garytkh

October 12, 2013

Hi MrC,

I found out where the problem was and fixed it!!

Why the browser kept going to Dosearch.com was because the command to do so was hidden in my browser shortcuts.

I found out and fixed it following these instructions:

Right-click your browser’s shortcut. Choose Properties. Go to Shortcut tab and navigate to Target line. There should be only your browser’s directory in the Targetline: Internet Explorer – C:Program FilesInternet Exploreriexplore.exe Mozilla Firefox –C:Program FilesMozilla Firefoxfirefox.exe Google Chrome – C:Program FilesGoogleChromeApplicationchrome.exe

I got it from this website:

http://www.2-removevirus.com/remove-dosearches-com/

Thank you very much for all your advise and help these last few days, I really really appreciate it!

One final question: other than Malwarebytes Anti-Malware, what other program should I keep to regularly scan for malware?

October 12, 2013

Hi MrC,

1. The below-mentioned registry entries are not there, please see attached registry screenshots:

Can you manually go into the registry and change if they're still present:

(You would want to remove the items in bold)

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.dosearche...8&ts=1381309315"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.dosearche...8&ts=1381309315"

2. AdwCleaner and Malwarebytes reports as below:

# AdwCleaner v3.007 - Report created 12/10/2013 at 21:55:30

# Updated 09/10/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : GaryLina - GARYLINA-PC

# Running from : C:\Users\GaryLina\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\GaryLina\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R1].txt - [772 octets] - [11/10/2013 16:49:08]

AdwCleaner[R2].txt - [890 octets] - [11/10/2013 16:51:48]

AdwCleaner[R3].txt - [949 octets] - [11/10/2013 16:56:08]

AdwCleaner[R4].txt - [1008 octets] - [11/10/2013 17:01:18]

AdwCleaner[R5].txt - [1129 octets] - [11/10/2013 17:15:38]

AdwCleaner[R6].txt - [1189 octets] - [11/10/2013 17:16:32]

AdwCleaner[R7].txt - [2067 octets] - [12/10/2013 21:54:06]

AdwCleaner[s1].txt - [832 octets] - [11/10/2013 16:50:28]

AdwCleaner[s2].txt - [1069 octets] - [11/10/2013 17:02:08]

AdwCleaner[s3].txt - [1992 octets] - [12/10/2013 21:55:30]

########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [2052 octets] ##########

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.10.12.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16721

GaryLina :: GARYLINA-PC [administrator]

10/12/2013 9:57:38 PM

mbam-log-2013-10-12 (21-57-38).txt

Scan type: Full scan (C:\|)

Scan options disabled: P2P

Objects scanned: 383619

Time elapsed: 13 minute(s), 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

3. I'm willing to open remote access to my PC if that will better assist your efforts to solve this. Thanks!

October 12, 2013

Hi MrC,

1. FRST report here:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013

Ran by GaryLina at 2013-10-12 10:27:22 Run:1

Running from C:\Users\GaryLina\Desktop\FRST_Main

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.dosearche...8&ts=1381309315

*****************

HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.

==== End of Fixlog ====

2. JRT report here:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.4 (10.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by GaryLina on Sat 10/12/2013 at 12:14:04.09

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\GaryLina\appdata\local\cre"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 10/12/2013 at 12:17:42.56

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

3. Do Search is still there.

4. Question: Is it usually this hard to remove this virus? Getting a bit desperate here

October 11, 2013

Hi MrC,

Here's the latest SystemlLook report:

SystemLook 30.07.11 by jpshortstuff

Log created at 17:41 on 11/10/2013 by GaryLina

Administrator - Elevation successful

========== Filefind ==========

Searching for "dosearches"

No files found.

========== regfind ==========

Searching for "dosearches"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]

@=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=CorsairXNeutronXGTXXSSD_13267904000097560098&ts=1381309315"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\shell\open\command]

@=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=CorsairXNeutronXGTXXSSD_13267904000097560098&ts=1381309315"

-= EOF =-

October 10, 2013

Did exactly everything you said in last post, "Do searches.com" still pops up when I launch browser.

.

October 10, 2013

Hi MrC,

1. For Chrome settings, as per my earlier screenshots, manually setting them to my preferences doesn't resolve the issue.

2. SystemLook report as below.

3. Question: this malware/virus command line contains these words "Corsair Neutron GTX". This is the brand of my RAM. Has the virus somehow affected my RAM hence the difficulty in purging it?

