Invaded by ScorpionSaver

Djangolang · November 29, 2013

I thought I could get rid of it with Malwarebytes and CCleaner. No such luck. I have no idea why Norton and other programs do not count this as a fulfledged invasion. Please help, I will be glad to donate generously.

MrCharlie · November 29, 2013

Welcome to the forum, please start here:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Last..........

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC

Djangolang · November 30, 2013

# AdwCleaner v3.013 - Report created 29/11/2013 at 19:20:12

# Updated 24/11/2013 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : ru_exp - VULCAN

# Running from : C:\Users\ru_exp\Desktop\Spyware die\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\MyPC Backup

Folder Deleted : C:\Users\ru_exp\AppData\Roaming\Advanced System Protector

Folder Deleted : C:\Users\ru_exp\AppData\Roaming\Systweak

Folder Deleted : C:\Users\ru_exp\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl

File Deleted : C:\Windows\System32\roboot64.exe

File Deleted : C:\Users\ru_exp\AppData\Roaming\Mozilla\Firefox\Profiles\7itkt919.default\searchplugins\conduit-search.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Key Deleted : HKCU\Software\FLEXnet

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKLM\Software\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\ru_exp\AppData\Roaming\Mozilla\Firefox\Profiles\7itkt919.default\prefs.js ]

Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);

Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);

Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

Line Deleted : user_pref("extensions.helperbar.Visibility", false);

Line Deleted : user_pref("extensions.helperbar.countryiso", "us");

Line Deleted : user_pref("extensions.helperbar.downloadprovider", "ry_707");

Line Deleted : user_pref("extensions.helperbar.installationid", "6bef19f4-2838-b91d-786a-e44e6d0b95df");

Line Deleted : user_pref("extensions.helperbar.installdate", "09/11/2013");

Line Deleted : user_pref("extensions.helperbar.publisher", "quickobrw");

-\\ Google Chrome v

[ File : C:\Users\ru_exp\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3208 octets] - [29/11/2013 19:10:21]

AdwCleaner[s0].txt - [3104 octets] - [29/11/2013 19:20:12]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3164 octets] ##########

Djangolang · November 30, 2013

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.11.30.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16428

ru_exp :: VULCAN [administrator]

11/29/2013 7:26:12 PM

MBAM-log-2013-11-29 (19-30-52).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 231535

Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Detected: 1

C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe (PUP.Optional.ScorpionSaver) -> 2096 -> No action taken.

Memory Modules Detected: 1

C:\Program Files\ScorpionSaver Services\PCProxyDLL.dll (PUP.Optional.ScorpionSaver) -> No action taken.

Registry Keys Detected: 7

HKCR\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> No action taken.

HKCR\Wow6432Node\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> No action taken.

HKLM\SOFTWARE\Wow6432Node\Adpeak, Inc. (PUP.Optional.Adpeak) -> No action taken.

HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Adpeak, Inc. (PUP.Optional.Adpeak) -> No action taken.

HKCR\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774} (PUP.Optional.ScorpionSaver) -> No action taken.

HKCR\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} (PUP.Optional.ScorpionSaver) -> No action taken.

HKLM\SYSTEM\CurrentControlSet\Services\AdpeakProxy (PUP.Optional.ScorpionSaver) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\Program Files\ScorpionSaver Services (PUP.Optional.ScorpionSaver) -> No action taken.

Files Detected: 13

C:\Program Files\ScorpionSaver Services\AdpeakProxy.dll (PUP.Optional.ScorpionSaver) -> No action taken.

C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe (PUP.Optional.ScorpionSaver) -> No action taken.

C:\Program Files\ScorpionSaver Services\AdpeakProxy64.dll (PUP.Optional.ScorpionSaver) -> No action taken.

C:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.exe (PUP.Optional.ScorpionSaver) -> No action taken.

C:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.ini (PUP.Optional.ScorpionSaver) -> No action taken.

C:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP64.exe (PUP.Optional.ScorpionSaver) -> No action taken.

C:\Program Files\ScorpionSaver Services\Installbat.dll (PUP.Optional.ScorpionSaver) -> No action taken.

C:\Program Files\ScorpionSaver Services\Installbat64.dll (PUP.Optional.ScorpionSaver) -> No action taken.

