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-12-11 19:53 - 2013-12-11 19:59 - 00000000 ____D C:\Program Files (x86)\Intel
2013-12-11 19:53 - 2013-12-11 19:53 - 00000000 ____D C:\Intel
2013-12-11 19:53 - 2013-02-27 02:37 - 00053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2013-12-11 19:52 - 2013-12-11 19:59 - 00060460 _____ C:\Windows\Ascd_log.ini
2013-12-11 19:52 - 2013-12-11 19:52 - 00000000 ____D C:\Windows\AsusInstAll
2013-12-11 19:52 - 2013-12-11 19:52 - 00000000 _____ C:\Windows\Ascd_err.ini
2013-12-11 19:52 - 2011-02-25 01:25 - 00296320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-12-11 19:51 - 2013-12-11 19:51 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-12-11 19:48 - 2013-12-11 19:50 - 00044300 _____ C:\Windows\Ascd_tmp.ini
2013-12-11 19:48 - 2013-12-11 19:49 - 00001769 _____ C:\Windows\Language_trs.ini
2013-12-11 19:48 - 2013-12-11 19:48 - 00000000 ____H C:\Windows\system32\Drivers\MsftWdf_user_01_11_00.Wdf
2013-12-11 19:48 - 2013-12-11 19:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_ASMBSW_01_11_00.Wdf
2013-12-11 19:48 - 2013-12-11 19:48 - 00000000 ____D C:\Program Files\ASUS
2013-12-11 19:48 - 2013-12-11 19:48 - 00000000 ____D C:\Program Files (x86)\ASUS
2013-12-11 19:48 - 2012-08-21 13:54 - 00015232 ____R C:\Windows\SysWOW64\Drivers\AsIO.sys
2013-12-11 19:48 - 2012-08-16 21:57 - 02356592 _____ (Microsoft Corporation) C:\Windows\system32\WudfUpdate_01011.dll
2013-12-11 19:48 - 2012-07-25 22:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-12-11 19:48 - 2012-07-25 22:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-12-11 19:48 - 2012-07-25 22:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-12-11 19:48 - 2012-07-25 22:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-12-11 19:48 - 2012-07-25 22:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-12-11 19:48 - 2012-07-25 21:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-12-11 19:48 - 2012-07-25 21:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-12-11 19:48 - 2012-06-02 09:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-12-11 19:48 - 2010-06-28 11:41 - 00028672 ____R (ASUSTek Computer Inc.) C:\Windows\SysWOW64\AsIO.dll
2013-12-11 15:18 - 2013-12-11 17:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\NVIDIA
2013-12-11 15:09 - 2013-12-21 17:45 - 00001347 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-12-11 15:07 - 2013-11-14 06:55 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-12-11 15:07 - 2013-11-14 06:55 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-12-11 15:06 - 2014-01-03 10:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-11 15:06 - 2013-12-21 17:44 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-11 15:06 - 2013-12-11 15:07 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-11 15:06 - 2013-12-11 15:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-11 15:06 - 2013-12-11 15:06 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-12-11 15:06 - 2013-12-11 15:06 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-11 15:06 - 2013-11-14 06:55 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 18293608 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-11 15:06 - 2013-11-14 06:55 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 03069608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-12-11 15:06 - 2013-11-14 06:55 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-11 15:06 - 2013-11-14 06:55 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-11 15:06 - 2013-11-14 06:55 - 00023754 _____ C:\Windows\system32\nvinfo.pb
2013-12-11 15:06 - 2013-11-11 10:02 - 06674208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-12-11 15:06 - 2013-11-11 10:02 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-12-11 15:06 - 2013-11-11 10:01 - 03467927 _____ C:\Windows\system32\nvcoproc.bin
2013-12-11 15:06 - 2013-11-11 10:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-12-11 15:06 - 2013-11-11 10:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-12-11 15:06 - 2013-11-11 10:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-12-11 15:06 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-11 15:06 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-11 11:12 - 2013-12-11 15:56 - 00000000 ____D C:\Users\Administrator\Heaven
2013-12-11 11:12 - 2013-12-11 11:12 - 00585728 _____ C:\Users\Administrator\AppData\Local\file__0.localstorage
2013-12-10 06:33 - 2013-12-24 23:10 - 00057952 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-10 06:31 - 2013-12-10 06:31 - 00000000 ____D C:\NVIDIA
2013-12-10 06:30 - 2013-12-21 03:01 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-10 06:30 - 2013-12-11 19:59 - 00794900 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-10 06:30 - 2013-12-10 06:30 - 00001443 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-10 06:30 - 2013-12-10 06:30 - 00001409 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-12-10 06:30 - 2013-12-10 06:30 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-10 06:28 - 2014-01-03 10:07 - 00945807 _____ C:\Windows\WindowsUpdate.log
2013-12-10 06:28 - 2011-04-25 17:06 - 00007306 _____ C:\Windows\logo.bmp
2013-12-10 06:27 - 2013-12-11 19:59 - 00000000 ____D C:\Users\Administrator
2013-12-10 06:27 - 2013-12-10 06:27 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-12-10 06:27 - 2013-12-10 06:27 - 00000000 __SHD C:\Recovery
2013-12-10 06:27 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-10 06:27 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-10 06:25 - 2013-12-11 19:56 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-10 06:25 - 2013-12-10 06:25 - 00001355 _____ C:\Windows\TSSysprep.log
2013-12-10 06:25 - 2013-12-10 06:25 - 00000000 ____D C:\Program Files\Realtek
2013-12-10 06:24 - 2013-12-10 06:27 - 00000000 ____D C:\Windows\Panther