SystemLook 30.07.11 by jpshortstuff

Log created at 00:26 on 11/10/2013 by GaryLina

Administrator - Elevation successful

========== Filefind ==========

Searching for "dosearches"

No files found.

========== regfind ==========

Searching for "dosearches"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]

@=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=CorsairXNeutronXGTXXSSD_13267904000097560098&ts=1381309315"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\shell\open\command]

@=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=CorsairXNeutronXGTXXSSD_13267904000097560098&ts=1381309315"

-= EOF =-

October 10, 2013

Hi MrC,

Thanks for all your help thus far, here's the fixlog.txt.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013

Ran by GaryLina at 2013-10-10 13:03:44 Run:1

Running from C:\

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

CHR HKLM-x32\...\Chrome\Extension: [jekmiciaamoabjccmachncgdfpgfpbfg] - C:\ProgramData\SaveAs\jekmiciaamoabjccmachncgdfpgfpbfg.crx

CHR HKLM-x32\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\GaryLina\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx

*****************

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jekmiciaamoabjccmachncgdfpgfpbfg => Key deleted successfully.

"C:\ProgramData\SaveAs\jekmiciaamoabjccmachncgdfpgfpbfg.crx" => File/Directory not found.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk => Key deleted successfully.

C:\Users\GaryLina\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx => Moved successfully.

==== End of Fixlog ====

October 10, 2013

Hi MrC,

Did everything you said except:

1. Can't find the below to delete (please see screenshot):

CHR HKLM-x32\...\Chrome\Extension: [jekmiciaamoabjccmachncgdfpgfpbfg] - C:\ProgramData\SaveAs\jekmiciaamoabjccmachncgdfpgfpbfg.crx

CHR HKLM-x32\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\GaryLina\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx

1. Problem still persists despite all the steps taken in Chrome (please see screenshots)

Gary

October 10, 2013

Hi MrC,

AdwCleaner report

# AdwCleaner v3.007 - Report created 10/10/2013 at 08:44:46

# Updated 09/10/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : GaryLina - GARYLINA-PC

# Running from : C:\Users\GaryLina\Downloads\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\eSafe

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free window registry repair

Folder Deleted : C:\Users\GaryLina\AppData\Local\Bundled software uninstaller

Folder Deleted : C:\Users\GaryLina\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\GaryLina\AppData\LocalLow\Toolbar4

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1

Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook

Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32D47EA5-9473-4CAD-805D-9999F15D5AE2}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]

Key Deleted : HKCU\Software\BI

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\smartbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\GaryLina\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4303 octets] - [10/10/2013 08:40:34]

AdwCleaner[s0].txt - [4181 octets] - [10/10/2013 08:44:46]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4241 octets] ##########

The Malwarebytes report is also attached here.

FRST Report

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013

Ran by GaryLina (administrator) on GARYLINA-PC on 10-10-2013 08:56:32

Running from C:\Users\GaryLina\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

() C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe

() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)

HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)

BootExecute: autocheck autochk * ?????

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Winsock: Catalog9 01 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)

Winsock: Catalog9 02 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)

Winsock: Catalog9 03 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)

Winsock: Catalog9 04 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)

Winsock: Catalog9 15 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)

Winsock: Catalog9-x64 01 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)

Winsock: Catalog9-x64 02 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)

Winsock: Catalog9-x64 03 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)

Winsock: Catalog9-x64 04 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)

Winsock: Catalog9-x64 15 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

CHR Extension: (Google Docs) - C:\Users\GaryLina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\GaryLina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\GaryLina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\GaryLina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\GaryLina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\GaryLina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR Extension: (Gmail) - C:\Users\GaryLina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR HKLM-x32\...\Chrome\Extension: [jekmiciaamoabjccmachncgdfpgfpbfg] - C:\ProgramData\SaveAs\jekmiciaamoabjccmachncgdfpgfpbfg.crx

CHR HKLM-x32\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\GaryLina\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx

CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx

CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=CorsairXNeutronXGTXXSSD_13267904000097560098&ts=1381309315

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] ()

R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe [947328 2011-12-09] (ASUSTeK Computer Inc.)

