packman241
2013-02-07, 05:43
Good day, this virus has been taking up space which is located in the C drive. I did several virus scans, but nothing was found. Is there anyway I can locate this virus?
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
Run by Kenneth at 22:53:57 on 2013-02-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.969 [GMT -5:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Advanced SystemCare Ultimate *Disabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\IObit\Advanced SystemCare Ultimate\Suo10_SmartRAM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hide My IP\HideMyIpSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conime.exe
C:\Windows\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - c:\program files\coupon companion plugin\Coupon Companion Plugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - c:\program files\wajam\ie\priam_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare ultimate\browerprotect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare ultimate\Suo10_SmartRAM.exe" /m
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\windows\system32\HMIPCore.dll
TCP: Interfaces\{D6BAE132-5F16-467F-8ACB-A277EBD91AE6} : DHCPNameServer = 64.71.255.204 64.71.255.198
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kenneth\appdata\roaming\mozilla\firefox\profiles\5klgpfks.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - ExtSQL: 2012-12-27 21:23; http://forums.spybot.info/misc.php?do=email_dev&email=ZmlkZGxlcmhvb2tAZmlkZGxlcjIuY29t; c:\program files\fiddler2\FiddlerHook
FF - ExtSQL: 2012-12-31 20:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: 2013-01-04 22:05; http://forums.spybot.info/misc.php?do=email_dev&email=YWZ1cmxhZHZpc29yQGFuY2hvcmZyZWUuY29t; c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com
FF - ExtSQL: 2013-02-01 16:51; http://forums.spybot.info/misc.php?do=email_dev&email=YXNjc3VyZmluZ3Byb3RlY3Rpb25AaW9iaXQuY29t; c:\users\kenneth\appdata\roaming\mozilla\firefox\profiles\5klgpfks.default\extensions\ascsurfingprotection@iobit.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-2-6 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-2-6 199320]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2013-1-27 15672]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-2-6 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-2-6 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-2-6 361032]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2013-1-10 36040]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-2-6 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-2-6 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-2-6 44808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2013-1-10 533288]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2013-1-10 389928]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-1-10 37064]
RUnknown HideMyIpSRV;HideMyIpSRV; [x]
S1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2013-2-6 106560]
S2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-2-6 133912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;"c:\program files\logmein hamachi\hamachi-2.exe" -s --> c:\program files\logmein hamachi\hamachi-2.exe [?]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-23 398184]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-23 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\cyberghost vpn\CGVPNCliService.exe [2013-1-6 2438696]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-23 21104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-23 40776]
S3 WajamUpdater;WajamUpdater;c:\program files\wajam\updater\WajamUpdater.exe [2012-10-5 109064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-02-07 03:26:11 -------- d-----w- c:\program files\ESET
2013-02-07 02:17:01 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{759b644f-e610-467a-a882-48f8f381f93d}\mpengine.dll
2013-02-07 02:02:47 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-02-07 02:02:23 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-02-07 02:02:22 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-02-07 02:02:22 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-02-07 02:02:20 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-02-07 02:01:29 41224 ----a-w- c:\windows\avastSS.scr
2013-02-07 02:01:29 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-02-07 02:00:37 -------- d-----w- c:\programdata\AVAST Software
2013-02-07 02:00:37 -------- d-----w- c:\program files\AVAST Software
2013-02-07 00:24:43 -------- d-----w- c:\users\kenneth\appdata\local\Razer
2013-02-02 02:54:17 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2013-02-02 02:51:59 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-02-01 20:59:21 -------- d-----w- c:\programdata\Nexon
2013-02-01 19:19:40 -------- d-----w- c:\programdata\NexonEU
2013-01-31 03:17:43 -------- d-----w- c:\windows\system32\Hotspot Shield
2013-01-29 03:35:29 -------- d-----r- c:\program files\Skype
2013-01-29 03:10:03 -------- d-----w- c:\users\kenneth\Tracing
2013-01-29 03:08:18 -------- d-----w- c:\program files\Microsoft
2013-01-29 03:08:02 -------- d-----w- c:\program files\Windows Live SkyDrive
2013-01-29 03:04:32 -------- d-----w- c:\program files\common files\Windows Live