==================== One Month Modified Files and Folders =======

2014-01-03 10:11 - 2014-01-03 10:11 - 00016003 _____ C:\Users\Administrator\Downloads\FRST.txt
2014-01-03 10:10 - 2014-01-03 10:10 - 00000000 ____D C:\FRST
2014-01-03 10:09 - 2014-01-03 10:09 - 01931750 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2014-01-03 10:09 - 2013-12-29 22:30 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-03 10:09 - 2013-12-21 18:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2014-01-03 10:08 - 2013-12-31 14:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
2014-01-03 10:08 - 2013-12-11 15:06 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-03 10:08 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-03 10:08 - 2009-07-13 23:51 - 00047191 _____ C:\Windows\setupact.log
2014-01-03 10:07 - 2013-12-10 06:28 - 00945807 _____ C:\Windows\WindowsUpdate.log
2014-01-03 09:42 - 2014-01-01 11:08 - 00000082 _____ C:\Windows\system32\gpcasr.hlr
2014-01-03 08:48 - 2009-07-13 23:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 08:48 - 2009-07-13 23:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 08:47 - 2009-07-14 00:13 - 00779966 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 01:46 - 2013-12-22 12:51 - 123607399 _____ C:\Users\Administrator\Desktop\[1.6.2]ReiMinimap_v3.4_01.zip
2014-01-02 21:45 - 2013-12-21 01:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\.minecraft
2014-01-02 21:39 - 2013-12-29 19:51 - 00000000 _____ C:\Users\Administrator\Documents\1386635769180.jpg.part
2014-01-02 15:03 - 2014-01-02 15:03 - 00029439 _____ C:\Users\Administrator\Desktop\dds.txt
2014-01-02 15:03 - 2014-01-02 15:03 - 00013602 _____ C:\Users\Administrator\Desktop\attach.txt
2014-01-02 15:02 - 2014-01-02 15:01 - 00688992 ____R (Swearware) C:\Users\Administrator\Downloads\dds.com
2014-01-01 21:20 - 2014-01-01 21:13 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2014-01-01 21:20 - 2014-01-01 21:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-01 21:13 - 2014-01-01 21:13 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-01 21:13 - 2014-01-01 20:54 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.07.0.1008.exe
2014-01-01 20:45 - 2010-11-20 22:47 - 00016050 _____ C:\Windows\PFRO.log
2014-01-01 20:37 - 2013-12-30 10:20 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2014-01-01 20:23 - 2014-01-01 20:23 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-01 20:23 - 2014-01-01 20:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-01-01 20:23 - 2014-01-01 20:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-01 20:23 - 2014-01-01 20:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-01 20:13 - 2014-01-01 20:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Administrator\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-01 20:10 - 2014-01-01 20:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Administrator\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-01 15:34 - 2014-01-01 15:34 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-01 15:30 - 2014-01-01 15:24 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe
2014-01-01 11:18 - 2014-01-01 11:18 - 00037376 _____ C:\Windows\system32\klusa.ygn
2014-01-01 11:18 - 2014-01-01 11:07 - 00000098 _____ C:\Windows\system32\narjsaj.mug
2014-01-01 11:07 - 2014-01-01 11:07 - 00000064 _____ C:\Windows\system32\dozzm.axn
2014-01-01 10:52 - 2014-01-01 10:52 - 00219314 ____S C:\Windows\system32\gtophgs.quf
2014-01-01 10:23 - 2013-12-21 02:50 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-01-01 10:23 - 2013-12-21 02:50 - 00000774 _____ C:\Windows\LkmdfCoInst.log
2014-01-01 01:53 - 2014-01-01 01:53 - 00000219 _____ C:\Users\Administrator\Desktop\Portal 2.url
2014-01-01 01:53 - 2013-12-29 23:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-12-31 14:59 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-12-31 14:57 - 2013-12-31 14:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn
2013-12-31 14:57 - 2013-12-31 14:57 - 00000000 ____D C:\ProgramData\LogMeIn
2013-12-31 14:54 - 2013-12-31 14:54 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-12-31 14:54 - 2013-12-31 14:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Deployment
2013-12-31 14:51 - 2013-12-31 14:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2013-12-31 14:29 - 2013-12-31 14:29 - 00000000 ____D C:\Users\Administrator\Documents\My Games
2013-12-31 14:29 - 2013-12-31 14:29 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-12-31 14:09 - 2013-12-31 14:09 - 00000219 _____ C:\Users\Administrator\Desktop\Portal.url
2013-12-31 14:01 - 2013-12-31 14:01 - 00000222 _____ C:\Users\Administrator\Desktop\Terraria.url
2013-12-31 02:39 - 2013-12-22 00:16 - 00000000 ____D C:\Users\Administrator\Downloads\Ultimate
2013-12-30 18:22 - 2013-12-30 18:22 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\openvr
2013-12-30 18:21 - 2013-12-23 18:01 - 00000000 ____D C:\Users\Administrator\Downloads\Unleashed
2013-12-30 12:53 - 2013-12-21 14:19 - 00001031 _____ C:\Users\Administrator\Desktop\Minecraft.lnk
2013-12-30 12:01 - 2013-12-30 12:01 - 01501368 _____ (Project64                                                   ) C:\Users\Administrator\Downloads\setup Project64 1.6.exe
2013-12-30 11:51 - 2013-12-30 11:51 - 01376768 _____ C:\Users\Administrator\Downloads\7z920-x64.msi
2013-12-30 11:51 - 2013-12-30 11:51 - 00000000 ____D C:\Program Files\7-Zip
2013-12-30 10:40 - 2013-12-30 10:40 - 00000000 ____D C:\Program Files\WinRAR
2013-12-30 10:40 - 2013-12-30 10:38 - 01209160 _____ C:\Users\Administrator\Downloads\winrar-x64-501.exe
2013-12-30 10:27 - 2013-12-30 10:26 - 03703013 _____ C:\Users\Administrator\Downloads\Project64 2.1.rar
2013-12-29 23:03 - 2013-12-29 23:03 - 00000219 _____ C:\Users\Administrator\Desktop\Team Fortress 2.url