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)

R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)

R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()

R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)

R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()

S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

S3 WinRing0_1_2_0; C:\Users\GaryLina\Documents\RealTemp_370\WinRing0x64.sys [14544 2012-03-12] (OpenLibSys.org)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]

S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-10 08:56 - 2013-10-10 08:56 - 00000000 ____D C:\FRST

2013-10-10 08:55 - 2013-10-10 08:55 - 01954124 _____ (Farbar) C:\Users\GaryLina\Downloads\FRST64.exe

2013-10-10 08:40 - 2013-10-10 08:44 - 00000000 ____D C:\AdwCleaner

2013-10-10 08:40 - 2013-10-10 08:40 - 01048960 _____ C:\Users\GaryLina\Downloads\AdwCleaner.exe

2013-10-10 00:11 - 2013-10-10 00:11 - 00019773 _____ C:\Users\GaryLina\Desktop\ComboFix.txt

2013-10-10 00:09 - 2013-10-10 00:09 - 00000546 _____ C:\Windows\PFRO.log

2013-10-10 00:06 - 2013-10-10 00:11 - 00000000 ____D C:\Qoobox

2013-10-10 00:06 - 2013-10-10 00:10 - 00000000 ____D C:\Windows\erdnt

2013-10-10 00:06 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe

2013-10-10 00:06 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe

2013-10-10 00:06 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-10-10 00:06 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-10-10 00:06 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-10-10 00:06 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe

2013-10-10 00:06 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe

2013-10-10 00:06 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe

2013-10-10 00:04 - 2013-10-10 00:05 - 05131844 ____R (Swearware) C:\Users\GaryLina\Downloads\ComboFix.exe

2013-10-09 23:38 - 2013-10-09 23:38 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\GaryLina\Downloads\SpyHunter-Installer.exe

2013-10-09 22:52 - 2013-10-09 22:53 - 12907592 _____ (Malwarebytes Corp.) C:\Users\GaryLina\Downloads\mbar-1.07.0.1005 (1).exe

2013-10-09 20:51 - 2013-10-09 20:51 - 00001858 _____ C:\Users\GaryLina\Desktop\RKreport[0]_S_10092013_205121.txt

2013-10-09 20:50 - 2013-10-09 20:56 - 00000000 ____D C:\Users\GaryLina\Desktop\RK_Quarantine

2013-10-09 20:49 - 2013-10-09 20:49 - 03980800 _____ C:\Users\GaryLina\Downloads\RogueKillerX64.exe

2013-10-09 20:20 - 2013-10-09 20:20 - 00688992 ____R (Swearware) C:\Users\GaryLina\Downloads\dds.scr

2013-10-09 20:20 - 2013-10-09 20:20 - 00014109 _____ C:\Users\GaryLina\Desktop\dds.txt

2013-10-09 20:20 - 2013-10-09 20:20 - 00003994 _____ C:\Users\GaryLina\Desktop\attach.txt

2013-10-09 20:12 - 2013-10-09 23:27 - 00000000 ____D C:\Users\GaryLina\Desktop\mbar

2013-10-09 20:12 - 2013-10-09 23:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-10-09 20:12 - 2013-10-09 20:12 - 12907592 _____ (Malwarebytes Corp.) C:\Users\GaryLina\Downloads\mbar-1.07.0.1005.exe

2013-10-09 18:27 - 2013-10-10 08:45 - 00000280 _____ C:\Windows\setupact.log

2013-10-09 18:27 - 2013-10-09 18:27 - 00000000 _____ C:\Windows\setuperr.log

2013-10-09 18:06 - 2013-10-10 08:45 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-10-09 18:06 - 2013-10-10 00:02 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2013-10-09 18:06 - 2013-08-30 15:48 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2013-10-09 18:06 - 2013-08-30 15:48 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2013-10-09 18:06 - 2013-08-30 15:48 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys

2013-10-09 18:06 - 2013-08-30 15:48 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2013-10-09 18:06 - 2013-08-30 15:48 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2013-10-09 18:06 - 2013-08-30 15:48 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys

2013-10-09 18:06 - 2013-08-30 15:48 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys

2013-10-09 18:06 - 2013-08-30 15:48 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys

2013-10-09 18:06 - 2013-08-30 15:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr

2013-10-09 18:04 - 2013-10-09 18:05 - 00000000 ____D C:\ProgramData\AVAST Software