2013-01-27 19:35:19 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-01-27 19:34:39 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-01-27 19:16:34 -------- d-----w- c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-01-27 19:16:30 -------- d-----w- c:\programdata\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-01-27 19:16:29 -------- d-----w- c:\users\kenneth\appdata\roaming\IObit
2013-01-27 19:16:29 -------- d-----w- c:\programdata\IObit
2013-01-27 19:16:19 -------- d-----w- c:\program files\IObit
2013-01-27 18:21:10 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-26 22:31:01 -------- d-----w- c:\users\kenneth\appdata\roaming\.minecraft
2013-01-24 18:02:01 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-24 18:02:00 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-24 18:02:00 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-01-24 18:01:59 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-01-24 18:01:59 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-24 18:01:59 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-24 03:08:32 -------- d-----w- c:\program files\Windows Portable Devices
2013-01-23 22:33:07 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-23 22:33:07 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2013-01-23 22:33:07 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2013-01-23 22:16:22 5120 ----a-w- c:\windows\system32\wmi.dll
2013-01-23 22:16:22 157696 ----a-w- c:\windows\system32\imagehlp.dll
2013-01-23 22:16:22 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-01-23 22:00:34 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-23 21:48:46 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2013-01-23 21:47:23 -------- d-----w- c:\windows\pss
2013-01-23 21:42:43 -------- d-----w- c:\users\kenneth\appdata\roaming\Malwarebytes
2013-01-23 21:42:32 -------- d-----w- c:\programdata\Malwarebytes
2013-01-23 21:42:31 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-23 21:42:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-23 21:23:38 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-23 21:23:37 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-23 21:23:37 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-23 21:23:37 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-23 21:23:37 16896 ----a-w- c:\windows\system32\winusb.dll
2013-01-23 21:23:37 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-23 21:23:36 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-23 21:23:36 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-23 21:23:36 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-23 21:23:36 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-23 21:23:36 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-23 21:23:10 -------- d-----w- c:\program files\MSXML 4.0
2013-01-23 00:48:59 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-01-23 00:48:57 23552 ----a-w- c:\windows\system32\mciseq.dll
2013-01-23 00:48:57 189952 ----a-w- c:\windows\system32\winmm.dll
2013-01-23 00:48:56 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2013-01-23 00:48:38 623616 ----a-w- c:\windows\system32\localspl.dll
2013-01-23 00:48:22 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2013-01-23 00:48:22 1136640 ----a-w- c:\windows\system32\mfc42.dll
2013-01-23 00:48:19 1205064 ----a-w- c:\windows\system32\ntdll.dll
2013-01-23 00:46:38 1169408 ----a-w- c:\windows\system32\sdclt.exe
2013-01-23 00:45:59 797696 ----a-w- c:\windows\system32\FntCache.dll
2013-01-23 00:45:58 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-23 00:45:40 66560 ----a-w- c:\windows\system32\packager.dll
2013-01-23 00:45:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2013-01-23 00:45:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2013-01-23 00:44:14 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-23 00:44:08 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-01-23 00:44:03 1696256 ----a-w- c:\windows\system32\gameux.dll
2013-01-23 00:44:02 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2013-01-23 00:44:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2013-01-23 00:41:45 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-01-23 00:41:40 677888 ----a-w- c:\windows\system32\mstsc.exe
2013-01-23 00:41:40 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-01-23 00:41:32 707584 ----a-w- c:\program files\common files\system\wab32.dll
2013-01-23 00:40:41 531968 ----a-w- c:\windows\system32\comctl32.dll
2013-01-23 00:40:39 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-01-23 00:40:39 278528 ----a-w- c:\windows\system32\schannel.dll
2013-01-23 00:40:39 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-23 00:40:38 9728 ----a-w- c:\windows\system32\lsass.exe
2013-01-23 00:40:38 72704 ----a-w- c:\windows\system32\secur32.dll
2013-01-23 00:40:35 231424 ----a-w- c:\windows\system32\msshsq.dll
2013-01-23 00:40:28 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-23 00:40:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-23 00:18:17 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-01-23 00:17:32 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-23 00:13:17 613376 ----a-w- c:\windows\system32\rdpencom.dll
2013-01-22 23:55:02 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-01-22 23:54:11 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-01-22 23:53:55 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-01-22 23:53:55 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-21 00:12:50 -------- d-----w- C:\CFLog