C:\Program Files\ScorpionSaver Services\InstallDLL.dll (PUP.Optional.ScorpionSaver) -> No action taken.

C:\Program Files\ScorpionSaver Services\InstallDLL64.dll (PUP.Optional.ScorpionSaver) -> No action taken.

C:\Program Files\ScorpionSaver Services\Microsoft.Deployment.WindowsInstaller.dll (PUP.Optional.ScorpionSaver) -> No action taken.

C:\Program Files\ScorpionSaver Services\Microsoft.Deployment.WindowsInstaller.xml (PUP.Optional.ScorpionSaver) -> No action taken.

C:\Program Files\ScorpionSaver Services\PCProxyDLL.dll (PUP.Optional.ScorpionSaver) -> No action taken.

(end)

Djangolang · November 30, 2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-11-2013

Ran by ru_exp (administrator) on VULCAN on 29-11-2013 19:35:12

Running from C:\Users\ru_exp\Desktop\Spyware die

Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\HMService\aaHM.exe

() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe

(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Visioneer Inc.) C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

() C:\Users\ru_exp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe

(Belkin Corporation) C:\Program Files (x86)\Belkin\Nostromo\nost_LM.exe

(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Direct Link\AsCmd.exe

(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe

() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe

(Google Inc.) C:\Users\ru_exp\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2010-02-08] (Intel Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11048040 2010-07-22] (Realtek Semiconductor)

HKLM\...\Run: [THXCfg64] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1680976 2010-10-28] (Logitech, Inc.)

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

HKCU\...\Run: [igndlm.exe] - C:\Program Files (x86)\Download Manager\DLM.exe [1103216 2009-10-27] (IGN Entertainment)

HKCU\...\Run: [Google Update] - C:\Users\ru_exp\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-16] (Google Inc.)

HKCU\...\Run: [Amazon Cloud Player] - C:\Users\ru_exp\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-07-21] ()

HKCU\...\Run: [NETGEARGenie] - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()

MountPoints2: {5979047a-f0b8-11e2-9da6-bcaec53894cd} - H:\VZW_Software_upgrade_assistant.exe

MountPoints2: {68a80014-e4c3-11e2-bae7-bcaec53894cd} - H:\VZW_Software_upgrade_assistant.exe

MountPoints2: {a1af663a-4fac-11e2-be0a-bcaec53894cd} - H:\VZW_Software_upgrade_assistant_installer.exe

MountPoints2: {a1af663b-4fac-11e2-be0a-bcaec53894cd} - H:\VZW_Software_upgrade_assistant.exe

MountPoints2: {a1af6640-4fac-11e2-be0a-bcaec53894cd} - H:\VZW_Software_upgrade_assistant.exe

HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2009-12-24] ()

HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe [1349632 2010-06-11] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] - C:\Windows\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [ASUS AI Direct Link Command Execute] - C:\Program Files (x86)\ASUS\AI Suite II\AI Direct Link\AsCmd.exe [383104 2010-05-18] (ASUSTeK Computer Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-01] (Logitech Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [PDF8 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe [178576 2012-10-23] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PDFProHook] - C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe [2013072 2012-10-23] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [Nuance PDF Converter Professional 8-reminder] - C:\ProgramData\Nuance\PDF Converter Professional 8\Ereg\Ereg.ini [407 2013-11-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x06E930B907E4CB01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\PlusIEContextMenu.dll (Zeon Corporation)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: ZeonIEEventHelper Class - {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\gzeoniefavclient.dll (Zeon Corporation)

BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\gzeoniefavclient.dll (Zeon Corporation)

DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF ProfilePath: C:\Users\ru_exp\AppData\Roaming\Mozilla\Firefox\Profiles\7itkt919.default

FF NewTab: about:blank

FF SelectedSearchEngine: Google

FF Homepage: www.google.com

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()

FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @fileplanet.com/fpdlm - C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @meadco.com/neptune plugin,version=2.0.0.29 - C:\PROGRA~2\MEADCO~1\npmeadax.dll (MeadCo Corp.)

FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\ru_exp\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\ru_exp\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Extension: Free Download Manager plugin - C:\Users\ru_exp\AppData\Roaming\Mozilla\Firefox\Profiles\7itkt919.default\Extensions\fdm_ffext@freedownloadmanager.org

FF Extension: DownloadHelper - C:\Users\ru_exp\AppData\Roaming\Mozilla\Firefox\Profiles\7itkt919.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF Extension: firefox - C:\Users\ru_exp\AppData\Roaming\Mozilla\Firefox\Profiles\7itkt919.default\Extensions\firefox@ghostery.com.xpi

FF Extension: nuance - C:\Users\ru_exp\AppData\Roaming\Mozilla\Firefox\Profiles\7itkt919.default\Extensions\nuance@pdf8

FF Extension: noscript - C:\Users\ru_exp\AppData\Roaming\Mozilla\Firefox\Profiles\7itkt919.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF Extension: Adblock Plus - C:\Users\ru_exp\AppData\Roaming\Mozilla\Firefox\Profiles\7itkt919.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: dta - C:\Users\ru_exp\AppData\Roaming\Mozilla\Firefox\Profiles\7itkt919.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

FF Extension: downloadmgr - C:\Users\ru_exp\AppData\Roaming\Mozilla\Firefox\Profiles\7itkt919.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF

Chrome:

=======

CHR Extension: (WGT Golf Challenge) - C:\Users\ru_exp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\45.0.0_0

CHR Extension: (Norton Identity Protection) - C:\Users\ru_exp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0

CHR Extension: (Google Wallet) - C:\Users\ru_exp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)

R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [512504 2013-11-25] ()

R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)

R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)

R2 OneTouch 4.0 Monitor; C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe [225280 2011-03-10] (Visioneer Inc.)

R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-31] ()

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()

R3 bcgame; C:\Windows\System32\drivers\bcgame.sys [35328 2007-08-14] (Belkin Corporation)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)

R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131128.001\IDSvia64.sys [521816 2013-10-31] (Symantec Corporation)

R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131129.001\ENG64.SYS [126040 2013-11-16] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131129.001\EX64.SYS [2099288 2013-11-16] (Symantec Corporation)

R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-08-21] (CACE Technologies, Inc.)

S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [13416 2010-10-08] ()

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)

S3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2013-07-17] ()

S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)

S3 cpuz130; \??\C:\Users\ru_exp\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]

S3 tsusbhub; system32\drivers\tsusbhub.sys [x]

S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-29 19:34 - 2013-11-29 19:34 - 00000000 ____D C:\FRST

2013-11-29 19:09 - 2013-11-29 19:20 - 00000000 ____D C:\AdwCleaner

2013-11-29 17:19 - 2013-11-29 19:35 - 00000000 ____D C:\Users\ru_exp\Desktop\Spyware die

2013-11-29 13:55 - 2013-11-29 13:55 - 03821064 _____ C:\Users\ru_exp\Downloads\battlelog-web-plugins_2.3.2_130.exe

2013-11-29 13:43 - 2013-11-29 19:09 - 00000000 ____D C:\Users\ru_exp\Downloads\14242012

2013-11-28 00:26 - 2013-11-28 04:57 - 00000000 ____D C:\Users\ru_exp\Downloads\14232012

2013-11-27 18:39 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll

2013-11-27 18:39 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll

2013-11-26 17:19 - 2013-11-26 18:30 - 00000000 ____D C:\Users\ru_exp\Downloads\14222012

2013-11-26 17:14 - 2013-11-26 17:15 - 00139264 _____ C:\Users\ru_exp\Downloads\SystemLook.exe

2013-11-26 17:07 - 2013-11-26 17:07 - 00000000 ____D C:\Program Files\Level Quality Watcher

2013-11-26 02:27 - 2013-11-26 03:41 - 00000000 ____D C:\Users\ru_exp\Downloads\14212012

2013-11-24 23:41 - 2013-11-24 23:44 - 24191678 _____ C:\Users\ru_exp\Desktop\480P_400k_16678991.mp4

2013-11-24 23:39 - 2013-11-24 23:58 - 170276230 _____ C:\Users\ru_exp\Desktop\480P_600K_14549801.mp4