2013-12-29 22:33 - 2013-12-21 17:49 - 01069302 _____ C:\Users\Administrator\Downloads\SEUS_v10.0_Standard.zip
2013-12-29 22:30 - 2013-12-29 22:30 - 01133552 _____ C:\Users\Administrator\Downloads\SteamSetup.exe
2013-12-29 22:30 - 2013-12-29 22:30 - 00000963 _____ C:\Users\Public\Desktop\Steam.lnk
2013-12-25 21:54 - 2013-12-25 21:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2013-12-25 21:53 - 2013-12-21 01:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-25 21:53 - 2013-12-21 01:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-25 21:53 - 2013-12-21 01:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2013-12-25 21:48 - 2013-12-25 21:48 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-25 21:48 - 2013-12-25 21:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2013-12-25 21:48 - 2013-12-25 21:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2013-12-25 21:48 - 2013-12-25 21:48 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-25 21:48 - 2013-12-25 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-25 21:48 - 2013-12-25 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-25 21:45 - 2013-12-25 21:44 - 00282992 _____ (Mozilla) C:\Users\Administrator\Downloads\Firefox Setup Stub 26.0.exe
2013-12-25 21:29 - 2013-12-22 00:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ftblauncher
2013-12-25 18:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-12-25 14:04 - 2013-12-24 23:08 - 00000000 ____D C:\Cakewalk Projects
2013-12-25 11:02 - 2013-12-25 11:02 - 00001266 _____ C:\Users\Administrator\Desktop\Creator 6 Touch.url
2013-12-25 11:02 - 2013-12-25 11:02 - 00001033 _____ C:\Users\Administrator\Desktop\Creator 6 Upgrade.url
2013-12-25 10:53 - 2013-12-25 10:53 - 00001720 _____ C:\Users\Administrator\Desktop\Creator 6 Support.url
2013-12-25 10:53 - 2013-12-25 10:53 - 00001606 _____ C:\Users\Administrator\Desktop\Creator 6 Tutorial Videos.url
2013-12-25 10:34 - 2009-07-13 23:45 - 00266848 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-25 00:22 - 2013-12-25 00:19 - 00003584 _____ C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-25 00:20 - 2013-12-25 00:20 - 00031510 _____ C:\Users\Administrator\Downloads\portal_still_alive.mid
2013-12-25 00:14 - 2013-12-25 00:14 - 00015750 _____ C:\Users\Administrator\Downloads\000000004700.mid
2013-12-25 00:13 - 2013-12-25 00:13 - 00011618 _____ C:\Users\Administrator\Downloads\000000004498.mid
2013-12-25 00:12 - 2013-12-25 00:12 - 00023036 _____ C:\Users\Administrator\Downloads\000000004487.mid
2013-12-25 00:12 - 2013-12-25 00:12 - 00015583 _____ C:\Users\Administrator\Downloads\000000004482.mid
2013-12-25 00:12 - 2013-12-25 00:12 - 00013275 _____ C:\Users\Administrator\Downloads\000000004485.mid
2013-12-25 00:07 - 2013-12-25 00:07 - 00012581 _____ C:\Users\Administrator\Downloads\Still Alive.mid
2013-12-24 23:10 - 2013-12-10 06:33 - 00057952 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-24 23:09 - 2013-12-24 23:09 - 00000016 _____ C:\Windows\SysWOW64\w3data.vss
2013-12-24 23:09 - 2013-12-24 23:09 - 00000016 _____ C:\Windows\SysWOW64\msvcsv60.dll
2013-12-24 23:09 - 2013-12-24 23:09 - 00000016 _____ C:\Windows\msocreg32.dat
2013-12-24 23:09 - 2013-12-24 23:09 - 00000016 _____ C:\Users\Administrator\AppData\Roaming\msregsvv.dll
2013-12-24 23:09 - 2013-12-24 23:09 - 00000016 _____ C:\ProgramData\autobk.inc
2013-12-24 23:09 - 2013-12-24 23:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Cakewalk
2013-12-24 23:09 - 2013-12-24 23:08 - 00000000 ____D C:\Users\Administrator\Documents\IK Multimedia
2013-12-24 23:09 - 2013-12-24 23:08 - 00000000 ____D C:\Program Files (x86)\IK Multimedia
2013-12-24 23:08 - 2013-12-24 23:08 - 00002146 _____ C:\Users\Public\Desktop\Music Creator 6.lnk
2013-12-24 23:08 - 2013-12-24 23:08 - 00000000 ____D C:\Program Files\Cakewalk
2013-12-24 23:08 - 2013-12-24 22:51 - 00000000 ____D C:\ProgramData\Cakewalk
2013-12-24 23:08 - 2013-12-24 22:51 - 00000000 ____D C:\Program Files (x86)\Cakewalk
2013-12-24 23:07 - 2013-12-24 22:55 - 00000000 ____D C:\Cakewalk Content
2013-12-24 15:45 - 2013-12-24 15:45 - 00000015 _____ C:\Users\Administrator\Desktop\Base Coordinates.txt
2013-12-23 20:38 - 2013-12-23 18:21 - 00001714 _____ C:\Users\Administrator\Downloads\server.log
2013-12-22 23:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-22 23:17 - 2013-12-22 12:55 - 00000770 _____ C:\Users\Administrator\Desktop\Minecraft Waypoints.txt
2013-12-22 13:36 - 2013-12-22 13:36 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-22 13:36 - 2013-12-22 13:36 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-22 13:36 - 2013-12-22 13:36 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-22 13:36 - 2013-12-22 13:36 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-22 13:36 - 2013-12-21 01:06 - 00000000 ____D C:\ProgramData\Oracle
2013-12-22 13:36 - 2013-12-21 01:06 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-22 13:27 - 2013-12-22 13:27 - 30694824 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jre-7u45-windows-x64.exe
2013-12-22 12:48 - 2013-12-22 12:48 - 00000000 ____D C:\Users\Administrator\Downloads\Cave Story Soundtrack
2013-12-22 01:31 - 2013-12-21 13:38 - 00000000 ____D C:\Windows\System32\Tasks\Norton Identity Safe
2013-12-22 00:52 - 2013-12-22 00:21 - 00001788 _____ C:\Users\Administrator\Desktop\server.log
2013-12-22 00:15 - 2013-12-22 00:15 - 00765101 _____ () C:\Users\Administrator\Downloads\launcher^FTB_Launcher.exe
2013-12-21 20:57 - 2013-12-21 00:07 - 00000000 ____D C:\Windows\system32\Drivers\NSTx64
2013-12-21 18:48 - 2013-12-21 18:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-21 18:48 - 2013-12-21 18:46 - 00000000 ____D C:\ProgramData\Skype
2013-12-21 18:46 - 2013-12-21 18:46 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-21 18:44 - 2013-12-21 18:44 - 01551008 _____ (Skype Technologies S.A.) C:\Users\Administrator\Downloads\SkypeSetup.exe