2013-01-19 00:50:58 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2013-01-19 00:50:58 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2013-01-19 00:50:54 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2013-01-19 00:50:54 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2013-01-19 00:50:54 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2013-01-19 00:50:54 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2013-01-19 00:50:52 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2013-01-19 00:50:44 -------- d-----w- c:\program files\Microsoft XNA
2013-01-19 00:19:56 -------- d-----w- c:\users\kenneth\appdata\local\CrashRpt
2013-01-19 00:17:52 -------- d-----w- c:\users\kenneth\KAG
2013-01-18 23:20:05 -------- d-----w- c:\program files\Z8Games
2013-01-18 22:59:23 -------- d-----w- c:\program files\BP DOWNLOADER
2013-01-18 03:57:12 -------- d-----w- c:\program files\common files\HP
2013-01-18 03:57:09 -------- d-----w- c:\program files\common files\Hewlett-Packard
2013-01-18 03:56:53 -------- d-----w- c:\windows\hpoj4500g510g-m
2013-01-18 03:55:42 -------- d-----w- c:\program files\HP
2013-01-13 03:28:11 -------- d-----w- C:\Ace of Spades
2013-01-12 22:55:22 -------- d-----w- c:\users\kenneth\appdata\local\Apple Computer
2013-01-12 22:54:49 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-12 22:53:51 -------- d-----w- c:\program files\iPod
2013-01-12 22:53:46 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-12 22:53:46 -------- d-----w- c:\program files\iTunes
2013-01-12 22:52:22 -------- d-----w- c:\users\kenneth\appdata\local\Apple
2013-01-12 22:48:56 -------- d-----w- c:\program files\Bonjour
2013-01-10 19:41:34 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-01-10 19:27:44 36040 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
.
==================== Find3M ====================
.
2013-01-23 21:48:45 98816 ----a-w- c:\windows\system32\mfps.dll
2013-01-06 17:06:13 224016 --s---r- c:\windows\system32\TABCTL32.OCX
2013-01-06 17:06:13 1010720 --s---r- c:\windows\system32\MSCHRT20.OCX
2013-01-06 17:06:12 152848 --s---r- c:\windows\system32\COMDLG32.OCX
2013-01-05 20:34:57 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-05 20:34:57 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-29 21:50:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-29 21:50:22 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-26 22:30:25 3851784 ----a-w- c:\windows\system32\d3dx9_39.dll
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-11 17:12:08 342288 ----a-w- c:\windows\system32\HMIPCore.dll
2012-11-23 01:35:53 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 22:54:29.55 ===============
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
Run by Kenneth at 22:53:57 on 2013-02-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.969 [GMT -5:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Advanced SystemCare Ultimate *Disabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\IObit\Advanced SystemCare Ultimate\Suo10_SmartRAM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hide My IP\HideMyIpSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conime.exe
C:\Windows\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - c:\program files\coupon companion plugin\Coupon Companion Plugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - c:\program files\wajam\ie\priam_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare ultimate\browerprotect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare ultimate\Suo10_SmartRAM.exe" /m
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\windows\system32\HMIPCore.dll
TCP: Interfaces\{D6BAE132-5F16-467F-8ACB-A277EBD91AE6} : DHCPNameServer = 64.71.255.204 64.71.255.198
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kenneth\appdata\roaming\mozilla\firefox\profiles\5klgpfks.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - ExtSQL: 2012-12-27 21:23; http://forums.spybot.info/misc.php?do=email_dev&email=ZmlkZGxlcmhvb2tAZmlkZGxlcjIuY29t; c:\program files\fiddler2\FiddlerHook
FF - ExtSQL: 2012-12-31 20:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: 2013-01-04 22:05; http://forums.spybot.info/misc.php?do=email_dev&email=YWZ1cmxhZHZpc29yQGFuY2hvcmZyZWUuY29t; c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com
FF - ExtSQL: 2013-02-01 16:51; http://forums.spybot.info/misc.php?do=email_dev&email=YXNjc3VyZmluZ3Byb3RlY3Rpb25AaW9iaXQuY29t; c:\users\kenneth\appdata\roaming\mozilla\firefox\profiles\5klgpfks.default\extensions\ascsurfingprotection@iobit.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-2-6 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-2-6 199320]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2013-1-27 15672]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-2-6 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-2-6 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-2-6 361032]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2013-1-10 36040]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-2-6 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-2-6 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-2-6 44808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2013-1-10 533288]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2013-1-10 389928]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-1-10 37064]