2013-11-24 23:38 - 2013-11-24 23:48 - 86844387 _____ C:\Users\ru_exp\Desktop\480P_400K_14838501.mp4

2013-11-24 23:31 - 2013-11-24 23:51 - 00000000 ____D C:\Users\ru_exp\Downloads\14202012

2013-11-24 01:04 - 2013-11-24 06:53 - 00000000 ____D C:\Users\ru_exp\Downloads\14192012

2013-11-23 13:59 - 2013-11-24 01:02 - 00000000 ____D C:\Users\ru_exp\Downloads\14182012

2013-11-23 13:45 - 2013-11-23 13:45 - 01071224 _____ (Solid State Networks) C:\Users\ru_exp\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe

2013-11-23 02:32 - 2013-11-23 03:35 - 00000000 ____D C:\Users\ru_exp\Downloads\14172012

2013-11-23 02:18 - 2013-11-29 19:32 - 00010532 _____ C:\Windows\PFRO.log

2013-11-21 01:45 - 2013-11-22 05:16 - 00000000 ____D C:\Users\ru_exp\Downloads\14162012

2013-11-20 03:36 - 2013-11-21 02:11 - 00000000 ____D C:\Users\ru_exp\Downloads\14152012

2013-11-20 03:15 - 2013-11-20 03:15 - 00205733 _____ C:\Users\ru_exp\Documents\Photo by theeonlyranzi7.htm

2013-11-20 03:15 - 2013-11-20 03:15 - 00000000 ____D C:\Users\ru_exp\Documents\Photo by theeonlyranzi7_files

2013-11-20 03:14 - 2013-11-20 03:14 - 00224412 _____ C:\Users\ru_exp\Documents\Photo by theeonlyranzi6.htm

2013-11-20 03:14 - 2013-11-20 03:14 - 00000000 ____D C:\Users\ru_exp\Documents\Photo by theeonlyranzi6_files

2013-11-20 03:13 - 2013-11-20 03:13 - 00217289 _____ C:\Users\ru_exp\Documents\Photo by theeonlyranzi5.htm

2013-11-20 03:13 - 2013-11-20 03:13 - 00203047 _____ C:\Users\ru_exp\Documents\Photo by theeonlyranzi4.htm

2013-11-20 03:13 - 2013-11-20 03:13 - 00000000 ____D C:\Users\ru_exp\Documents\Photo by theeonlyranzi5_files

2013-11-20 03:13 - 2013-11-20 03:13 - 00000000 ____D C:\Users\ru_exp\Documents\Photo by theeonlyranzi4_files

2013-11-20 03:12 - 2013-11-20 03:12 - 00219774 _____ C:\Users\ru_exp\Documents\Photo by theeonlyranzi3.htm

2013-11-20 03:12 - 2013-11-20 03:12 - 00000000 ____D C:\Users\ru_exp\Documents\Photo by theeonlyranzi3_files

2013-11-20 03:11 - 2013-11-20 03:11 - 00211178 _____ C:\Users\ru_exp\Documents\Photo by theeonlyranzi2.htm

2013-11-20 03:11 - 2013-11-20 03:11 - 00000000 ____D C:\Users\ru_exp\Documents\Photo by theeonlyranzi2_files

2013-11-20 03:10 - 2013-11-20 03:10 - 00220372 _____ C:\Users\ru_exp\Documents\Photo by theeonlyranzi.htm

2013-11-20 03:10 - 2013-11-20 03:10 - 00000000 ____D C:\Users\ru_exp\Documents\Photo by theeonlyranzi_files

2013-11-20 03:06 - 2013-11-14 05:55 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2013-11-20 03:06 - 2013-11-14 05:55 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2013-11-20 03:06 - 2013-11-14 05:55 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2013-11-19 00:13 - 2013-11-19 00:57 - 00000000 ____D C:\Users\ru_exp\Downloads\14142012

2013-11-18 00:39 - 2013-11-18 00:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-11-17 15:57 - 2013-11-08 14:47 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

2013-11-17 15:57 - 2013-11-08 14:47 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2013-11-17 15:56 - 2013-11-17 15:56 - 00001351 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

2013-11-17 15:56 - 2013-11-17 15:56 - 00000000 ____D C:\Users\ru_exp\AppData\Local\NVIDIA