2013-12-21 18:17 - 2013-12-21 18:17 - 00040663 _____ C:\Users\Administrator\Downloads\SEUS_v10.0_Ultra_DOF.zip
2013-12-21 18:14 - 2013-12-21 18:14 - 00040661 _____ C:\Users\Administrator\Downloads\SEUS_v10.0_Ultra_Motion_Blur.zip
2013-12-21 18:05 - 2013-12-21 17:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2013-12-21 17:57 - 2013-12-21 17:57 - 00001059 _____ C:\Users\UpdatusUser\Desktop\Notepad++.lnk
2013-12-21 17:57 - 2013-12-21 17:57 - 00001059 _____ C:\Users\Administrator\Desktop\Notepad++.lnk
2013-12-21 17:57 - 2013-12-21 17:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-12-21 17:57 - 2013-12-21 17:57 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-12-21 17:55 - 2013-12-21 17:55 - 07549839 _____ C:\Users\Administrator\Downloads\npp.6.5.2.Installer.exe
2013-12-21 17:45 - 2013-12-21 17:45 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2013-12-21 17:45 - 2013-12-11 15:09 - 00001347 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-12-21 17:44 - 2013-12-11 15:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-21 17:36 - 2013-12-21 17:36 - 211183464 _____ (NVIDIA Corporation) C:\Users\Administrator\Downloads\331.82-desktop-win8-win7-winvista-64bit-english-whql.exe
2013-12-21 17:04 - 2013-12-21 17:04 - 00040662 _____ C:\Users\Administrator\Downloads\SEUS_v10.0_Ultra_No_Blur.zip
2013-12-21 17:02 - 2013-12-21 17:02 - 00000000 ____D C:\Users\Administrator\Documents\shaders
2013-12-21 16:46 - 2013-12-21 16:46 - 00188064 _____ C:\Users\Administrator\Downloads\ShadersModCore-v2.2.0-mc1.6.4-f953.jar
2013-12-21 16:38 - 2013-12-21 16:37 - 02269709 _____ C:\Users\Administrator\Downloads\forge-1.6.4-9.11.1.953-installer.jar
2013-12-21 14:18 - 2013-12-21 14:16 - 00000097 _____ C:\Users\Administrator\Documents\memory.bat
2013-12-21 14:11 - 2013-12-21 14:11 - 22706524 _____ (LucasArts) C:\Users\Administrator\Downloads\EAWUpdate1_5.exe
2013-12-21 13:59 - 2013-12-21 13:59 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2013-12-21 13:59 - 2013-12-21 13:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Petroglyph
2013-12-21 13:59 - 2013-12-21 13:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-21 13:59 - 2013-12-21 13:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\LucasArts
2013-12-21 13:58 - 2013-12-21 13:58 - 00017967 _____ C:\Windows\DirectX.log
2013-12-21 13:58 - 2013-12-21 13:58 - 00001050 _____ C:\Users\Administrator\Desktop\Play Star Wars Empire at War.lnk
2013-12-21 13:44 - 2013-12-21 13:44 - 00000000 ____D C:\Program Files (x86)\LucasArts
2013-12-21 13:44 - 2013-12-11 19:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-21 12:04 - 2013-12-21 12:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2013-12-21 03:01 - 2013-12-10 06:30 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-21 02:50 - 2013-12-21 02:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Leadertech
2013-12-21 02:50 - 2013-12-21 02:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\Logitech
2013-12-21 02:50 - 2013-12-21 02:50 - 00000000 ____D C:\ProgramData\LogiShrd
2013-12-21 02:50 - 2013-12-21 02:50 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-12-21 02:49 - 2013-12-21 02:49 - 56601328 _____ (Logitech Inc.) C:\Users\Administrator\Downloads\LGS_8.51.5_x64_Logitech.exe
2013-12-21 02:49 - 2013-12-21 02:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Logitech
2013-12-21 02:49 - 2013-12-21 02:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Logishrd
2013-12-21 02:36 - 2013-12-21 02:36 - 96928277 _____ C:\Users\Administrator\Downloads\Cave Story Soundtrack.zip
2013-12-21 02:14 - 2013-12-21 02:14 - 01136575 _____ C:\Users\Administrator\Downloads\cavestoryen.zip
2013-12-21 02:14 - 2013-12-21 02:14 - 00921985 _____ C:\Users\Administrator\Downloads\dou_1006.zip
2013-12-21 02:14 - 2013-12-21 02:14 - 00000000 ____D C:\Users\Administrator\Downloads\cavestoryen
2013-12-21 01:39 - 2013-12-21 01:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-12-21 01:38 - 2013-12-21 01:38 - 00000000 ____D C:\Windows\system32\Macromed
2013-12-21 01:38 - 2013-12-21 01:38 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-12-21 01:06 - 2013-12-21 01:06 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-21 01:06 - 2013-12-21 01:06 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-21 01:06 - 2013-12-21 01:06 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-21 01:06 - 2013-12-21 01:06 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-21 01:06 - 2013-12-21 01:06 - 00000000 ____D C:\Windows\Sun
2013-12-21 01:06 - 2013-12-21 01:06 - 00000000 ____D C:\ProgramData\Sun
2013-12-21 01:05 - 2013-12-21 01:05 - 00000000 ____D C:\ProgramData\McAfee
2013-12-21 01:03 - 2013-12-21 01:03 - 00915368 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\JavaSetup7u45.exe
2013-12-21 01:03 - 2013-12-21 01:03 - 00675988 _____ C:\Users\Administrator\Documents\Minecraft.exe
2013-12-21 00:26 - 2013-12-21 00:26 - 00000000 ____D C:\Windows\System32\Tasks\Norton AntiVirus
2013-12-21 00:25 - 2013-12-21 00:07 - 00003218 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-12-21 00:25 - 2013-12-21 00:07 - 00002397 _____ C:\Users\Public\Desktop\Norton AntiVirus.lnk
2013-12-21 00:25 - 2013-12-21 00:07 - 00000000 ____D C:\Windows\system32\Drivers\NAVx64
2013-12-21 00:25 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-21 00:08 - 2013-12-21 00:08 - 00000000 ____D C:\Users\Administrator\Documents\Symantec
2013-12-21 00:07 - 2013-12-21 00:07 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-12-21 00:07 - 2013-12-21 00:07 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-12-21 00:07 - 2013-12-21 00:07 - 00000000 ____D C:\ProgramData\Norton
2013-12-21 00:07 - 2013-12-21 00:07 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-21 00:07 - 2013-12-21 00:07 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe
2013-12-21 00:07 - 2013-12-21 00:07 - 00000000 ____D C:\Program Files (x86)\Norton AntiVirus
2013-12-21 00:04 - 2013-12-20 23:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Games
2013-12-20 23:51 - 2013-12-20 23:51 - 00103759 _____ C:\Users\Administrator\Documents\Microphone Test.wma
2013-12-12 14:30 - 2013-12-12 14:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-12-12 14:27 - 2013-12-12 14:27 - 00001300 _____ C:\Users\Administrator\Desktop\Sound Blaster Z-Series Control Panel.lnk
2013-12-12 12:39 - 2013-12-12 12:39 - 00000000 ____D C:\ProgramData\Creative
2013-12-11 20:29 - 2013-12-11 20:29 - 00466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-12-11 20:29 - 2013-12-11 20:29 - 00445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-12-11 20:29 - 2013-12-11 20:29 - 00123480 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-12-11 20:29 - 2013-12-11 20:29 - 00109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-12-11 20:29 - 2013-12-11 20:29 - 00000000 ____D C:\Program Files\Creative
2013-12-11 20:29 - 2013-12-11 20:26 - 00000000 ____D C:\Program Files (x86)\Creative
2013-12-11 20:28 - 2013-12-11 20:28 - 00000000 ____D C:\Users\Public\Creative
2013-12-11 20:28 - 2013-12-11 20:27 - 00000078 ___RH C:\Windows\ctfile.rfc
2013-12-11 20:24 - 2013-12-11 20:23 - 00000021 _____ C:\Users\Administrator\AppData\Roaming\config_data.dat
2013-12-11 20:23 - 2013-12-11 20:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Corsair
2013-12-11 20:23 - 2013-12-11 20:23 - 00000000 ____D C:\Program Files (x86)\Silabs
2013-12-11 19:59 - 2013-12-11 19:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2013-12-11 19:59 - 2013-12-11 19:59 - 00000000 ____D C:\Users\Administrator\Intel
2013-12-11 19:59 - 2013-12-11 19:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2013-12-11 19:59 - 2013-12-11 19:59 - 00000000 ____D C:\ProgramData\Intel
2013-12-11 19:59 - 2013-12-11 19:58 - 00000086 _____ C:\Windows\MEI.log
2013-12-11 19:59 - 2013-12-11 19:58 - 00000000 ____D C:\Program Files\Intel
2013-12-11 19:59 - 2013-12-11 19:53 - 00000000 ____D C:\Program Files (x86)\Intel
2013-12-11 19:59 - 2013-12-11 19:52 - 00060460 _____ C:\Windows\Ascd_log.ini
2013-12-11 19:59 - 2013-12-10 06:30 - 00794900 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-11 19:59 - 2013-12-10 06:27 - 00000000 ____D C:\Users\Administrator
2013-12-11 19:58 - 2013-12-11 19:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\InstallShield
2013-12-11 19:58 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-11 19:56 - 2013-12-11 19:55 - 00000206 _____ C:\audio.log
2013-12-11 19:56 - 2013-12-10 06:25 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-11 19:55 - 2013-12-11 19:55 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-12-11 19:53 - 2013-12-11 19:53 - 00000000 ____D C:\Intel
2013-12-11 19:52 - 2013-12-11 19:52 - 00000000 ____D C:\Windows\AsusInstAll
2013-12-11 19:52 - 2013-12-11 19:52 - 00000000 _____ C:\Windows\Ascd_err.ini
2013-12-11 19:51 - 2013-12-11 19:51 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-12-11 19:50 - 2013-12-11 19:48 - 00044300 _____ C:\Windows\Ascd_tmp.ini
2013-12-11 19:49 - 2013-12-11 19:48 - 00001769 _____ C:\Windows\Language_trs.ini
2013-12-11 19:48 - 2013-12-11 19:48 - 00000000 ____H C:\Windows\system32\Drivers\MsftWdf_user_01_11_00.Wdf
2013-12-11 19:48 - 2013-12-11 19:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_ASMBSW_01_11_00.Wdf
2013-12-11 19:48 - 2013-12-11 19:48 - 00000000 ____D C:\Program Files\ASUS
2013-12-11 19:48 - 2013-12-11 19:48 - 00000000 ____D C:\Program Files (x86)\ASUS
2013-12-11 17:23 - 2013-12-11 15:18 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\NVIDIA
2013-12-11 15:56 - 2013-12-11 11:12 - 00000000 ____D C:\Users\Administrator\Heaven
2013-12-11 15:07 - 2013-12-11 15:06 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-11 15:07 - 2013-12-11 15:06 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-11 15:06 - 2013-12-11 15:06 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-12-11 15:06 - 2013-12-11 15:06 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-11 15:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2013-12-11 11:12 - 2013-12-11 11:12 - 00585728 _____ C:\Users\Administrator\AppData\Local\file__0.localstorage
2013-12-10 06:31 - 2013-12-10 06:31 - 00000000 ____D C:\NVIDIA
2013-12-10 06:30 - 2013-12-10 06:30 - 00001443 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-10 06:30 - 2013-12-10 06:30 - 00001409 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-12-10 06:30 - 2013-12-10 06:30 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-10 06:28 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\restore
2013-12-10 06:27 - 2013-12-10 06:27 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-12-10 06:27 - 2013-12-10 06:27 - 00000000 __SHD C:\Recovery
2013-12-10 06:27 - 2013-12-10 06:24 - 00000000 ____D C:\Windows\Panther
2013-12-10 06:25 - 2013-12-10 06:25 - 00001355 _____ C:\Windows\TSSysprep.log
2013-12-10 06:25 - 2013-12-10 06:25 - 00000000 ____D C:\Program Files\Realtek
2013-12-10 06:25 - 2009-07-13 23:46 - 00002790 _____ C:\Windows\DtcInstall.log
2013-12-10 06:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\sysprep
2013-12-10 06:24 - 2010-11-21 02:16 - 00000000 ____D C:\Windows\CSC
2013-12-10 06:24 - 2009-07-14 00:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2013-12-10 06:24 - 2009-07-14 00:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Administrator\AppData\Local\Temp\nvStInst.exe
C:\Users\Administrator\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Administrator\AppData\Local\Temp\_is29BE.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 10:03