RUnknown HideMyIpSRV;HideMyIpSRV; [x]
S1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2013-2-6 106560]
S2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-2-6 133912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;"c:\program files\logmein hamachi\hamachi-2.exe" -s --> c:\program files\logmein hamachi\hamachi-2.exe [?]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-23 398184]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-23 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\cyberghost vpn\CGVPNCliService.exe [2013-1-6 2438696]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-23 21104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-23 40776]
S3 WajamUpdater;WajamUpdater;c:\program files\wajam\updater\WajamUpdater.exe [2012-10-5 109064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-02-07 03:26:11 -------- d-----w- c:\program files\ESET
2013-02-07 02:17:01 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{759b644f-e610-467a-a882-48f8f381f93d}\mpengine.dll
2013-02-07 02:02:47 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-02-07 02:02:23 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-02-07 02:02:22 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-02-07 02:02:22 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-02-07 02:02:20 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-02-07 02:01:29 41224 ----a-w- c:\windows\avastSS.scr
2013-02-07 02:01:29 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-02-07 02:00:37 -------- d-----w- c:\programdata\AVAST Software
2013-02-07 02:00:37 -------- d-----w- c:\program files\AVAST Software
2013-02-07 00:24:43 -------- d-----w- c:\users\kenneth\appdata\local\Razer
2013-02-02 02:54:17 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2013-02-02 02:51:59 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-02-01 20:59:21 -------- d-----w- c:\programdata\Nexon
2013-02-01 19:19:40 -------- d-----w- c:\programdata\NexonEU
2013-01-31 03:17:43 -------- d-----w- c:\windows\system32\Hotspot Shield
2013-01-29 03:35:29 -------- d-----r- c:\program files\Skype
2013-01-29 03:10:03 -------- d-----w- c:\users\kenneth\Tracing
2013-01-29 03:08:18 -------- d-----w- c:\program files\Microsoft
2013-01-29 03:08:02 -------- d-----w- c:\program files\Windows Live SkyDrive
2013-01-29 03:04:32 -------- d-----w- c:\program files\common files\Windows Live
2013-01-27 19:35:19 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-01-27 19:34:39 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-01-27 19:16:34 -------- d-----w- c:\programdata\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-01-27 19:16:30 -------- d-----w- c:\programdata\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-01-27 19:16:29 -------- d-----w- c:\users\kenneth\appdata\roaming\IObit
2013-01-27 19:16:29 -------- d-----w- c:\programdata\IObit
2013-01-27 19:16:19 -------- d-----w- c:\program files\IObit
2013-01-27 18:21:10 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-26 22:31:01 -------- d-----w- c:\users\kenneth\appdata\roaming\.minecraft
2013-01-24 18:02:01 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-24 18:02:00 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-24 18:02:00 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-01-24 18:01:59 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-01-24 18:01:59 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-24 18:01:59 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-24 03:08:32 -------- d-----w- c:\program files\Windows Portable Devices
2013-01-23 22:33:07 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-23 22:33:07 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2013-01-23 22:33:07 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2013-01-23 22:16:22 5120 ----a-w- c:\windows\system32\wmi.dll
2013-01-23 22:16:22 157696 ----a-w- c:\windows\system32\imagehlp.dll
2013-01-23 22:16:22 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-01-23 22:00:34 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-23 21:48:46 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2013-01-23 21:47:23 -------- d-----w- c:\windows\pss
2013-01-23 21:42:43 -------- d-----w- c:\users\kenneth\appdata\roaming\Malwarebytes
2013-01-23 21:42:32 -------- d-----w- c:\programdata\Malwarebytes
2013-01-23 21:42:31 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-23 21:42:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-23 21:23:38 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-23 21:23:37 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-23 21:23:37 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-23 21:23:37 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-23 21:23:37 16896 ----a-w- c:\windows\system32\winusb.dll
2013-01-23 21:23:37 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-23 21:23:36 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-23 21:23:36 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-23 21:23:36 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-23 21:23:36 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-23 21:23:36 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-23 21:23:10 -------- d-----w- c:\program files\MSXML 4.0