2013-11-17 15:54 - 2013-11-17 15:54 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini

2013-11-17 15:54 - 2011-10-31 09:43 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help

2013-11-17 15:54 - 2009-07-13 22:54 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-11-17 15:54 - 2009-07-13 22:49 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-11-17 15:53 - 2013-11-14 05:55 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2013-11-17 15:53 - 2013-10-23 04:30 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll

2013-11-17 15:53 - 2013-10-23 04:30 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll

2013-11-17 15:53 - 2013-09-27 17:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2013-11-17 15:53 - 2013-09-27 17:01 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

2013-11-17 15:53 - 2013-09-27 17:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2013-11-17 15:53 - 2013-01-29 02:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll

2013-11-17 15:01 - 2013-11-29 04:11 - 00000000 ____D C:\Users\ru_exp\Documents\vbo53

2013-11-17 14:44 - 2013-11-18 00:14 - 00000000 ____D C:\Users\ru_exp\Downloads\14132012

2013-11-16 16:58 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE

2013-11-16 16:57 - 2013-11-16 16:57 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-11-16 16:57 - 2013-11-16 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-11-16 16:57 - 2013-11-16 16:57 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-11-16 16:57 - 2013-11-16 16:57 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-11-16 16:57 - 2013-11-16 16:57 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2013-11-16 16:57 - 2013-11-16 16:57 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-11-16 16:57 - 2013-11-16 16:57 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2013-11-16 16:57 - 2013-11-16 16:57 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-11-16 16:57 - 2013-11-16 16:57 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-11-16 16:57 - 2013-11-16 16:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-11-16 16:57 - 2013-11-16 16:57 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2013-11-16 16:57 - 2013-11-16 16:57 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-11-16 16:57 - 2013-11-16 16:57 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2013-11-16 16:57 - 2013-11-16 16:57 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-11-16 16:57 - 2013-11-16 16:57 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-11-16 16:57 - 2013-11-16 16:57 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-11-16 16:57 - 2013-11-16 16:57 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2013-11-16 16:57 - 2013-11-16 16:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2013-11-16 16:57 - 2013-11-16 16:57 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-11-16 16:57 - 2013-11-16 16:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2013-11-16 16:57 - 2013-11-16 16:57 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-11-16 16:57 - 2013-11-16 16:57 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-16 16:57 - 2013-11-16 16:57 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-11-16 16:57 - 2013-11-16 16:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-11-16 16:57 - 2013-11-16 16:57 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2013-11-16 16:57 - 2013-11-16 16:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-11-16 16:57 - 2013-11-16 16:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-11-16 16:57 - 2013-11-16 16:57 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-11-16 16:57 - 2013-11-16 16:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2013-11-16 16:56 - 2013-11-16 16:56 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-11-16 16:56 - 2013-11-16 16:56 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-11-16 16:56 - 2013-11-16 16:56 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-11-16 16:56 - 2013-11-16 16:56 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-11-16 16:56 - 2013-11-16 16:56 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-11-16 16:56 - 2013-11-16 16:56 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-11-16 16:56 - 2013-11-16 16:56 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-11-16 16:56 - 2013-11-16 16:56 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-11-16 16:56 - 2013-11-16 16:56 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2013-11-16 16:56 - 2013-11-16 16:56 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2013-11-16 16:56 - 2013-11-16 16:56 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-11-16 16:56 - 2013-11-16 16:56 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-11-16 16:56 - 2013-11-16 16:56 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2013-11-16 16:56 - 2013-11-16 16:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-11-16 16:56 - 2013-11-16 16:56 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-11-16 16:56 - 2013-11-16 16:56 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-11-16 16:56 - 2013-11-16 16:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-11-16 16:56 - 2013-11-16 16:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-11-16 16:55 - 2013-11-16 16:55 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll

2013-11-16 16:55 - 2013-11-16 16:55 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-11-16 16:54 - 2013-11-16 16:58 - 00009487 _____ C:\Windows\IE11_main.log