==================== End Of Log ============================

 

Oh, I should also probably mention that now the process will terminate itself, causing both plug and play and dcom launch to fail, causing a computer reboot. This has only happened twice, once last night at about 11:30 (PM), and once this morning, at about 10:15. I'll also attach the other log. Here's the FRST search log:

 

Farbar Recovery Scan Tool (x64) Version: 03-01-2014
Ran by Administrator at 2014-01-03 10:30:49
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0512512 ____A (Microsoft Corporation) 661D6CC5F6CC37CFD966E8013318C519

====== End Of Search ======

 

Best of luck!

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:40 PM

Posted 03 January 2014 - 05:35 PM

Hello,

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 Mr_Blockerson

Mr_Blockerson
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 03 January 2014 - 10:41 PM

[Edit] Okay, the computer's been restarting very very frequently now. Not sure how long I have. The last time, it was only a few minutes after the last restart. Not sure if I'll be able to run any programs, safe mode or not.



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:40 PM

Posted 04 January 2014 - 09:03 AM

Hi,

 

That's weird. You had a patched system file used by the dcom launcher service and we replaced it with a clean copy from the Windows store.

 

Can you please try the following command and let me know about the results...

 

Please click Start Menu > All Programs > Accessories, right click on Command Prompt and select "run as administrator".

Copy/paste the following text at the command prompt and press enter after each line:

 

shutdown /a

 

sfc.exe /scanfile=C:\Windows\System32\rpcss.dll

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

A txt file named sfcdetails.txt should appear on the desktop.

Upload it here and post the link to the log in your next reply.

Reboot the computer in order the changes to take effect
 

Then let me know if the problem still persists.

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 04 January 2014 - 09:03 AM.

cXfZ4wS.png


#7 Mr_Blockerson

Mr_Blockerson
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 04 January 2014 - 02:11 PM

Hey. Sorry that I didn't respond to your post at around 5 yesterday. For whatever reason, it hadn't loaded. Anyways, here's the fixlog you asked for:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2014
Ran by Administrator at 2014-01-04 13:53:21 Run:1
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
2014-01-01 11:18 - 2014-01-01 11:18 - 00037376 _____ C:\Windows\system32\klusa.ygn
2014-01-01 11:08 - 2014-01-03 09:42 - 00000082 _____ C:\Windows\system32\gpcasr.hlr
2014-01-01 11:07 - 2014-01-01 11:18 - 00000098 _____ C:\Windows\system32\narjsaj.mug
2014-01-01 11:07 - 2014-01-01 11:07 - 00000064 _____ C:\Windows\system32\dozzm.axn
2014-01-01 10:52 - 2014-01-01 10:52 - 00219314 ____S C:\Windows\system32\gtophgs.quf
Folder: C:\Intel
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
C:\Users\Administrator\AppData\Local\Temp
end
*****************

C:\Windows\system32\klusa.ygn => Moved successfully.
C:\Windows\system32\gpcasr.hlr => Moved successfully.
Could not move "C:\Windows\system32\narjsaj.mug" => Scheduled to move on reboot.
C:\Windows\system32\dozzm.axn => Moved successfully.
Could not move "C:\Windows\system32\gtophgs.quf" => Scheduled to move on reboot.