2013-10-09 18:03 - 2013-10-09 18:04 - 131918888 _____ C:\Users\GaryLina\Downloads\avast_free_antivirus_setup.exe

2013-10-09 17:43 - 2013-10-09 17:43 - 22205064 _____ (Microsoft Corporation) C:\Users\GaryLina\Downloads\Windows-KB890830-x64-V5.5.exe

2013-10-09 17:23 - 2013-10-09 17:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\GaryLina\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-09 17:23 - 2013-10-09 17:23 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-09 17:23 - 2013-10-09 17:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-09 17:23 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-09 16:36 - 2013-10-09 16:36 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-10-09 16:36 - 2013-10-09 16:36 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2013-10-09 16:36 - 2013-10-09 16:36 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-10-09 16:36 - 2013-10-09 16:36 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-10-09 16:36 - 2013-10-09 16:36 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2013-10-09 16:35 - 2013-10-09 16:35 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-10-09 16:35 - 2013-10-09 16:35 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-10-09 16:35 - 2013-10-09 16:35 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-10-09 16:35 - 2013-10-09 16:35 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-10-09 16:35 - 2013-10-09 16:35 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-10-09 16:35 - 2013-10-09 16:35 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-10-09 16:35 - 2013-10-09 16:35 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-10-09 16:35 - 2013-10-09 16:35 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2013-10-09 16:35 - 2013-10-09 16:35 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2013-10-09 16:35 - 2013-10-09 16:35 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-10-09 16:35 - 2013-10-09 16:35 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-10-09 16:35 - 2013-10-09 16:35 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys

2013-10-09 16:35 - 2013-10-09 16:35 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2013-10-09 16:35 - 2013-10-09 16:35 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-10-09 16:35 - 2013-10-09 16:35 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-10-09 16:35 - 2013-10-09 16:35 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-10-09 16:35 - 2013-10-09 16:35 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-10-09 16:35 - 2013-10-09 16:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-10-09 16:34 - 2013-10-09 16:34 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-09 16:34 - 2013-10-09 16:34 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-09 16:34 - 2013-10-09 16:34 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2013-10-09 16:34 - 2013-10-09 16:34 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2013-10-09 16:34 - 2013-10-09 16:34 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-09 16:33 - 2013-10-09 16:33 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-10-09 16:33 - 2013-10-09 16:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-09 16:33 - 2013-10-09 16:33 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-09 16:33 - 2013-10-09 16:33 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2013-10-09 16:33 - 2013-10-09 16:33 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2013-10-09 16:33 - 2013-10-09 16:33 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2013-10-09 16:33 - 2013-10-09 16:33 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-10-09 16:33 - 2013-10-09 16:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-10-09 16:33 - 2013-10-09 16:33 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2013-10-09 16:33 - 2013-10-09 16:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-09 16:33 - 2013-10-09 16:33 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2013-10-09 16:33 - 2013-10-09 16:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2013-10-09 16:33 - 2013-10-09 16:33 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2013-10-09 16:33 - 2013-10-09 16:33 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2013-10-09 16:32 - 2013-10-09 16:32 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-09 16:32 - 2013-10-09 16:32 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-10-09 16:32 - 2013-10-09 16:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-10-09 16:32 - 2013-10-09 16:32 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-10-09 16:32 - 2013-10-09 16:32 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2013-10-09 16:32 - 2013-10-09 16:32 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 16:32 - 2013-10-09 16:32 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-08 17:07 - 2013-10-08 17:07 - 00001541 _____ C:\Users\GaryLina\Desktop\RelicCOH - Shortcut.lnk

2013-10-04 15:16 - 2013-10-04 15:16 - 00000000 ____D C:\Users\GaryLina\AppData\Roaming\Oracle

2013-10-03 22:48 - 2013-10-03 22:48 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}

2013-10-03 21:21 - 2013-10-03 21:21 - 00000000 ____D C:\Program Files (x86)\THQ

2013-10-03 10:17 - 2013-10-03 10:17 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-10-03 10:17 - 2013-10-03 10:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-10-03 10:17 - 2013-10-03 10:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-10-03 10:17 - 2013-10-03 10:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-10-03 10:17 - 2013-10-03 10:17 - 00000000 ____D C:\ProgramData\Oracle

2013-10-03 10:17 - 2013-10-03 10:17 - 00000000 ____D C:\Program Files (x86)\Java

2013-09-27 16:28 - 2013-09-27 16:28 - 57606144 _____ C:\Windows\system32\config\software.iobit