2013-11-16 15:51 - 2013-11-29 19:33 - 00004278 _____ C:\Windows\setupact.log

2013-11-16 15:51 - 2013-11-16 15:51 - 00000000 _____ C:\Windows\setuperr.log

2013-11-16 15:44 - 2013-11-16 15:44 - 00003234 _____ C:\Users\ru_exp\cc_20131116_154436.reg

2013-11-15 22:33 - 2013-10-11 20:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2013-11-15 22:33 - 2013-10-11 20:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2013-11-15 22:33 - 2013-10-11 20:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2013-11-15 22:33 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2013-11-15 22:33 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2013-11-15 22:33 - 2013-10-05 14:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-11-15 22:33 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-11-15 22:33 - 2013-10-02 20:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2013-11-15 22:33 - 2013-10-02 20:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2013-11-15 22:33 - 2013-09-27 19:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-11-15 22:33 - 2013-09-24 20:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2013-11-15 22:33 - 2013-09-24 20:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2013-11-15 22:33 - 2013-09-24 20:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2013-11-15 22:33 - 2013-09-24 20:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2013-11-15 22:33 - 2013-09-24 20:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2013-11-15 22:33 - 2013-09-24 20:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2013-11-15 22:33 - 2013-09-24 20:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2013-11-15 22:33 - 2013-09-24 20:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2013-11-15 22:33 - 2013-09-24 19:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2013-11-15 22:33 - 2013-09-24 19:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-11-15 22:33 - 2013-09-24 19:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2013-11-15 22:33 - 2013-09-24 19:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-11-15 22:33 - 2013-09-24 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2013-11-15 22:33 - 2013-07-04 06:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2013-11-15 21:26 - 2013-11-15 21:26 - 00005518 _____ C:\Users\ru_exp\cc_20131115_212632.reg

2013-11-15 21:25 - 2013-11-15 21:25 - 00246082 _____ C:\Users\ru_exp\cc_20131115_212521.reg

2013-11-15 18:09 - 2013-11-24 19:46 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver

2013-11-15 16:39 - 2013-11-15 16:39 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2013-11-15 16:39 - 2013-11-15 16:39 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk

2013-11-15 16:39 - 2013-11-15 16:39 - 00000000 ____D C:\Program Files\CCleaner

2013-11-15 16:37 - 2013-11-15 16:37 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-11-15 16:37 - 2013-11-15 16:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-15 16:37 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-11-14 22:35 - 2013-11-15 18:01 - 00000000 ____D C:\Users\ru_exp\Downloads\14122012

2013-11-12 11:18 - 2013-11-12 11:18 - 00000000 ____D C:\Program Files (x86)\Macrovision Corporation

2013-11-11 23:15 - 2013-11-12 12:10 - 00000000 ____D C:\Users\ru_exp\Downloads\14112012

2013-11-11 21:52 - 2013-11-11 22:05 - 02347709 _____ C:\Users\ru_exp\Desktop\Brasher Diversity_PowerPoint.pptx

2013-11-11 08:59 - 2013-11-11 08:59 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2013-11-10 22:24 - 2013-11-10 23:12 - 00000000 ____D C:\Users\ru_exp\Downloads\14102012

2013-11-10 00:36 - 2013-11-10 15:56 - 00000000 ____D C:\Users\ru_exp\Downloads\14092012

2013-11-09 18:47 - 2013-11-09 18:47 - 00218502 _____ C:\Users\ru_exp\Desktop\This charming charlie.htm

2013-11-09 18:47 - 2013-11-09 18:47 - 00000000 ____D C:\Users\ru_exp\Desktop\This charming charlie_files

2013-11-09 16:10 - 2013-11-10 21:35 - 00000000 ____D C:\Users\ru_exp\Desktop\OFCCP

2013-11-09 15:17 - 2013-11-09 15:17 - 00000000 ____D C:\Users\ru_exp\AppData\Roaming\Nuance

2013-11-09 15:05 - 2013-11-09 15:05 - 00000000 ____D C:\Users\ru_exp\AppData\Roaming\FLEXnet

2013-11-09 15:04 - 2013-11-09 15:13 - 00000000 ____D C:\Users\ru_exp\AppData\Local\Nuance

2013-11-09 15:02 - 2013-11-09 15:12 - 00000000 ____D C:\ProgramData\Nuance

2013-11-09 15:02 - 2013-11-09 15:04 - 00000000 ____D C:\Users\ru_exp\AppData\Roaming\Zeon

2013-11-09 15:02 - 2013-11-09 15:02 - 00001109 _____ C:\Users\Public\Desktop\PDF Converter Professional.lnk

2013-11-09 15:02 - 2013-11-09 15:02 - 00000000 ____D C:\Windows\PIXTRAN

2013-11-09 15:01 - 2013-11-09 15:01 - 00000000 ____D C:\ProgramData\Zeon

2013-11-09 15:01 - 2013-11-09 15:01 - 00000000 ____D C:\ProgramData\Macrovision

2013-11-09 15:01 - 2013-11-09 15:01 - 00000000 ____D C:\Program Files (x86)\Nuance

2013-11-09 13:49 - 2013-11-09 13:49 - 00000000 ____D C:\Users\ru_exp\AppData\Local\Spoon

2013-11-09 13:46 - 2013-11-09 13:46 - 00000000 ____D C:\Users\ru_exp\AppData\Roaming\Free PDF Solutions

2013-11-09 02:32 - 2013-11-12 12:12 - 00000000 ____D C:\Users\ru_exp\Documents\vbo52

2013-11-09 01:30 - 2013-11-09 02:29 - 00000000 ____D C:\Users\ru_exp\Downloads\14082012

2013-11-07 23:48 - 2013-11-17 15:08 - 00000000 ____D C:\Users\ru_exp\Downloads\14072012

2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\SysWOW64\AdpeakProxy.ini

2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\system32\AdpeakProxy.ini

2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\SysWOW64\AdpeakProxyOff.ini

2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\system32\AdpeakProxyOff.ini

2013-11-06 01:06 - 2013-11-17 15:13 - 00000000 ____D C:\Users\ru_exp\Downloads\14062012

2013-11-05 01:03 - 2013-11-05 01:55 - 00000000 ____D C:\Users\ru_exp\Downloads\14052012

2013-11-03 22:30 - 2013-11-04 00:32 - 00000000 ____D C:\Users\ru_exp\Downloads\14042012

2013-11-01 22:44 - 2013-11-01 22:44 - 25511621 _____ C:\Users\ru_exp\Desktop\Key_Peele_Let_Me_Hit_That.mp4

2013-11-01 01:18 - 2013-11-01 15:49 - 00000000 ____D C:\Users\ru_exp\Downloads\14032012

2013-10-31 03:01 - 2013-10-31 03:01 - 00001198 _____ C:\Users\Public\Desktop\Battlefield 4.lnk

2013-10-31 03:01 - 2013-10-31 03:01 - 00001174 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk

2013-10-31 01:25 - 2013-10-31 08:03 - 00000000 ____D C:\Users\ru_exp\Downloads\14022012

==================== One Month Modified Files and Folders =======

2013-11-29 19:36 - 2011-03-16 22:27 - 01430766 _____ C:\Windows\WindowsUpdate.log

2013-11-29 19:35 - 2013-11-29 17:19 - 00000000 ____D C:\Users\ru_exp\Desktop\Spyware die

2013-11-29 19:35 - 2012-09-16 13:58 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1720336550-3316377053-1338465736-1000UA.job

2013-11-29 19:34 - 2013-11-29 19:34 - 00000000 ____D C:\FRST

2013-11-29 19:33 - 2013-11-16 15:51 - 00004278 _____ C:\Windows\setupact.log

2013-11-29 19:33 - 2011-12-30 15:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-11-29 19:33 - 2011-10-28 13:30 - 00000000 ____D C:\ProgramData\NVIDIA

2013-11-29 19:33 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-11-29 19:32 - 2013-11-23 02:18 - 00010532 _____ C:\Windows\PFRO.log

2013-11-29 19:30 - 2009-07-13 22:45 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-11-29 19:30 - 2009-07-13 22:45 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-11-29 19:29 - 2009-07-13 23:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI

2013-11-29 19:20 - 2013-11-29 19:09 - 00000000 ____D C:\AdwCleaner

2013-11-29 19:09 - 2013-11-29 13:43 - 00000000 ____D C:\Users\ru_exp\Downloads\14242012