========================= Folder: C:\Intel ========================

2013-12-11 19:53 - 2013-12-11 19:58 - 0000000 ____D () C:\Intel\Logs
2013-12-11 19:58 - 2013-12-11 19:59 - 0058568 _____ () C:\Intel\Logs\IntelAMT.log
2013-12-11 19:53 - 2013-12-11 19:54 - 0930770 _____ () C:\Intel\Logs\IntelChipset.log

====== End of Folder: ======

C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

"C:\Users\Administrator\AppData\Local\Temp" directory move:

C:\Users\Administrator\AppData\Local\Temp\164843Log.ini => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\165211Log.ini => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\165509Log.ini => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\ASPNETSetup_00000.log => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\ASPNETSetup_00001.log => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Attach.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\AUCHECK_PARSER.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\config.model.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\configModel.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\cpuz_driver_1300.log => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\cpuz_driver_1428.log => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\cpuz_driver_2168.log => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\cpuz_driver_2268.log => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\DDS.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\dd_SetupUtility.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\dd_vcredistMSI07B6.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\dd_vcredistMSI1627.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\dd_vcredistMSI170F.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\dd_vcredistUI07B6.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\dd_vcredistUI1627.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\dd_vcredistUI170F.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\dd_wcf_CA_smci_20131210_113012_609.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\dd_wcf_CA_smci_20131210_113013_967.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\dd__dotNetFx40_Full_x86_x64_decompression_log.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\DMI31E8.tmp => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\DMIC545.tmp => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
Could not move "C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Administrator\AppData\Local\Temp\HamachiSetup.log => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\JAUReg.log => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\JavaDeployReg.log => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\java_install.log => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\java_install_reg.log => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\java_install_sp.log => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\jawshtml.html => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\jinstall.cfg => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\langs.model.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\langsModel.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\LuUpdater.log => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_20131210_032847262-MSI_netfx_Core_x64.msi.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_20131210_032847262-MSI_netfx_Extended_x64.msi.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_20131210_032847262.html => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20131211_165852359-MSI_vc_red.msi.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20131211_165852359.html => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20131211_165841361-MSI_vc_red.msi.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20131211_165841361.html => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20131224_200758711.html => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20131224_200800848-MSI_vc_red.msi.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20131224_200800848.html => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\MSetup_2013-12-20_234953.log => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\RD539D.tmp => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\RD73D9.tmp => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\RD7F9C.tmp => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\RDB201.tmp => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\RGIEC65.tmp => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\RGIEC65.tmp-tmp => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Set2482.tmp => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Set5724.tmp => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Setup.log => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Skype.msi => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\SkypeToolbars.msi => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\StructuredQuery.log => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\stylers.model.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\stylers_remove.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\stylesGlobalModel.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\stylesLexerModel.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\SYMEVENT.LOG => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\temp.ani => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Tmp3774.tmp => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Uninstall_x64.vbs => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\users00 => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\wmplog00.sqm => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\wmplog01.sqm => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\wmsetup.log => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\_is29BE.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\_isdelet.ini => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\~DF2948ABDDFAF4A48D.TMP => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\~DFACC07481F19EBEA2.TMP => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\~DFD06DA45E44E592A7.TMP => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\~F7B.tmp => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\{D4F7C9CD-B416-498B-9C1B-A1C742441EF7}\{88B1984E-36F0-47B8-B8DC-728966807A9C}\AutoUpd.ini => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\{D4F7C9CD-B416-498B-9C1B-A1C742441EF7}\{88B1984E-36F0-47B8-B8DC-728966807A9C}\CabReg.ini => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\{D4F7C9CD-B416-498B-9C1B-A1C742441EF7}\{88B1984E-36F0-47B8-B8DC-728966807A9C}\Common.dll => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\{D4F7C9CD-B416-498B-9C1B-A1C742441EF7}\{88B1984E-36F0-47B8-B8DC-728966807A9C}\Creative_Installer.ico => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\{D4F7C9CD-B416-498B-9C1B-A1C742441EF7}\{88B1984E-36F0-47B8-B8DC-728966807A9C}\CTCabEx.DLL => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\{D4F7C9CD-B416-498B-9C1B-A1C742441EF7}\{88B1984E-36F0-47B8-B8DC-728966807A9C}\CTShared.ini => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\{D4F7C9CD-B416-498B-9C1B-A1C742441EF7}\{88B1984E-36F0-47B8-B8DC-728966807A9C}\Error.ini => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\{D4F7C9CD-B416-498B-9C1B-A1C742441EF7}\{88B1984E-36F0-47B8-B8DC-728966807A9C}\InstHelp.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\{D4F7C9CD-B416-498B-9C1B-A1C742441EF7}\{88B1984E-36F0-47B8-B8DC-728966807A9C}\RegEdit.dll => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\{D4F7C9CD-B416-498B-9C1B-A1C742441EF7}\{88B1984E-36F0-47B8-B8DC-728966807A9C}\Registry.rgi => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\{D4F7C9CD-B416-498B-9C1B-A1C742441EF7}\{88B1984E-36F0-47B8-B8DC-728966807A9C}\RTFUtil.dll => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\{D4F7C9CD-B416-498B-9C1B-A1C742441EF7}\{88B1984E-36F0-47B8-B8DC-728966807A9C}\Setup.bmp => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\{D4F7C9CD-B416-498B-9C1B-A1C742441EF7}\{88B1984E-36F0-47B8-B8DC-728966807A9C}\Shortcut.sci => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\{D4F7C9CD-B416-498B-9C1B-A1C742441EF7}\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SUPPORT.CAB => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\{D4F7C9CD-B416-498B-9C1B-A1C742441EF7}\{88B1984E-36F0-47B8-B8DC-728966807A9C}\_ISUSER.DLL => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\{D4F7C9CD-B416-498B-9C1B-A1C742441EF7}\{88B1984E-36F0-47B8-B8DC-728966807A9C}\_setup.dll => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\{71B3B76E-64F0-48EA-A582-C878ABFB8FA2}\ISSetup.dll => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\{71B3B76E-64F0-48EA-A582-C878ABFB8FA2}\_Setup.dll => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Temp1_cavestoryen.zip\CaveStory\Doukutsu.exe => Moved successfully.
Could not move "C:\Users\Administrator\AppData\Local\Temp\Skype\DbTemp\temp-dJnAk2CYftVzvzplMSTnMtGg" => Scheduled to move on reboot.
Could not move "C:\Users\Administrator\AppData\Local\Temp\Skype\DbTemp\temp-mIzr9zB8u24xJgUxkqQoAlKN" => Scheduled to move on reboot.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\afrikaans.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\albanian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\arabic.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\aragonese.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\aranese.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\azerbaijani.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\basque.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\belarusian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\bengali.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\bosnian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\brazilian_portuguese.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\bulgarian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\catalan.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\chinese.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\chineseSimplified.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\croatian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\czech.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\danish.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\dutch.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\english.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\english_customizable.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\esperanto.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\extremaduran.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\farsi.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\finnish.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\french.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\friulian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\galician.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\georgian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\german.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\greek.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\hebrew.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\hindi.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\hungarian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\hungarianA.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\indonesian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\italian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\japanese.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\kabyle.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\kazakh.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\korean.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\kyrgyz.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\latvian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\ligurian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\lithuanian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\luxembourgish.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\macedonian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\malay.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\marathi.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\norwegian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\nynorsk.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\occitan.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\polish.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\portuguese.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\romanian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\russian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\samogitian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\sardinian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\serbian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\serbianCyrillic.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\sinhala.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\slovak.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\slovakA.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\slovenian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\spanish.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\spanish_ar.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\swedish.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\tagalog.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\tamil.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\telugu.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\thai.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\turkish.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\ukrainian.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\uyghur.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\uzbek.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\nppLocalization\uzbekCyrillic.xml => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\lu\1_lgs7_c22d_g510s_nogkey.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\lu\1_lgs7_c22d_g510s_nogkey.exe.sig => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\lu\1_lgs7_c22d_g510s_nogkey.exe.sig.part => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\lu\2_lgs7_c531_G700s.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\lu\2_lgs7_c531_G700s.exe.sig => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\lu\2_lgs7_c531_G700s.exe.sig.part => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\LGS-8.51. 5\LGS-8.51. 5.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\LGS-8.51. 5\LGSHlpr.dll => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\LGS-8.51. 5\LGS_Hlpr2.dll => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\LGS-8.51. 5\Upgrade.msi => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\LGS-8.51. 5\vcredist.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\isp5968.tmp\_Setup.dll => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\isp2659.tmp\_Setup.dll => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\IIF73C9.tmp\License.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\IIF73C9.tmp\ReadMeFra.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\IIF73C9.tmp\ReadMeIRST.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\IIF73C9.tmp\ReadMeJpn.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\IIF73C9.tmp\x64\iaahcic.cat => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\IIF73C9.tmp\x64\iaAHCIC.inf => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\IIF73C9.tmp\x64\iaStorA.sys => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\IIF73C9.tmp\x64\iastorac.cat => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\IIF73C9.tmp\x64\iaStorAC.inf => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\IIF73C9.tmp\x64\iaStorF.sys => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\IIF73C9.tmp\x32\iaahcic.cat => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\IIF73C9.tmp\x32\iaAHCIC.inf => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\IIF73C9.tmp\x32\iaStorA.sys => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\IIF73C9.tmp\x32\iastorac.cat => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\IIF73C9.tmp\x32\iaStorAC.inf => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\IIF73C9.tmp\x32\iaStorF.sys => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\index.dat => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\WL4NSORT\desktop.ini => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\TNW5G464\desktop.ini => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\LVHP076G\desktop.ini => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\GJAN5M20\desktop.ini => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\acro_rd_dir\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\acro_rd_dir\History\History.IE5\index.dat => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\acro_rd_dir\Cookies\index.dat => Moved successfully.
Could not move "C:\Users\Administrator\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-04 13:54:23)<=