2013-01-23 00:48:59 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-01-23 00:48:57 23552 ----a-w- c:\windows\system32\mciseq.dll
2013-01-23 00:48:57 189952 ----a-w- c:\windows\system32\winmm.dll
2013-01-23 00:48:56 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2013-01-23 00:48:38 623616 ----a-w- c:\windows\system32\localspl.dll
2013-01-23 00:48:22 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2013-01-23 00:48:22 1136640 ----a-w- c:\windows\system32\mfc42.dll
2013-01-23 00:48:19 1205064 ----a-w- c:\windows\system32\ntdll.dll
2013-01-23 00:46:38 1169408 ----a-w- c:\windows\system32\sdclt.exe
2013-01-23 00:45:59 797696 ----a-w- c:\windows\system32\FntCache.dll
2013-01-23 00:45:58 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-23 00:45:40 66560 ----a-w- c:\windows\system32\packager.dll
2013-01-23 00:45:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2013-01-23 00:45:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2013-01-23 00:44:14 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-23 00:44:08 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-01-23 00:44:03 1696256 ----a-w- c:\windows\system32\gameux.dll
2013-01-23 00:44:02 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2013-01-23 00:44:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2013-01-23 00:41:45 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-01-23 00:41:40 677888 ----a-w- c:\windows\system32\mstsc.exe
2013-01-23 00:41:40 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-01-23 00:41:32 707584 ----a-w- c:\program files\common files\system\wab32.dll
2013-01-23 00:40:41 531968 ----a-w- c:\windows\system32\comctl32.dll
2013-01-23 00:40:39 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-01-23 00:40:39 278528 ----a-w- c:\windows\system32\schannel.dll
2013-01-23 00:40:39 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-23 00:40:38 9728 ----a-w- c:\windows\system32\lsass.exe
2013-01-23 00:40:38 72704 ----a-w- c:\windows\system32\secur32.dll
2013-01-23 00:40:35 231424 ----a-w- c:\windows\system32\msshsq.dll
2013-01-23 00:40:28 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-23 00:40:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-23 00:18:17 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-01-23 00:17:32 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-23 00:13:17 613376 ----a-w- c:\windows\system32\rdpencom.dll
2013-01-22 23:55:02 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-01-22 23:54:11 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-01-22 23:53:55 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-01-22 23:53:55 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-21 00:12:50 -------- d-----w- C:\CFLog
2013-01-19 00:50:58 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2013-01-19 00:50:58 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2013-01-19 00:50:54 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2013-01-19 00:50:54 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2013-01-19 00:50:54 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2013-01-19 00:50:54 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2013-01-19 00:50:52 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2013-01-19 00:50:44 -------- d-----w- c:\program files\Microsoft XNA
2013-01-19 00:19:56 -------- d-----w- c:\users\kenneth\appdata\local\CrashRpt
2013-01-19 00:17:52 -------- d-----w- c:\users\kenneth\KAG
2013-01-18 23:20:05 -------- d-----w- c:\program files\Z8Games
2013-01-18 22:59:23 -------- d-----w- c:\program files\BP DOWNLOADER
2013-01-18 03:57:12 -------- d-----w- c:\program files\common files\HP
2013-01-18 03:57:09 -------- d-----w- c:\program files\common files\Hewlett-Packard
2013-01-18 03:56:53 -------- d-----w- c:\windows\hpoj4500g510g-m
2013-01-18 03:55:42 -------- d-----w- c:\program files\HP
2013-01-13 03:28:11 -------- d-----w- C:\Ace of Spades
2013-01-12 22:55:22 -------- d-----w- c:\users\kenneth\appdata\local\Apple Computer
2013-01-12 22:54:49 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-12 22:53:51 -------- d-----w- c:\program files\iPod
2013-01-12 22:53:46 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-12 22:53:46 -------- d-----w- c:\program files\iTunes
2013-01-12 22:52:22 -------- d-----w- c:\users\kenneth\appdata\local\Apple
2013-01-12 22:48:56 -------- d-----w- c:\program files\Bonjour
2013-01-10 19:41:34 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-01-10 19:27:44 36040 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
.
==================== Find3M ====================
.
2013-01-23 21:48:45 98816 ----a-w- c:\windows\system32\mfps.dll
2013-01-06 17:06:13 224016 --s---r- c:\windows\system32\TABCTL32.OCX
2013-01-06 17:06:13 1010720 --s---r- c:\windows\system32\MSCHRT20.OCX
2013-01-06 17:06:12 152848 --s---r- c:\windows\system32\COMDLG32.OCX
2013-01-05 20:34:57 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-05 20:34:57 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-29 21:50:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-29 21:50:22 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-26 22:30:25 3851784 ----a-w- c:\windows\system32\d3dx9_39.dll
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-11 17:12:08 342288 ----a-w- c:\windows\system32\HMIPCore.dll
2012-11-23 01:35:53 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 22:54:29.55 ===============