2013-09-27 16:28 - 2013-09-27 16:28 - 00102400 _____ C:\Windows\system32\config\default.iobit

2013-09-27 16:28 - 2013-09-27 16:28 - 00061440 _____ C:\Windows\system32\config\sam.iobit

2013-09-27 16:28 - 2013-09-27 16:28 - 00032768 _____ C:\Windows\system32\config\security.iobit

2013-09-27 16:20 - 2013-09-12 16:58 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2013-09-27 16:20 - 2013-09-12 16:58 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 02630304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2013-09-27 16:20 - 2013-09-12 16:58 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2013-09-27 16:20 - 2013-06-16 20:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys

2013-09-27 16:20 - 2013-06-16 20:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll

2013-09-26 13:40 - 2013-09-26 13:40 - 00140429 _____ C:\Users\GaryLina\Documents\Gary Teo_Summary.pptx

2013-09-13 19:42 - 2013-09-13 19:42 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-09-13 19:42 - 2013-09-13 19:42 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-09-13 19:42 - 2013-09-13 19:42 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-09-13 19:42 - 2013-09-13 19:42 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2013-09-13 19:42 - 2013-09-13 19:42 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2013-09-13 19:42 - 2013-09-13 19:42 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-09-13 19:42 - 2013-09-13 19:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-09-13 19:42 - 2013-09-13 19:42 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-09-13 19:42 - 2013-09-13 19:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2013-09-13 19:42 - 2013-09-13 19:42 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-09-13 19:42 - 2013-09-13 19:42 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2013-09-13 19:42 - 2013-09-13 19:42 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-09-13 19:42 - 2013-09-13 19:42 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-09-13 19:42 - 2013-09-13 19:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2013-09-13 19:42 - 2013-09-13 19:42 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2013-09-13 19:42 - 2013-09-13 19:42 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-09-13 19:42 - 2013-09-13 19:42 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-09-13 19:42 - 2013-09-13 19:42 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-09-13 19:42 - 2013-09-13 19:42 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2013-09-13 19:42 - 2013-09-13 19:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-09-13 19:42 - 2013-09-13 19:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-09-13 19:42 - 2013-09-13 19:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-09-13 19:40 - 2013-08-05 10:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys

2013-09-13 19:40 - 2013-08-02 10:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2013-09-13 19:40 - 2013-08-02 10:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2013-09-13 19:40 - 2013-08-02 10:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-09-13 19:40 - 2013-08-02 09:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 09:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2013-09-13 19:40 - 2013-08-02 08:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2013-09-13 19:40 - 2013-08-02 08:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 08:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 08:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-13 19:40 - 2013-08-02 08:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-13 19:40 - 2013-07-26 10:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2013-09-13 19:40 - 2013-07-26 10:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2013-09-13 19:40 - 2013-07-26 09:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-09-13 19:40 - 2013-07-26 09:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-09-11 19:15 - 2013-09-11 19:25 - 00000000 ____D C:\Users\GaryLina\Desktop\TES4Edit_3_0_30_EXPERIMENTAL-11536-3-0-30EXP

2013-09-10 01:05 - 2013-09-10 01:05 - 00000000 ____D C:\BOSS

==================== One Month Modified Files and Folders =======

2013-10-10 08:56 - 2013-10-10 08:56 - 00000000 ____D C:\FRST

2013-10-10 08:55 - 2013-10-10 08:55 - 01954124 _____ (Farbar) C:\Users\GaryLina\Downloads\FRST64.exe

2013-10-10 08:52 - 2009-07-14 12:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-10 08:52 - 2009-07-14 12:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-10 08:50 - 2009-07-14 13:13 - 00795858 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-10 08:48 - 2013-07-28 22:48 - 01027770 _____ C:\Windows\WindowsUpdate.log

2013-10-10 08:45 - 2013-10-09 18:27 - 00000280 _____ C:\Windows\setupact.log

2013-10-10 08:45 - 2013-10-09 18:06 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-10-10 08:45 - 2013-06-22 18:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-10 08:45 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-10 08:44 - 2013-10-10 08:40 - 00000000 ____D C:\AdwCleaner

2013-10-10 08:40 - 2013-10-10 08:40 - 01048960 _____ C:\Users\GaryLina\Downloads\AdwCleaner.exe