C:\Windows\system32\narjsaj.mug => Is moved successfully.
C:\Windows\system32\gtophgs.quf => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Skype\DbTemp\temp-dJnAk2CYftVzvzplMSTnMtGg => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Skype\DbTemp\temp-mIzr9zB8u24xJgUxkqQoAlKN => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====

 

And here's the link to the pastebin sfcdetails text: http://pastebin.com/uJvYgWPt

 

Cheers!



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:40 PM

Posted 04 January 2014 - 02:37 PM

Hi,

 

 

Please restart the computer and let me know if this problem continue:

 

[Edit] Okay, the computer's been restarting very very frequently now. Not sure how long I have. The last time, it was only a few minutes after the last restart. Not sure if I'll be able to run any programs, safe mode or not.

 

Regards,

Georgi


cXfZ4wS.png


#9 Mr_Blockerson

Mr_Blockerson
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 04 January 2014 - 04:05 PM

Well, so far, after running farbar with the fix text document, the problem appears to have been fixed, without any ads playing, or an svchost process with an abnormal amount of RAM usage, but I'll still be cautious. I can't thank you enough for your help so far!



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:40 PM

Posted 04 January 2014 - 05:22 PM

Hi,

 

 

Nice to hear there is an improvement.

 

Also I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

 

 

STEP 1

 

 

  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 2
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3

 

 

Please download Malwarebytes Anti-Rootkit mbamicontw5.gif and save it to your desktop.

  • Be sure to print out and follow these instructions for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.

Note: Further documentation on this tool can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit (mbar) folder.

 

 

STEP 4

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 5

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:40 PM

Posted 08 January 2014 - 03:30 PM

Hello,

 

Are you still with me?

 

 

Regards,

Georgi


cXfZ4wS.png


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:40 PM

Posted 11 January 2014 - 05:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users