2013-11-29 18:54 - 2011-12-30 15:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-11-29 17:35 - 2012-09-16 13:58 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1720336550-3316377053-1338465736-1000Core.job

2013-11-29 14:36 - 2013-08-18 12:28 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe

2013-11-29 13:59 - 2012-07-07 13:46 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0

2013-11-29 13:56 - 2013-08-18 21:33 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins

2013-11-29 13:55 - 2013-11-29 13:55 - 03821064 _____ C:\Users\ru_exp\Downloads\battlelog-web-plugins_2.3.2_130.exe

2013-11-29 13:44 - 2013-08-18 11:17 - 00000000 ____D C:\Program Files (x86)\Origin

2013-11-29 04:11 - 2013-11-17 15:01 - 00000000 ____D C:\Users\ru_exp\Documents\vbo53

2013-11-29 04:11 - 2012-07-01 05:17 - 00000000 ____D C:\Users\ru_exp\Downloads\05052012

2013-11-28 04:57 - 2013-11-28 00:26 - 00000000 ____D C:\Users\ru_exp\Downloads\14232012

2013-11-28 00:21 - 2011-03-17 22:51 - 00000000 ____D C:\Users\ru_exp\AppData\Roaming\TS3Client

2013-11-26 21:20 - 2011-03-18 09:39 - 00000000 ____D C:\Users\ru_exp\AppData\Local\CrashDumps

2013-11-26 20:43 - 2013-08-18 11:17 - 00000000 ____D C:\ProgramData\Origin

2013-11-26 18:30 - 2013-11-26 17:19 - 00000000 ____D C:\Users\ru_exp\Downloads\14222012

2013-11-26 18:18 - 2013-04-07 11:18 - 00000000 ____D C:\Users\ru_exp\AppData\Roaming\Free Download Manager

2013-11-26 17:58 - 2013-08-26 10:46 - 00000000 ____D C:\Users\ru_exp\Downloads\Gloryhole

2013-11-26 17:48 - 2013-02-06 08:26 - 00000000 ____D C:\Users\ru_exp\Downloads\tobys

2013-11-26 17:15 - 2013-11-26 17:14 - 00139264 _____ C:\Users\ru_exp\Downloads\SystemLook.exe

2013-11-26 17:07 - 2013-11-26 17:07 - 00000000 ____D C:\Program Files\Level Quality Watcher

2013-11-26 03:41 - 2013-11-26 02:27 - 00000000 ____D C:\Users\ru_exp\Downloads\14212012

2013-11-24 23:58 - 2013-11-24 23:39 - 170276230 _____ C:\Users\ru_exp\Desktop\480P_600K_14549801.mp4

2013-11-24 23:51 - 2013-11-24 23:31 - 00000000 ____D C:\Users\ru_exp\Downloads\14202012

2013-11-24 23:48 - 2013-11-24 23:38 - 86844387 _____ C:\Users\ru_exp\Desktop\480P_400K_14838501.mp4

2013-11-24 23:44 - 2013-11-24 23:41 - 24191678 _____ C:\Users\ru_exp\Desktop\480P_400k_16678991.mp4

2013-11-24 20:18 - 2011-03-16 15:59 - 00000000 ____D C:\Program Files (x86)\Steam

2013-11-24 19:46 - 2013-11-15 18:09 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver

2013-11-24 06:53 - 2013-11-24 01:04 - 00000000 ____D C:\Users\ru_exp\Downloads\14192012

2013-11-24 01:02 - 2013-11-23 13:59 - 00000000 ____D C:\Users\ru_exp\Downloads\14182012

2013-11-23 13:45 - 2013-11-23 13:45 - 01071224 _____ (Solid State Networks) C:\Users\ru_exp\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe

2013-11-23 03:35 - 2013-11-23 02:32 - 00000000 ____D C:\Users\ru_exp\Downloads\14172012

2013-11-22 05:16 - 2013-11-21 01:45 - 00000000 ____D C:\Users\ru_exp\Downloads\14162012

2013-11-21 02:11 - 2013-11-20 03:36 - 00000000 ____D C:\Users\ru_exp\Downloads\14152012