2013-10-10 00:11 - 2013-10-10 00:11 - 00019773 _____ C:\Users\GaryLina\Desktop\ComboFix.txt

2013-10-10 00:11 - 2013-10-10 00:06 - 00000000 ____D C:\Qoobox

2013-10-10 00:11 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Default

2013-10-10 00:10 - 2013-10-10 00:06 - 00000000 ____D C:\Windows\erdnt

2013-10-10 00:10 - 2009-07-14 10:34 - 00000215 _____ C:\Windows\system.ini

2013-10-10 00:09 - 2013-10-10 00:09 - 00000546 _____ C:\Windows\PFRO.log

2013-10-10 00:05 - 2013-10-10 00:04 - 05131844 ____R (Swearware) C:\Users\GaryLina\Downloads\ComboFix.exe

2013-10-10 00:02 - 2013-10-09 18:06 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2013-10-10 00:02 - 2012-06-02 16:41 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk

2013-10-09 23:59 - 2013-06-22 18:48 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-09 23:45 - 2012-03-16 03:31 - 00000000 ____D C:\Program Files (x86)\Steam

2013-10-09 23:38 - 2013-10-09 23:38 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\GaryLina\Downloads\SpyHunter-Installer.exe

2013-10-09 23:27 - 2013-10-09 20:12 - 00000000 ____D C:\Users\GaryLina\Desktop\mbar

2013-10-09 23:27 - 2013-10-09 20:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-10-09 22:53 - 2013-10-09 22:52 - 12907592 _____ (Malwarebytes Corp.) C:\Users\GaryLina\Downloads\mbar-1.07.0.1005 (1).exe

2013-10-09 22:33 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache

2013-10-09 20:56 - 2013-10-09 20:50 - 00000000 ____D C:\Users\GaryLina\Desktop\RK_Quarantine

2013-10-09 20:51 - 2013-10-09 20:51 - 00001858 _____ C:\Users\GaryLina\Desktop\RKreport[0]_S_10092013_205121.txt

2013-10-09 20:49 - 2013-10-09 20:49 - 03980800 _____ C:\Users\GaryLina\Downloads\RogueKillerX64.exe

2013-10-09 20:20 - 2013-10-09 20:20 - 00688992 ____R (Swearware) C:\Users\GaryLina\Downloads\dds.scr

2013-10-09 20:20 - 2013-10-09 20:20 - 00014109 _____ C:\Users\GaryLina\Desktop\dds.txt

2013-10-09 20:20 - 2013-10-09 20:20 - 00003994 _____ C:\Users\GaryLina\Desktop\attach.txt

2013-10-09 20:12 - 2013-10-09 20:12 - 12907592 _____ (Malwarebytes Corp.) C:\Users\GaryLina\Downloads\mbar-1.07.0.1005.exe

2013-10-09 18:27 - 2013-10-09 18:27 - 00000000 _____ C:\Windows\setuperr.log

2013-10-09 18:26 - 2012-03-11 19:34 - 00000000 ____D C:\Users\GaryLina

2013-10-09 18:25 - 2012-03-12 11:17 - 00000000 ____D C:\Windows\Panther

2013-10-09 18:06 - 2012-05-20 10:47 - 00000000 _____ C:\Windows\SysWOW64\config.nt

2013-10-09 18:05 - 2013-10-09 18:04 - 00000000 ____D C:\ProgramData\AVAST Software

2013-10-09 18:05 - 2012-05-20 10:47 - 00000000 ____D C:\Program Files\AVAST Software

2013-10-09 18:04 - 2013-10-09 18:03 - 131918888 _____ C:\Users\GaryLina\Downloads\avast_free_antivirus_setup.exe

2013-10-09 17:43 - 2013-10-09 17:43 - 22205064 _____ (Microsoft Corporation) C:\Users\GaryLina\Downloads\Windows-KB890830-x64-V5.5.exe

2013-10-09 17:41 - 2009-07-14 12:45 - 00275712 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-09 17:23 - 2013-10-09 17:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\GaryLina\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-09 17:23 - 2013-10-09 17:23 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-10-09 17:23 - 2013-10-09 17:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-09 17:01 - 2013-08-04 21:54 - 00002501 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-10-09 17:01 - 2012-03-11 19:35 - 00001743 _____ C:\Users\GaryLina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk